 The fourth annual future warfighting symposium responds to the 2018 National Defense Strategy and its focus on great power competition and the changing character of war. Future warfighting symposium advances the service chief's goals of greater attention to cyber, to space operations, and to emerging technologies. In the naval services, this has been expressed as the CNO's frago to the design for maintaining maritime superiority and to the commandant of the Marine Corps' future design 2030. And these efforts are consistent with the Chairman of the Joint Chiefs of Staff's special areas of emphasis for joint professional military education. Today it's my pleasure to welcome my colleague and the Director of the Cyber and Innovation Policy Institute at the Naval War College, Dr. Frank Smith. Dr. Smith is the Director of SIPI and part of the Strategic and Operational Research Department in the Center for Naval Warfare Studies at the Naval War College. Frank was previously a senior lecturer in the Department of Government and International Relations at the University of Sydney. His interdisciplinary research examines the relationship between emerging technologies and national security, particularly in cyberspace. He has a PhD in political science and a BS in biological chemistry, both from the University of Chicago. It's a pleasure to welcome my colleague, Dr. Smith. Thank you, Captain Ahara. As just said, my name is Frank Smith and I direct the Cyber and Innovation Policy Institute. SIPI is the premier hub for cyber operations and strategy research at the Naval War College. We're really a resource for students and faculty across the college and we're honored to participate in this year's future warfighting symposium. It is therefore my sincere pleasure to introduce you to Dr. Emily Goldman. Dr. Goldman is a Cyber Strategy Specialist at U.S. Cyber Command. She also served as the Cyber Advisor on the Policy Planning Staff at the State Department from 2018 to 2019. Previously, Dr. Goldman directed the Combined Action Group for U.S. Cyber Command and the National Security Agency, where she led a team that wrote the 2018 Cyber Command Vision to achieve and maintain cyberspace superiority. Her other government positions have included deputy director for interagency coordination at U.S. Central Command, strategic communications advisor on counterterrorism at the State Department, and associate director for public diplomacy at the Department of Defense. Dr. Goldman received her PhD from Stanford University and she was an associate professor in political science at the University of California at Davis. She has published important work on Cyber Strategy, including her co-authored book on Cyber Analogies, which provides critical insight into how we should think about cyber conflict. In addition, Dr. Goldman has also written on arms control, innovation, organizational change, and revolutions in military affairs. Her work has been recognized through awards and fellowships from the MacArthur, Olin, Pew, and Smith Research and Foundations, as well as the U.S. Institutes for Peace, the Woodrow Wilson Center, and of course the Naval War College. Dr. Goldman, we couldn't be happier to have you back at the Naval War College, even in this virtual format. I'll hand the microphone over to you now and welcome to the future warfighting symposium. Thank you very much. It's really a delight to be here and to be able to virtually participate in this forum. Let me start by making a disclaimer that my presentation today represents my views, and it's not the official views of the U.S. government. When I do speak about official views, I will make that clear in the talk. So I want to thank the Naval War College. I mean, it's a terrific institution. I spent a year there. It was one of the best years that I ever had. I'm really excited to be able to come back and to continue the conversation about U.S. cyber strategy and policy. What I want to do in the next 30 to 40 minutes is talk about some of the important changes that occurred in U.S. cyber strategy and the factors that led to those changes and then the challenges that we continue to face. I'd like to start by reflecting a little bit on the year 2018, and I really think 2018 is a pivotal year and when future historians write the history of cyber space strategy, they're going to look back at 2018 as a critical year. That was the year when U.S. political leaders, operational commanders, military strategists, and scholars converged on a new consensus about the nature of cyber space conflict and competition. I think it marked a dramatic shift in the U.S. approach to confronting national security threats that were emanating from cyberspace and also a new approach for utilizing cyber as a tool of national power. The preceding decade saw a substantial rise in the number of a level of sophistication, the destructive nature, of state-sponsored cyberspace operations. We can go back and reflect upon the breach at the Office of Personnel Management, which I'm sure many of us are still feeling the impact of, Sony Pictures, Wanna Cry, Petia, and Not Petia. I think there was a sense that the cybersecurity posture of the U.S. was failing. In 2018, we saw some major changes. In May of that year, U.S. Cyber Command published its vision to achieve and maintain cyberspace superiority. That document introduced the concepts of defend-forward and persistent engagement. In September of 2018, the DOD published its new cyber strategy. It drew on the lessons that U.S. Cyber Command had learned from its operations against ISIS beginning in 2016. It built upon the 2017 National Security Strategy with its emphasis on great power competition and the mandate to disrupt malicious cyber actors before they impacted U.S. interests. That strategy recognized the need to take action in cyberspace day to day. And that defense strategy, that cyber defense strategy adopted the concept of defend-forward, meaning to disrupt or halt malicious cyber activity at its source, including activity that lies below the level of arm conflict. These were kind of major changes in U.S. posture. And those concepts were put to the test as part of the U.S. government's efforts to protect the 2018 midterm elections from Russian interference and influence. Now in June of that year, the new director of the National Security Agency and the new commander of U.S. Cyber Command, General Paul Nakasoni, had launched an initiative called the Russia Small Group. And what the Russia Small Group was was part of a whole-of-government effort to defend the integrity of the 2018 elections. This effort involved a range of groundbreaking operations, including discrete offensive cyber operations to disrupt Russia's active use of cyber capabilities to undermine the elections. For the first time, defensive cyber teams were sent abroad with host country permission to hunt for adversary activity on foreign networks. By going to where the adversary was currently operating, those teams were able to discover new activity, alert our partners who were able to secure their networks, and then share that information with industry to develop countermeasures more broadly. So this effort is part of the whole-of-government U.S. effort to defend the elections, received broad praise from both sides of the aisle. So those were really a significant effort. It wouldn't have been possible, I would argue, without several key developments. These developments enabled DOD to successfully disrupt influence and interference efforts. The first development, as I mentioned, was the DOD cyber strategy with its concept of defend forward. The second one was U.S. cyber commands operational approach of persistent engagement as the way that it implements and executes defend forward. The third development were cyber-specific statutory permissions in the FY19 National Defense Authorization Act, which clarified that the status of military cyber operations were to be treated as traditional military activities exempt from the covert action approval and oversight procedures. And the last one was a series of a new presidential policy delegating more authority to DOD for cyberspace operations. So there was a huge amount of effort, operational experience, and a lot of this, as I said, all came together in 2018. What I want to do now is I want to go back and talk about the developments that made that possible, and how do we understand what led to that convergence, that consensus, and also, at the same time, a sense that U.S. cyberspace policy and strategy was not properly aligned to the reality of cyberspace. By 2018, I would argue that alignment was far improved. So let me go back and discuss some of the key elements that led to that improved alignment. The first one, which has already been mentioned, was the reframing of the global strategic context around great power competition. 