Startfor analyzes the recently released US Department of Defense Cyber Strategy and discusses how the Pentagon defines its role in cyber security by both using cyberspace as an operational domain and one that it must safeguard to protect US interests:
To discourage cyber attacks, the U.S. government has used the threat of economic sanctions, criminal prosecution of foreign state officials, and the prospect of physical military action stemming from its 2011 declaration that cyber attacks constitute an act of war. Yet, aside from the prospect of physical military action or economic sanctions, the U.S. government still lacks any effective deterrence to cyber attacks. These breaches continually cause financial losses for the U.S. private sector, and state and non-state actors continue targeting government institutions. To defend in cyberspace (rather than engaging strictly in espionage), the military must play an auxiliary role in a domain it must share with other government organizations and the private sector.
The private sector owns and operates roughly 90 percent of the physical infrastructure that constitutes the abstract world of cyberspace. Though the Pentagon has proven resourceful in researching and exploiting new vulnerabilities in cyberspace, it lacks the authority to ensure that U.S. interests are protected against such exploits. In other words, the United States’ ability to conduct espionage and sabotage in cyberspace depends on the same types of vulnerabilities that threaten its own economic interests. To rectify this, the Pentagon’s top priorities in developing its cyberspace strategy focus on defense — namely partnering with domestic government agencies and the private sector to ensure that U.S. interests are safeguarded from cyber attacks by foreign state and non-state actors.
The US military involvement in cyberspace is difficult to define. On the one hand, DoD would like to leverage the internet to launch cyber attacks against enemy nations, and those nations attacking the US. On the other hand, the US relies on the internet for so much of its financial interests, it risks seriously harming much of the infrastructure, and the trust in the internet, when leveraging it for cyber operations that end up affecting US citizens – something which will invariably happen regardless of how careful the military plans its offensive cyber operations.
This is a precarious situation for DoD and one where they need to tread very carefully.