Along with the rest of the U.S. government, the Department of Defense (DoD) depends on cyberspace to function. DoD operates over 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries around the globe. DoD uses cyberspace to enable its military, intelligence, and business operations, including the movement of personnel and material and the command and control of the full spectrum of military operations. The Department and the nation have vulnerabilities in cyberspace. Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity -- the security of the technologies that we use each day. Moreover, the continuing growth of networked systems, devices, and platforms means that cyberspace is embedded into an increasing number of capabilities upon which DoD relies to complete its mission. Today, many foreign nations are working to exploit DoD unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements of DoD's information infrastructure. Moreover, non-state actors increasingly threaten to penetrate and disrupt DoD networks and systems. DoD, working with its interagency and international partners, seeks to mitigate the risks posed to U.S. and allied cyberspace capabilities, while protecting and respecting the principles of privacy and civil liberties, free expression, and innovation that have made cyberspace an integral part of U.S. prosperity and security. How the Department leverages the opportunities of cyberspace, while managing inherent uncertainties and reducing vulnerabilities, will significantly impact U.S. defensive readiness and national security for years to come.

In July 2011, the U.S. Department of Defense (DoD) issued the DoD Strategy for Operating in Cyberspace, which outlines five strategic initiatives: 1) Treat cyberspace as another operational domain; 2) Employ new defense operating concepts to pro--tect DoD networks; 3) Partner with other U.S. government agencies and the private sector; 4) Build relationships with U.S. allies and interna--tional partners to strengthen cyber security; and, 5). Leverage the national intellect and capabilities through cyber workforce training and rapid techno--logical innovation. First, the monograph explores the evolution of cyberspace strategy through a series of government publications leading up to the DoD Strategy for Operating in Cyber--space. It is seen that, although each strategy has differ--ent emphases on ideas, some major themes recur. Second, each strategic initiative is elaborated and critiqued in terms of significance, novelty, and practicality. Third, the monograph critiques the DoD Strategy as a whole.

In July 2011, the U.S. Department of Defense (DoD) issued the DoD Strategy for Operating in Cyberspace, which outlines five strategic initiatives: 1) Treat cyberspace as another operational domain; 2) Employ new defense operating concepts to protect DoD networks; 3) Partner with other U.S. Government agencies and the private sector; 4) Build relationships with U.S. allies and international partners to strengthen cyber security; and, 5) Leverage national intellect and capabilities through cyber workforce training and rapid technological innovation. First, the monograph explores the evolution of cyberspace strategy through a series of government publications leading up to the DoD Strategy for Operating in Cyberspace. It is seen that, although each strategy has different emphases on ideas, some major themes recur. Second, each strategic initiative is elaborated and critiqued in terms of significance, novelty, and practicality. Third, the monograph critiques the DoD Strategy as a whole. Is it comprehensive and adequate to maintain U.S. superiority in cyberspace against a rapidly changing threat landscape? Shortcomings in the strategy are identified, and recommendations are made for improvement in future versions of the strategy.

Along with the rest of the U.S. government, the Department of Defense (DoD) depends on cyberspace to function. DoD operates over 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries around the globe. DoD uses cyberspace to enable its military, intelligence, and business operations, including the movement of personnel and material and the command and control of the full spectrum of military operations. The Department and the nation have vulnerabilities in cyberspace. Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity -- the security of the technologies that we use each day. Moreover, the continuing growth of networked systems, devices, and platforms means that cyberspace is embedded into an increasing number of capabilities upon which DoD relies to complete its mission. Today, many foreign nations are working to exploit DoD unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements of DoD's information infrastructure. Moreover, non-state actors increasingly threaten to penetrate and disrupt DoD networks and systems. DoD, working with its interagency and international partners, seeks to mitigate the risks posed to U.S. and allied cyberspace capabilities, while protecting and respecting the principles of privacy and civil liberties, free expression, and innovation that have made cyberspace an integral part of U.S. prosperity and security. How the Department leverages the opportunities of cyberspace, while managing inherent uncertainties and reducing vulnerabilities, will significantly impact U.S. defensive readiness and national security for years to come.

Cyberspace is defined by the Department of Defense as a global domain consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. Attacks in cyberspace have seemingly been on the rise in recent years with a variety of participating actors and methods. As the United States has grown more reliant on information technology and networked critical infrastructure components, many questions arise about whether the nation is properly organized to defend its digital strategic assets. Cyberspace integrates the operation of critical infrastructures, as well as commerce, government, and national security. Because cyberspace transcends geographic boundaries, much of it is outside the reach of U.S. control and influence. The Department of Homeland Security is the lead federal agency responsible for securing the nation's non-security related digital assets. The Department of Defense also plays a role in defense of cyberspace. The National Military Strategy for Cyberspace Operations instructs DOD to support the DHS, as the lead federal agency, in national incident response and support to other departments and agencies in critical infrastructure and key resources protection. DOD is responsible for defensive operations on its own information networks as well as the sector-specific agency for the defense of the Defense Industrial Base. Multiple strategy documents and directives guide the conduct of military operations in cyberspace, sometimes referred to as cyberwarfare, as well as the delineation of roles and responsibilities for national cybersecurity. Nonetheless, the overarching defense strategy for securing cyberspace is vague and evolving. This report presents an overview of the threat landscape in cyberspace, including the types of offensive weapons available, the targets they are designed to attack, and the types of actors carrying out the attacks. It presents a picture of what kinds of offensive and defensive tools exist and a brief overview of recent attacks. The report then describes the current status of U.S. capabilities, and the national and international authorities under which the U.S. Department of Defense carries out cyber operations. Of particular interest for policy makers are questions raised by the tension between legal authorities codified at 10 U.S.C., which authorizes U.S. Cyber Command to initiate computer network attacks, and those stated at 50 U.S.C., which enables the National Security Agency to manipulate and extrapolate intelligence data—a tension that Presidential Policy Directive 20 on U.S. Cyber Operations Policy manages by clarifying the Pentagon's rules of engagement for cyberspace. With the task of defending the nation from cyberattack, the lines of command, jurisdiction, and authorities may be blurred as they apply to offensive and defensive cyberspace operations. A closely related issue is whether U.S. Cyber Command should remain a sub-unified command under U.S. Strategic Command that shares assets and its commander with the NSA. Additionally, the unique nature of cyberspace raises new jurisdictional issues as U.S. Cyber Command organizes, trains, and equips its forces to protect the networks that undergird critical infrastructure. International law governing cyberspace operations is evolving, and may have gaps for determining the rules of cyberwarfare, what constitutes an “armed attack” or “use of force” in cyberspace, and what treaty obligations may be invoked.