2017 national security strategy calls out the contest for power as the central continuity in history and called out China and Russia as active U.S. competitors. The 2018 national defense strategy picks up on that and argues that strategic competition, not terrorism, is now the primary concern for U.S. national security. So for the first time, the U.S. had faced, obviously, great power competition in the past, but now we face a geostrategic economic competitor. During the Cold War, the Soviet Union was a formidable geostrategic and military foe, but not an economic one. China represents something quite different. So what this reframing in the context of great power competition did was reprioritize where the U.S. should be focusing its effort, its planning, its operations, et cetera, China and Russia. So that was the first piece in the puzzle. The second one, I think, is the recognition that we needed to focus on the level below armed conflict. Historically, if you go back and look at great power competition, it often involves territorially focused, overt, violent, armed attack or physical invasion. What we're seeing is that authoritarian countries today can leverage a wide array of tools that erode our national sources of power without resort to kinetic force. They can do it remotely. They can do it directly. And it doesn't have to be kinetically. And we're all familiar with examples of this. Intellectual property theft at scale and the theft of research and development erodes economic competitiveness, the economic sources of power. Military capabilities are vulnerable to supply chain manipulation. Disinformation campaigns are weakening domestic political cohesion, undermining confidence in democratic institutions. So this is great power competition indeed, but I would argue of a different sort, because it's focused on degrading those national sources of power remotely and directly. And our adversaries are learning about this and adapting day to day. They've experimented and they recognize that they can make strategic gains by engaging in campaigns short of armed conflict. And I would argue they have an incentive to deliberately stay below that level of armed conflict, because if they violate it, if they cross armed attack thresholds, that opens them up to kinetic responses and self-defense. And it's less predictable. It's riskier. It's more costly. So there really is a strategic motivation to stay below that threshold of armed conflict. So I think the key takeaway from this point I'm making is that competition below the threshold of armed conflict has become, I would argue, as strategically consequential as war and armed conflict. And that recognition, I think, is much more widely accepted. And we see this reference to the below the level of armed conflict or below the use of force threshold in many public documents. A third element that came together and that really helped shape this shift was the fact that cyberspace had become a key arena in this great power competition. I would argue that China and Russia are both engaged in what I would call strategic cyber behavior. And by that, what I mean is they have as a deliberate goal to alter the distribution of power relative to the United States and to do that in through and from cyberspace as one of their key tools. I think we can see China as a geostrategic economic competitor who strives to control all aspects of the information environment, to supplant U.S. superiority among other things through IP theft at scale and forced tech transfer. Russia, I would characterize more as a geostrategic agitator, employing disinformation campaigns to delegitimize domestic institutions, to foment discord within American society and to undermine alliance cohesion. So their approaches differ from one another, but what they share is a recognition that cyberspace is a new scene in great power competition. It's a way to globally influence the distribution of power and to do so remotely and as I've said non-kinetically. Why is this the case? I think that in many ways there are characteristics of the nature of the cyberspace operating environment, which make it unusually exploitable for those sorts of purposes. First of all, cyberspace is globally interconnected and contact is constant. We all live on each networks every day. It's not difficult to reach out and to touch other people, other institutions, governments, academic institutions, industries, and to touch those sources of power directly, and that makes cyberspace a very active space. It's a place where adversaries are constantly interacting and engaging. Other characteristics of cyberspace include the difficulty of attribution. So it's easy, and attribution is certainly improving, but while technical attribution may be easier to make, political attribution, which is identifying what political actors are actually involved in what their intent is, is something that is more difficult to do. Cyberspace also is contested terrain. There are really no clear boundaries like we have in physical space, and there are no greed upon notions of sovereignty, and so that makes it a much more fluid operational space. Finally, there's no sanctuary or operational pause, okay? We are continuous action. We are engaging adversaries every day in cyberspace. The last point that it's important to recognize about cyberspace, and I think in many ways, most critically, is that gains are cumulative, okay? Each intrusion, each hack, technical action may not be strategically consequential on its own, but it's the total cumulative gains that are tantamount to what past generations may have required warfare to achieve. So I think if we take these three elements together that I've talked about, the framing of great power competition, the recognition of activity below the armed forces threshold, and the unique qualities of the cyber domain, and the problem that we bring these together, what that leads us to is a situation of strategic cyber competition. That is the problem that we face, okay? Great power competition in and through cyberspace that is creating strategic effects cumulatively through nonviolent campaigns below the threshold of armed conflict. And I think what we then realized was that our strategy and our policy was not postured and not aligned to this world of strategic cyber competition, okay? And that led to a reassessment of strategy and policy, and what I'll argue is that by 2018, that alignment had greatly improved. One of the key elements recognizing that problem that we understood that there was this misalignment was a recognition that the strategy that we had been executing deterrence was failing in cyberspace. Up until 2018, the U.S. applied a