How to Compete in Cyberspace

Nakasone testifying in Washington, D.C., February 2019 - U.S. Cyber Command

How to Compete in Cyberspace
Foreign Affairs, August 25, 2020
By Paul M. Nakasone and Michael Sulmeyer

Cyber Command’s New Approach


In early October 2019, personnel from U.S. Cyber Command landed in Podgorica, the capital of Montenegro, at the invitation of the country’s government. Montenegro has faced increased harassment from Russia since joining NATO in 2017, and the Cyber Command team was there to investigate signs that hackers had penetrated the Montenegrin government’s networks. Working side by side with Montenegrin partners, the team saw an opportunity to improve American cyber defenses ahead of the 2020 election.


After a “hunt forward” mission has been completed, Cyber Command works with other parts of the U.S. government to disclose its findings. The findings enable the U.S. government to defend critical networks more effectively and allow large antivirus companies to update their products to better protect their users. The net effect of the many hunt forward missions that Cyber Command has conducted in recent years has been the mass inoculation of millions of systems, which has reduced the future effectiveness of the exposed malware and our adversaries.


The hunt forward mission to Montenegro represented a new, more proactive strategy to counter online threats that reflects Cyber Command’s evolution over the last ten years from a reactive, defensive posture to a more effective, proactive posture called “persistent engagement.” When Cyber Command was established in 2010, the operative assumption was that its focus should be on trying to prevent the military’s networks from being infiltrated or disabled. But a reactive and defensive posture proved inadequate to manage evolving threats. Even as the military learned to better protect its networks, adversaries’ attacks became more frequent, sophisticated, and severe. We learned that we cannot afford to wait for cyber attacks to affect our military networks. We learned that defending our military networks requires executing operations outside our military networks. The threat evolved, and we evolved to meet it.

Proactive Defense

In 2008, a cyber attack compromised the Defense Department’s unclassified and classified networks. The incident provided a wake-up call about the need to protect American secrets from foreign hackers and led to the creation of Cyber Command in 2010 to organize that effort. Cyber Command protects U.S. military networks, defends the United States from significant cyber attacks, and directs cyber effects operations abroad. Its force consists of over 6,000 service members, civilians, and contractors who work at its headquarters at Fort Meade in Maryland and at bases in Georgia, Hawaii, and Texas.


Defending Forward

These proactive defensive measures on our networks have provided an essential boost to our cybersecurity, but they are insufficient in the evolving threat environment. We have learned that we also have to “defend forward,” outside our networks. Every day, more actors execute more sophisticated attacks against more civilian and military targets. The Chinese government uses cyber capabilities to steal sensitive data, intellectual property, and personal data from the U.S. government and U.S. businesses at great cost to the U.S. economy and national security. In May 2020, the FBI and the Department of Homeland Security warned about the People’s Republic of China’s efforts to compromise medical research into COVID-19 vaccines. The PRC supplements those cyberspace operations with influence campaigns to obscure international narratives about their activities.


Russia uses cyberspace for espionage and theft and to disrupt U.S. infrastructure while attempting to erode confidence in the nation’s democratic processes. Iran undertakes online influence campaigns, espionage efforts, and outright attacks against government and industrial sectors. North Korea flouts sanctions by hacking international financial networks and cryptocurrency exchanges to generate revenue that funds its weapons development activities. Violent extremist organizations have used the Internet to recruit terrorists, raise funds, direct violent attacks, and disseminate gruesome propaganda.

Read the Full Article »

About the Authors:

  • PAUL M. NAKASONE is Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service.
  • MICHAEL SULMEYER is Senior Adviser to the Commander of U.S. Cyber Command.

See also: