Last year, the Barack Obama administration issued PPD-41, “Cyber Incident Protection,” setting forth cyber security incident roles and missions for federal agencies but with no explicit reference to the Department of Defense (DoD). By contrast, the DoD Cyber Strategy provides that DoD will be prepared to “defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence.” Certainly, in a conflict where an adversary will utilize cyber as part of an overall military attack, the DoD will necessarily play a major operational role. This paper discusses what that role should entail.
In Cyber and Deterrence: The Military-Civil Nexus in High-End Conflict, authors Franklin D. Kramer, Robert J. Butler, and Catherine Lotrionte analyze cyber’s role in deterrence and defense—and specifically the military-civil nexus and the relationship between the DoD, the civil agencies, and the key private operational cyber entities, in particular the Internet Service Providers (ISPs) and electric grid operators.
The focus of the paper is on high-end conflict including actions by an advanced cyber adversary, whether state or nonstate, and not on the “day-to-day” intrusions and attacks as regularly occur and are generally dealt with by governmental agencies and the private sector without military involvement. High-end conflict can be expected to include attacks within the United States homeland as well as in forward theaters.