deterrent strategy in cyberspace, and there's really a tremendous amount of work in the academic world and debate that's gone on looking at the origins of that and how that may need to evolve in order to align more adequately to what we're facing today. Going all the way back to 2004, the national military strategy called for a comprehensive concept of deterrence applied to all actors and all capabilities, including cyberspace networks and information-enabled systems. The 2011 international strategy for cyberspace called for credible response options to deter. So what that basically was, what that basically meant was that our posture was based on the threat of prospective action and episodic response when a declared threshold had been crossed, essentially a passive weight receipt respond react approach. This was picked up in the 2015 DOD cyber strategy, which called on the U.S. to exhaust all law enforcement and all network defense activities before engaging in any cyberspace operation. And moreover, those operations would be conducted under a doctrine of restraint. It was a strategy of deterrence against U.S. against any cyber attacks against U.S. national interests, but it was tightly constrained in how those would be authorized and then how those would be executed. What's noticeable in this perspective is that policymakers didn't really ask, how do we increase security in cyberspace? Rather, they said, how do we deter in cyberspace? And so they assumed that many of the key features of the physical domains that support legitimately a deterrence strategy were also present in the virtual domain. And there are a lot of reasons why there was this taken for grantedness approach to deterrence in cyberspace. One explanation is that we thought of cyberspace like we thought of nuclear space in the sense that any cyber attack was going to be catastrophic and it was going to have this consequential impact and therefore we had to apply the same strategic approaches which constrained nuclear behavior into cyberspace. So that is one explanation, but for a whole variety of reasons, cyber activity really was viewed through the lens of war and the lens of armed conflict. 2013 was a strategic inflection point. What we saw was far more capable adversaries operating at scale against not only government networks and military networks, but corporate networks against individuals as well. Below the threshold of armed conflict, they were increasing in frequency, in scope, in scale. So it was an issue of quantity, but also of quality. The types of attacks and intrusions that we were seeing began to look different. Prior to 2012, the major concerns were with espionage, but then we saw in 2012 and 2013 the disruptive attacks against the U.S. financial infrastructure conducted by the Iranians. In 2014, we saw a data deletion attack against an American casino and the North Korean destructive attacks against Sony Pictures. And then of course, Russian attempts to disrupt our democratic institutions in the 2016 election, these corrosive attacks. So we saw sort of a move from exploitation and espionage to disruption and then to corrosion. And so this really represented, I think, a crisis for U.S. strategy. And there was a recognition that U.S. self restraint was allowing most of this activity to go unchallenged. And rather than preventing or stopping those attacks, it actually was emboldening our adversaries. Moreover, by relying on the threat to impose consequences after the fact, it meant that we were absorbing the attacks and we were ceding initiative to our adversaries. There were some in 2014 that really felt that the Sony hack would be a turning point that the power of a state focused on its destructive capability on a private company would be enough to cause the U.S. to reassess. But that in fact did not occur. So by 2016, frustration was pervasive and especially in Congress. But there were no alternatives to deterrence. There really wasn't an alternative strategy there or approach that had been articulated. So people just called for more cyber deterrence. Now I want to be very precise here because the concern was not that deterrence was not working at all. But it was not stopping the growing number of attacks below the level of armed conflict. And these below the level attacks cumulatively over time were producing strategic gains for our adversaries. We hadn't experienced a Pearl Harbor or Cyber Pearl Harbor. So it seemed that states were abiding by conventions that were codified in UN articles that speak to the right to use force and self-defense in the event of an armed attack. So there was a sense that we were deterring some attacks. Those that caused death and destruction. But not those that fall below that level. And therefore our adversaries were deliberately acting below that threshold so they could reap the gains of their cyber behavior and minimize their risk. So what this meant was that the measures in place to deter significant cyber incidents or catastrophic attacks or what had been referred to as armed attack equivalence must be continued but pursued in tandem with steady sustained active operations that persistently contested and frustrated and pushed back on adversaries short of armed conflict. So that was the recognition that deterrence had a place but it was failing in the area where our adversaries were most active. Finally adding on to this there were some I think you know adding on to the momentum for the shift was the fact that other assumptions that we had held came under increasing scrutiny. For example the 1990 era's predictions that the internet was going to be a huge force for global social good and economic liberation. Certainly those forces were out there but at the same time criminals and states were exploiting cyberspace for malign purposes. So those unadulterated views of the positive impact of the internet came under assault. Another one which was related to the shift in strategy was this focus on catastrophic cyber attacks. And as I said several times cyberspace gains are cumulative. Okay so therefore it's not enough to focus on catastrophic attacks or significant incidents when there are these ongoing campaigns that will never breach that level and therefore will never elicit a deterrent response. There is still a focus by many on catastrophic attacks and it's important to be able to think about those but not at the expense of not looking at acts that are you know not a significant incident or not a catastrophic attack. Finally people began to question the the assumptions that military operations and cyberspace were escalatory. They were dangerous and that they were bad for norm setting. Many still hold this view but these came under increased scrutiny and analysis and the reality has been quite different from those assumptions. Most of the adversary activity does not rise to the level of armed conflict. We don't see the escalation. Even one think tank which has looked at about 400 publicly known state sponsored incidents since 2005 remarks and analyzes that none of those rise to the level of an armed attack equivalent or a significant cyber incident. So there is this recognition that what I would argue you know there's been restraint above that armed conflict threshold but that has been accompanied by routinization below it. Okay and that is you know that recognition was pivotal to our US policymakers defense analysts recalibrating their approach to this domain. And the last piece of the puzzle of course was building on operational experience. So in 2016 US cyber command began to launch its first global cyber operation against ISIS and what that gave the command and what that gave DOD was confidence that their tactics that their organization and that their capabilities you know were working