By Dr. Andreas Kuehn

This is an event summary of a March 11, 2021 seminar on U.S. cyber strategy and its implication for cybersecurity in Asia, organized by ORF America in collaboration with S. Rajaratnam School of International Studies at Singapore’s Nanyang Technological University.

As the U.S. continues to be targeted by major cyber attacks of increased sophistication, scale and scope, the country’s advocates for the more active orientation behind the notions of “defend forward” and “persistent engagement” insist that these constructs matter more than ever in the current terrain of always-on attacks below the threshold of armed conflict.  

Dr. Emily Goldman, Dr. Richard Harknett and Ms. Elina Noor headlined a 90-minute virtual seminar on U.S. cyber strategy and its implication for cybersecurity in Asia, organized by ORF America in collaboration with S. Rajaratnam School of International Studies at Singapore’s Nanyang Technological University.

On March 11, 80 subject matter experts logged in from Australia, India, Malaysia, the Philippines, Singapore, and the United States to explore the new strategic environment and how it drives U.S. Cyber Strategy. In parallel, strong concerns were voiced by participants over the increasing securitization of cyberspace and potential for further escalation of the cyber arms race.

“Defend forward”, “persistent engagement”, and “hunt forward operations” laid the foundation for a rich and thought-provoking open roundtable discussion animated by remarks from the keynote speakers Drs. Goldman and Harknett followed by Ms. Noor, the seminar’s discussant and regional cyber expert. Here we lay out the key takeaways from the session.  

Defend Forward and its Operationalization Through Persistent Engagement  

The U.S. Department of Defense introduced the new terms defend forward and persistent engagement in the 2018 U.S. Cyber Command vision “Achieve and Maintain Cyberspace Superiority,” which marked a shift in U.S policy driven largely by adversarial action. The previous doctrine of restraint in cyberspace and cyber deterrence as a strategy were deemed to be ineffective as the U.S. saw frequency, scope, and scale of cyberspace aggression mounting. Extremely capable adversaries were deliberately operating below the threshold of armed conflict, forcing a U.S. response. Revising previous policy decisions that limited military cyber forces to Department of Defense networks when outside of declared areas of hostility, the 2018 cyber strategy directed U.S. cyber forces to “defend forward,” to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict, and to persistently contest malicious cyber activity in day to day competition.  

“Defend forward” prescribes the strategy for the U.S. military’s operational cyber elements, whereas “persistent engagement” is how those forces implement the strategy. U.S. cyber strategy is not to deter but rather render opponents unable to succeed through defensive and offensive cyber operations as well as information operations. A key element of persistent engagement is the concept of “initiative.” Operationally, seizing and maintaining the initiative equals setting and resetting the conditions for security in order to place the opponent at a disadvantage or to force the opponent to adjust to friendly activity. The base goal is to reduce the effects of adversary cyber campaigns; to make them inconsequential overtime.

“As superiority in cyberspace is temporary, advantage favors those with initiative,” Dr. Harknett noted. The logic behind operating to seize and maintain initiative is that persistent engagement is focused on competing continuously for cumulative gain. One-off cyber operations are unlikely to defeat adversaries. This nudges DoD to move towards a new mindset of cyber campaigns–ongoing, persistent interactions rather than discrete cyber incidents or hacks. Dr. Goldman emphasized U.S. persistent engagement activities are in compliance with international law and norms of responsible state behavior. 

A Shifting Paradigm: Towards a New Strategic Environment 

Strategy cannot be “imposed” on a strategic environment, but must be derived from it, according to Harknett. It is important to understand, Harknett explained, that the logical structure of the cyber strategic environment is one of persistence. He said cyberspace has fundamentally introduced a new security logic and requires us to recognize the structural feature of interconnectedness. Interconnectedness introduces a fundamentally different condition -one of constant contact and ever shifting technology terrain. The security logic in this new space is fundamentally different than in the conventional or nuclear strategic environments, which requires a different way of thinking about the security problem.  

The new cyber strategic environment is driven by the actor who has the initiative at any given moment, by the pursuit of cumulative strategic gains through the exploitation of vulnerability rather than being driven by a logic of coercion and war. Compared with nuclear weapons, for example, whose strategic value exists in their possession rather than their use, the strategic value of cyber capabilities lies in their use, not in their possession. “I'm not thrilled that we're here,” he said. “It's not necessarily an easy place to think about stability in the way that we've thought about it in the past. But if we don't get these fundamentals right, we're going to struggle in this place, and ultimately, I think these are concepts, constructs, and a strategic approach that have the prospect of putting us on that path towards greater security and more stability.” 

A New Lexicon for Operating in the Cyber Strategic Environment 

As language shapes thinking, a new lexicon is needed to conceptualize operating in this new strategic environment. In terms of their cyber persistence theory, Drs. Goldman and Harknett emphasized that we are dealing with campaigns, not incidents, and interaction, not escalation. Activity is continuous, not episodic. It's cumulative, it's exploitative. And it's below the level of armed attack, but it's strategically consequential. See graphic A New Lexicon and a New Mindset, below.

Unknown Implications of Defend Forward for Asia, Small Countries Caught in the Middle 

U.S. Cyber Strategy has led to questions and caused concerns among U.S. allies and security partners. Not only is “defending forward” misunderstood or misinterpreted by many, but as Elina Noor noted, defend forward and persistent engagement are “unreservedly in defense of U.S. interests.” Much of the discussion on U.S. cyber strategy has taken place within the United States and among Americans with little outside involvement, Noor pointed out that its implications, however, go well beyond the U.S., and the interest of U.S. partners may not be fully aligned to the U.S. all the time. Southeast Asian countries, particularly smaller ones, may have different threat perceptions and risk calculations and do not possess cyber capabilities of technologically advanced countries to persistently engage malicious actors.  Southeast Asia is very interested in leveraging cyberspace and technology for its economic development, and thus, the region has considerable interest in a safe and stable cyberspace. Defend forward raises concerns about being caught in the middle of major cyber power competition and forced to choose sides. Numerous Southeast Asian countries have comprehensive or strategic partnerships with the United States as well as China, some maintain diplomatic relations with North Korea, while others are friendly with Russia.  

The disconnect between U.S Cyber Strategy and local realities has implications for the future of cyber stability. This comes down to, according to Elina Noor, whether a powerful United States seizing on a strategic advantage in cyberspace will necessarily result in a more stable and secure cyberspace, not only for the U.S. but for all other stakeholders, including smaller states in Southeast Asia. There remain significant uncertainties about the implications of defend forward and persistent engagement for the stability of cyberspace and whether related operational offensive and defensive actions can advance stability at the strategic level while being compliant with non-binding but generally agreed upon U.N. norms of responsible state behavior in cyberspace. One potential element of work over time is to conduct an outcome-based analysis of defend forward and persistent engagement to assess the impact on adversary activity and cyberspace stability.  

Speakers

Dr. Emily Goldman, a cyber strategist at U.S. Cyber Command and the National Security Agency (NSA) and former member of the Policy Planning Staff at the U.S. Department of State where she was responsible for the cyber and emerging technologies portfolio and was also key in the creation of the 2018 U.S. Cyber Command Vision “Achieve and Maintain Cyberspace Superiority”;

Dr. Richard Harknett, professor of Political Science and the Chair of the Center of Cyber Strategy and Policy at the University of Cincinnati as well as the Co-Director of the Ohio Cyber Range Institute; and

Ms. Elina Noor, the Director for Political-Security Affairs and Deputy Director at the Asia Society Policy Institute in Washington D.C.

Seminar Slides