and it gave us a feeling for how a campaign might be won in cyberspace by seizing the operational initiative by not being restrained but by seizing that initiative. So I kind of walked through a whole variety of developments that I think really led up to some dramatic changes that all came together and came to fruition by by 2018. Culminating in this shift what I want to pivot now to is given that this is a war fighter symposium to talk a little bit about what this means for the warfighter sort of to take it down more into the the operational level from the commands from cyber commands perspective and what this means for those of you who will be working and commanding in this space either in supporting us cyber command or being supported by us a cyber command in its operations whether it's supporting or supported it's important to bring it down to that that perspective. So just by way of background on this when the command stood up in 2010 it was given three missions okay remember this is 2010 defending DOD information networks defending the DOD key no-fail mission because if you don't defend your networks then you cannot support support the joint warfight our forces cannot operate if they don't have secure comms and secure networks to operate from. Second mission was supporting combatant commanders which is the foundational warfighting mission of DOD phase two plus if we're still talking about phases and the third mission was defending the nation in cyberspace which was a very very distant third so when the command stood up it focused on DOD and defense counterterrorism operations planning to support conventional forces in crisis and maintaining the capacity to respond to an attack of significant consequence through cyberspace against our critical infrastructure that's why General Nakasone has referred to in his joint forces quarterly article in 2019 the response force concept that the cyber force was in many ways a response force. April 2011 with the I mean in the air of spring which began in 2011 was a turning point because what it showed was that the internet could facilitate uprisings and coups that could then pose existential threats and topple authoritarian regimes so what these countries did these authoritarian regimes was they reacted by increasing surveillance repression and social manipulation on their populations at home they honed those techniques and they soon realized they could turn those techniques outward on their adversaries in the international system and hence you have this uptick of activity in 2012 and 2013 so the original vision for the cyber forces is a response force in a sense holding our forces in reserve for war or responding to an attack afterwards proved no match to the behavior that we were seeing and I think it makes you know sense to argue that it really committed the ultimate military the ultimate mistake in military operations which is to hold your forces in reserve past the point of strategic decision okay this recognition led the command to do an analysis and essentially what resulted and produced its command vision to achieve and maintain cyberspace superiority and operating and honing the concept of persistent engagement as the operational approach that would support DOD both in its competition activities below the threshold of armed conflict and in its warfighting mission as well it could help enable that person and I know that there's often been some kind of confusion over the meanings of these terms and I think the command and general machisoni in particular have been very clear about defining what they mean persistent engagement is the continuous execution of the full spectrum of cyberspace operations to achieve and maintain cyberspace superiority to build resilience at home to defend forward and to contest adversary campaigns and objectives um superiority is a carefully chosen word because it recognizes that this is something that is constantly shifting in cyberspace and one must constantly be on the initiative in order to retain that initiative it is not something that can be preserved and attained and preserved once and for all because the terrain shifts our adversaries are adaptable and we there are always new ways and creative ways to exploit vulnerabilities in cyberspace the emphasis on persistence acknowledges that we're not going to degrade our adversaries with a single strike but they will not retreat when they first faced friction the emphasis on engagement recognizes that we must challenge our adversaries today okay so that's the essence of persistent engagement it involves both enabling and acting enabling meaning working with and supporting our interagency our international our private sector partners by sharing threat indicators giving them warning and insight that will help them better defend help them develop mitigations help them change the terrain of networks to inoculate them from attack and to better test and um design our weapon systems so there's a huge piece of this that is really defensive it is enabling and then cyber command also can act when authorized for a range of missions both defensive and offensive defensive actions include those that are outside military networks for example invitations by partner nations to have the command and its cyber protection forces hunt on their networks to look for adversary activity to expose it to blunt it and also activity that is more offensive looking at contesting and disrupting adversary activity before it reaches our networks so that's sort of the essence of persistent engagement and those ideas permeated throughout dod and it appears in the national military strategy the dod cyber strategy and the classified cyber posture review it's interesting that the dod cyber strategy of 2018 places deter and compete on parallel footing recognizing that we need to compete in the day-to-day competition as well as deter those significant cyber incidents I would just wrap this up by saying that the language we use to talk about what is going on in cyberspace really reflects the mindset that we have and our understanding of that reality and the lexicon is evolving and I think it's evolving very much to reflect the logic of persistent engagement and defend forward so we hear our leaders talking about campaigns rather than incidents intrusions and hacks they're talking about interaction and that doesn't mean escalation they're talking about seizing targets of opportunity in the day-to-day competition rather than holding targets at risk for a deterrent response you hear them talking about initiative rather than restraint and response and that activity is continuous not episodic so I think that this shows that the the pivot and the shift is more than simply a policy document I think it's really permeating down into the mindset of those who are operating in and through cyberspace to defend our nation and support the rest of the government and the private sector and our partners as we do this great progress challenges remain okay now the first thing I would just make in wrapping up to talk about some of these challenges is that our adversaries we always have to remain bare in mind that they face a lot of challenges too okay in many cases they're brittle authoritarian regimes that have to spend a tremendous amount of resources and effort on internal political control but nonetheless they have some advantages over us that we need to we need to be able to address in the context of our own laws and our own policies and our own processes and our own organizational structure so to sort of just take these off so that you can begin to think about them we're inclined towards segmentation across authorities across organizations across the sources of national power our adversaries operate much more fluidly and they exploit the disjointed responses that we have between law enforcement defense homeland security etc so that segmentation that is a hallmark of our of our structures puts a tremendous burden on processes of coordination and deconfliction and collaboration that our adversaries don't face we have legal boundaries between public and private between what is foreign and what is domestic that is who we are and those represent our values we just have to recognize that our adversaries do not operate under those same constraints and we also tend to slip into this view of you know this intellectual binary tradeoff between peace and war we are either at peace or we're at war our adversaries view it all as a struggle and they move across those you know across that whole spectrum of conflict far more fluidly and with greater agility than we do so you know recognizing that what that means is that although we've made great progress we still have further to go we need to focus on how to improve speed and agility we need to make our partnerships operational so that we're working together particularly with the private sector in order to become more anticipatory and more secure and resilient in cyberspace talent is a key issue people are really the most important factor and we need to find ways that talent can move from the public and private sector far more seamlessly so we can leverage many of those who've worked in government and have gone into the private sector and I want to come back and work in government and make that that easier and and last of all I think from the perspective of the students in the audience it's important that you know our current and future commanders our current and future military leaders adopt an operational mindset towards cyber what what does that mean that means cyber needs to be integrated in planning and operations up front it cannot be an afterthought okay we used to talk about the digital economy we don't do that anymore we talk about the economy because the entire economy is digital we shouldn't be talking about cyber war because it's basically war and cyber is now infused um throughout that entire space it's important to understand what is unique about cyber okay that that the terrain is malleable it's continually constructed it is continually changing there is no um there is no sovereignty in cyberspace in terms of clear unambiguous boundaries that everyone in the international system recognizes there are there are different views toward this there but there are no agreed upon views um about what is a threshold um below the below armed conflict um so there are things that are unique but there are things that are very similar to the physical domains so in cyberspace just like in the physical space we do reconnaissance we do operational preparation of the environment we target we maneuver okay so there has to be an understanding of what's similar but it's not entirely unique in many of the tools that we have to think about military operations apply in the cyber domain um and our commanders and um leaders need to shift from an it mindset which essentially is my it professionals my it administrators are going to take care of the networks to an operational mindset which is that cyber is commander's business commanders need to understand their networks they need to understand the terrain they need to understand how to maneuver in that um in conjunction with what's happening in the physical domains it doesn't mean that you have to understand the technical specifics but you need to understand enough to ask the right questions to make sure um that you are leveraging those capabilities and that you're securing um your forces and above all I think we um as um uh part of this broader cyber enterprise um need to work together um across with our partners public and private across the whole of government to get the strategic environment correct if there's one thing that I hope you'll take away and maybe think about this um as you launch your year at the war college it is that strategic frameworks have to align to the realities of the strategic environment you cannot impose a strategy on a strategic environment you need to derive your strategy from it um just as we did not import successful strategies that brought victory in the second world war to the nuclear era we can't import legacy thinking from victory in the cold war to a geo economic strategic competition in this cyber era so with that I will um end my remarks and um I wish you all the best in your in your year at the war college thank you for your presentation Dr. Goldman I think it's fair to say you provide one of the clearest and most comprehensive explanations of U.S. cyber strategy that I've encountered I think the notion of cumulative strategic gains in cyberspace for instance um is really quite profound and your comments offer valuable insights not only for our students but I think scholars and policymakers alike I'd like to take this opportunity now to ask you a few questions and dig deeper into the concepts and policies highlighted in your presentation first let me start with concepts and ask you what's in a name specifically what distinguishes the notion of defend forward which featured in your presentation from hunt forward which seems to appear in some of the emerging lexicon at cyber commands what do what do those two terms mean yeah so that's a that's a great question um and um you know part of the background on why some of these concepts were um a little I think have been confusing although um the general mcsoni has been crystal clear in what they mean and I think he's done a tremendous job in really explaining that was that they emerged out of um you know they were first sort of introduced in the cyber command vision and then dod adopted um different adopted defend forward is its strategy it's important to realize that what emerged out of the cyber command vision and the dod strategy although the terminology may have been a little bit different early on the um frameworks are perfectly aligned um and defend forward is do is the dod strategy that says we're going to operate outside of dod networks to halt um or disrupt malicious cyber activity as close to the source as is practicable um persistent engagement you didn't ask specifically about that but just to clarify that relationship is the operational construct that cyber command uses to implement defend forward okay so um you know one is the strategy the dod strategy the other is the command's operational construct hunt forward refers to consensual network defense operations um so that's you know at the request of a host country that to have us cyber command forces come and um hunt on their networks um looking for adversary activity looking for malicious activity hunt forward operations are conducted underneath persistent engagement it is one way that us cyber command operationalizes persistent engagement um and um it's interesting because i think that you know the value of those were revealed um in the um in the efforts to protect um and defend the 2018 midterm elections so they really weren't things that were um anticipated per se and then you know part of you know part of the results of those um insights were then taken and uploaded to virus websites publicly that allowed um malware companies to develop mitigations very quickly those were also things that were not really anticipated but those were opportunities that revealed themselves so i think as we continue to act and operate in this space we'll continue to adapt and evolve and develop um but you know your your point is a very good one and just to be clear the hunt forward operations um are a subset of the types of activities that we can we can execute under persistent engagement in support of the DoD strategy of the hunt forward thank you for that that um is helpful and it's uh correct me if i'm wrong but you describe hunt forward as consensual dispensative activity so in some sense is despite the potentially offensive connotations of the term hunt um you're framing it really in terms of uh defensive engagement is that fair to say yeah yeah i mean we hunt on i mean you know the idea of sort of hunting on your own networks and doing hackathons and you know it's trying to find um vulnerabilities um and finding bad actors is a is a defensive way because we're and um it's also important just to bear in mind is that these are um these are activities that are that are tied to and um tied to an operational requirement um so they they must be it's not that it would be any country in the world it has to really be one that ties directly to DoD priorities and operational requirement and it is not the same as security cooperation okay that's a different bucket of activities um different money that pays for those um and also different levels of you know different types of oversight so it's it's really important to be clear that that the hunt operations are not the same as many of the capacity building efforts that security cooperation does on a regular basis fair enough given these strategic and operational innovations that you've described uh i think it's fair to say there's now growing interest in metrics or ways to measure the performance of persistent engagement at the operational level or defend for it at the strategic level as you described how does cyber command no success or failure when it sees it and track its performance over time yeah so um so every operation has measures of effectiveness that are defined pre-operation um obviously those are classified um but they're part of the planning process and it's they're taken very seriously um afterwards um in terms of assessing the the effects or the outcomes of that of that post operation um a different question so you know that's sort of how do we assess the operations i think a bigger question is how do you assess the effectiveness of the strategy um and um you know this this is still early right and um if you um there's been a the um just recently departed cyber man cyber command chief of staff i think had really an excellent discussion of this um and he pointed out that that it's really about whether or not we're enabling the collective defense of the nation to what extent are these activities enabling that collective defense and so um you know that can be enabling others okay to the extent that cyber command through its operations is able to gain insight and warning um whether it's up you know whether it's operating and hunting on partner networks or in other venues and to share that information with partners in the FBI DHS etc um you know that is really um kind of the key um the key metric to what extent are we doing that um and i think over time um uh you know we will continue to i mean one of the other i think challenges that we're working on is how do you assess initiative right how do you look and see who has the initiative in this particular um at this particular time in this particular space in this particular campaign so the extent that we can demonstrate that we are sort of anticipatory we are out ahead to what extent are we um identifying vulnerabilities that adversaries are intending to exploit before they do that and then taking those away from them that's an indicator i think that this approach um is succeeding so that's a metrics is always the tough question and um it's a it's a good one fair enough um cyberspace as you as you noted in your comments um is of course interconnected and and contested so i'm curious how um adversaries are responding to cyber command which is in some ways related or the flip side of the coin to the metrics question of how are we judging effectiveness how have adversaries real or potential adapted or evolved in response to our persistent operations right um so um to the extent that i can talk about about that i think the first thing um would be to recognize is that our adversaries are routinely adapting they're adapting their um their their targets their malware their ttp their objectives um and they were doing this before persistent engagement okay because cyberspace um is a space that invites adaptation and leveraging opportunities because remember the the terrain is malleable and the terrain is is created and um developed by largely by the private sector right so it's not something that is within you know the control of state actors so to say so it invites um cyberspace invites adaptation it rewards it um so i think hypothetically if we were to ask ourselves you know we know that our adversaries have read um the documents because um they've written about them and they've talked about them in open venues so we know that they're aware of that um how they're adapting to it well hypothetically one could say um if we're effectively frustrating their activities in cyberspace do they look to achieve those objectives another way outside of cyberspace okay so if we're frustrating ip theft are they going to look at other ways to acquire that information okay so that that might be one way um we're always monitoring the extent to which they're designing around our tactics techniques and procedures how they're adapting technically in cyberspace but another possibility might be that if they um if they find that certain types of behavior are so frustrating and um are not able to achieve their objectives maybe we get to the point where we can have some sort of tacit understanding that certain things are off limits okay so if we can decide and and then maybe that i think is sort of how you come to the creation of norms from the bottom up right where there's a recognition that you know we're pushing back continuously against certain high priority areas um and maybe we just you know they get to the point say we're you know this is not an area where we're willing to continue to put our effort um and that maybe we get some sort of tacit agreement um which eventually could be enshrined in a more you know um explicit agreement so you know those are ways to begin to think about how we will over time um get a sense of the you know the reaction to the strategy overall um of course you know at the classified level we're constantly seeing evolution um which we have before pe and which we continue to see that's an interesting way to think about potentially squaring the circle between the cyber norms debate um and uh persistent engagement and and defend forward as strategy let me shift gears a little bit um uh we're of course unable to meet today in person because of the covid crisis which is taking a painful toll and in blood and treasure on the united states and really around the world how have operations at cyber command been impacted by covid um so i think um like the rest of the u.s. government um high priority no-fail missions have continued i mean there you know there's a prioritization that has occurred and you know those critical missions have continued uninterrupted um uh you know at the command as they have throughout dod um and i would imagine the rest of the government um clearly you know the we're doing social distancing we're wearing masks we're dealing with the workflow of people in and out of of the different buildings just like every other part of the u.s. government um i think that the biggest ship that we're seeing um which is um emblematic of the u.s. government in general is the ship to telework um and so there are i think by one estimate in mid july about 1.2 million users um that we're using dod teleworking capabilities so that's that's really quite dramatic um and i think um particularly for um you know organizations that do a tremendous amount of work on the classified environment in the classified environment um you know being able to find secure unclassified venues um has has been a major push and a major thrust um and the command is doing that and and clearly the national security agency has been you know kind of tremendous and out in the lead in helping to make those um unclassified networks secure for the dod and for the rest of the u.s. government so um i think that's what i'd say about how it's effective to the extent to which you're able to say um has the pandemic also changed observable behavior in terms of adversaries but perhaps even allies in terms of how they're acting or reacting in cyberspace or is it too soon to tell well i think it's been um you know it's been clearly um laid out kind of in the um you know in the public domain that you know criminal both criminal and state actors are targeting the telework infrastructure network infrastructure and that's you know that makes perfect sense right i mean cyber operator operators cyber actors are opportunistic right um and you know over the past decade um we've worked very hard to secure and defend and to harden our infrastructure right and telework was always there but it was a one-off right now we pivoted from that hard and secure infrastructure um to an environment um at scale continually um that is quite new um so it's not unusual to see um adversaries targeting that particularly because people are linking networks to their you know devices at home that are unmanaged um so these create i mean i think that we should have expected that that was going to happen we we expected and we have seen them targeting medical research targeting vaccination research um and also spreading disinformation about covid um it's um really helpful to go to the department of state website and you can see interviews there by the the head of the global engagement center which is responsible for countering propaganda and disinformation and you can see sort of up-to-date sort of assessments about how for example the chinese the russians and the iranians are really feeding off each other's narratives okay or disinformation in the space and other examples so so those are the i think some of the most important things that we're seeing that the adversaries are doing in this pandemic era allies um are obviously a critical resource for um competition below the level of arm conflict as well as during warfare and so i'd like to ask you next about really operational foreign partnerships for example it's been reported that us cyber command deployed teams to montanegro in support of european command and at the invitation of the host government what do you see as the most significant opportunities and challenges in working with foreign partners in cyberspace be they montanegro or elsewhere um great question i mean there are i think um the the biggest sort of challenge is different levels of capability and technical proficiency um so you know there are allies um that are extremely proficient and you know we can work very closely with on a whole range of activities um the montanegro case was um is a reference to the hunt forward operations that were done um as part of the um whole government effort to defend the 2018 midterm elections um and so in some cases you will have countries that are less capable or maybe have less technical proficiency or have less resources to devote to that um you know that particular challenge so you know our our forces have to to understand those capabilities they have to understand that level um the hunt forward operations are ones of you know sort of um working with those countries on understanding their networks and then the question becomes you know when cyber forces leave what is the follow-up after that um is there um you know is there the capability to sustain that and so i think that's kind of the um one of the um i think biggest challenges or um you know challenges or opportunities to begin to think about that as i said um um the hunt forward operations are not the same as um as security assistance and capacity building um so recognizing the difference of those you know that's a very important line of effort across the whole u.s. government in terms of helping to build the cyber capacity of partners um you know huge efforts being carried out by the department of state and usa id in this area as well as in dod um so i think um in that respect that's probably what i would identify as um as probably the biggest you know challenge that we face those challenges may answer in some sense is my next question of of what can us cyber command do more of or do better to particularly help enable partners would you emphasize on the notion of understanding or and follow through or there are other aspects of how we can in some sense or the united states can improve its game to help uh help facilitate uh partner activity um yeah so i mean um obviously you know the speed um with which we can share information getting it to the right classification level i mean that's um you know getting better but that's you know always a um you know always something that we can do better at um the capacity building as as we mentioned um exercises i think being able to to do joint exercises um and also you know you're talking about foreign partners but also bring we brought you know private sector partners into exercises that the command has done so i think that's a really important element because then you understand um you understand who you're working with and that um you have make those connections and you can understand friction points and untapped opportunities um the last thing i think is that we need to make sure that we're explaining our strategy and policy clearly i think we need to be speaking with one voice so that our partners understand um you know what we're doing the logic behind how we're doing it and how we see um working with them is a critical component to that thank you um like strategy and operations uh some of the missions and authorities that you described in your presentation have also evolved over time you flagged um uh engagement with montanegro in in the context of the 2018 us election 2020 is of course another election year in the united states so i was hoping that you could explain why election security in particular is a military mission um so i mean i i think election security is a whole of government a whole of nation mission but um you know the question you're asking is what sort of is the military's role and why would the military be involved in that and you know one um one piece of that is the fact that the the actors um that we're dealing with are highly capable military and intelligence services like russia's gru in fact many of you know often a lot of foreign intelligence services are synonymous with their militaries so i think that on the one hand we cannot expect you know local precincts and you know state election commissions to deal with a threat of that magnitude with the capability of those actors um and you know therefore the military does have a role to play in protecting those election systems um because the military in conjunction with the intelligence community operates overseas right so we can collect and analyze data on foreign threats um and but then we pass that on to dhs and fbi and within the context of their authorities they will use that and share them with state and local and tribal governments and industry um and you know campaigns etc for more you know holistic picture of what we're facing so the ability to operate out there in foreign space is is is a critical one um for example in 2018 cyber forces saw russian actors masquerading as americans shared that information with the fbi who then worked with social media companies to have those actors removed based on the the terms of service violation um so these are the ways that we kind of pull the pieces together based on the capabilities and the authorities of what is kind of a segmented bureaucracy to deal with this this type of a threat given that segmentation um are there any unique tensions that exist within the interagency when cyber command works for example with department of homeland security or the fbi or other domestic agencies on election security um so i um i think that there is such a recognition that this is a whole government effort i said a whole nation effort and this it's a enduring priority for the u.s government and it is an enduring um mission um of the department of defense so everybody recognizes that and they recognize what is at stake um they recognize there's really kind of like sort of you know two streams in this one is um is defending elections from interference which is deals with the voting process part of it and the other is dealing with um defending them from influence which deals with the voter perception part so there's the interference and there's the influence and um the the u.s government you know each element in it works within the confines of their capabilities and their authorities to bring what they can um to the table to to deal with that um i think that uh so so i don't really see that coming i think it's really kind of a classic case of working together very closely you know kind of like when you're when you're at the tip of the sphere i mean those of you will know when you when you're going forward and you're working in an embassy on a country team you're all on the same team it really doesn't matter um you know what agency you represent it right you're really focused on that mission so i've been really quite impressed with um with with how the government is working together on this um and working together you know seamlessly on this because we recognize um the nature of the the threat i would say that you know one of the interesting things that um the do d is able to bring to the table sort of a different flavor is is national guard and the national guard members who are supporting their state and local elections um ns nsa u of cyber command um as you remember i mentioned um general nakasani set up the russia the russia small group as sort of the core of a whole government effort that worked with the rest of government to deal with the 2018 elections that's been institutionalized within um the nsa and cyber command as an election security group and what the election security group did um was it established a cyber nine line process um which is sort of the military term for medivacs and essentially it's a 24 seven hotline with national guard units who holistically are able to see what's occurring within um their states and localities and then they can share that information up to see if the command and the ic can then track that back to a foreign actor to some sort of foreign interference so um you know it also our national guard works you know has um kind of networks all around the world so it's a really interesting capability that do d brings to the process so um you know in general i think that um you know you know this is an area where where the um what might be considered day to day friction points you know are minimized does similar logic and uh similarly operationally effective engagement across interagency also apply um as you see it to other aspects of critical infrastructure in here i'm thinking particularly of the defense industrial base um so does similar logic apply to that as um uh protection as a military mission and do similar mechanisms of information sharing and coordination work for that infrastructure in the same way that you're seeing an effective response for election security yeah i think we can i think this is a work in progress i think in the case of the the dib the defense industrial base i mean clearly you know the department of defense um has um you know much it has a very close working relationship that's critical to it and um critical to um operations and so there's a very clear recognition that you know that do d is the agency like the sector specific agency that is responsible for for the dib you know each element of critical infrastructure has a sector specific agency financial sector treasury for example um and so um it has been um like i said a work in progress over time figuring out the comparative advantages of of how do d and dhs and fbi work together um and you know i think as the capabilities of dhs um are increasing that helps to you know kind of raise the the tide for for all boats so to speak um so just like anyone who's worked in the interagency there are day to day friction points um but you know it's getting better okay um before we close i'm keen to hear your thoughts about gaps and blind spots um what problems keep you up at night or asked another way what policy issues aren't we thinking enough about that really deserve more attention um so you know what really uh and i i actually got what kept me up at night was trying to think about the answer to that question because i'm sitting there going but what does keep me up at night um because i'm so tired that not not much does but um i think that um you know understanding the how we operate in this information space the vulnerabilities in the information space especially um i think that you know we at least from a cyber perspective we deal with kind of the connectivity right understanding how the networks are linked are they secure but then there's the content um and then the human cognition piece right and this goes into the influence piece and i think that we're on the verge of you know being in a post-truth world what is true you know what is information what is the nature of data integrity um and i think that that is um you know i think it's frightening i think it's something that our adversaries understand that they can manipulate and they can so discord division within our within our country um and you know you know those um i think as i sat back and thought about it i mean there's a lot of you know how does emerging technology affect that and the impact of ai etc but i but i think you know critically this notion of um you know information is a strategic resource right i mean our adversaries wanted um you know we wanted how do we use it how do we use it to gain insight and at the same time um how did they use it to manipulate the insight that we have and um the the notion of what is true and what is valid and i think that that is something that we as a as a society um and as you know the a group of democracies who believe in information free a world of information freedom versus information control um are going to have to deal with because that's really kind of as i see it the big existential question right is it a is this going to be you know a a world of information freedom that reflects the values that we that we have or are we going to succumb to a different vision of a world of information control that our adversaries had so to me i think those are the big questions that um that uh i try not to think about before i go to sleep very well said um if somewhat unsettling uh but in terms of big questions for um our students to ponder over the course of their studies and and scholars to um uh continue to examine in terms of the research agenda moving forward it's very helpful insight unfortunately we're running low on time dr goldman so i want to thank you again for this conversation as well as your presentation for the 2020 future war fighting symposium your critical thinking and commitment to public service are really inspirations of the naval war college and we're truly grateful for your time thank you very much it was a pleasure thanks