The Pentagon pledged to use offensive cyber operations to “frustrate” and “disrupt” foreign powers and criminals that threaten US interests in a new military strategy document released Tuesday that warns of China’s aims to dominate cyberspace.
The Department of Defense’s new cyber strategy – shaped by a close study of Russia’s war in Ukraine – casts the US military’s burgeoning hacking capabilities as important to US power projection, but also acknowledges the risks of escalation in cyberspace.
The department will “remain closely attuned to adversary perceptions and will manage the risk of unintended escalation,” says the unclassified summary of the new strategy, which supersedes the Pentagon’s 2018 cyber strategy. The new document largely reinforces policies already in effect, including a commitment to actively counter US adversaries in cyberspace rather than merely play defense on US networks.
The strategy’s release comes amid consistent public warnings from US officials that China will likely use its formidable cyber capabilities in the event of any military confrontation with the US over Taiwan or other issues.
US officials and tech giant Microsoft in May sounded the alarm on an alleged Chinese hacking campaign that infiltrated critical infrastructure providers in the US territory of Guam and other parts of the US. A senior National Security Agency official told CNN the intrusions were “unacceptable” because the Chinese hackers sought access to networks that might allow them to disrupt critical services in the future.
The Chinese government has denied the allegations and in turn accused the US of conducting hacking operations in China.
The new Pentagon strategy underscored those concerns, alleging that Chinese hacking informs Beijing’s “preparations for war.” In the event of conflict, China’s cyber operatives will “likely seek to disrupt key networks which enable [US] Joint Force power projection in combat,” the new strategy says.
US Cyber Command – the military’s offensive and defensive cyber forces – has grown more capable over the last decade and used its increased capabilities to conduct operations that target cybercriminals who threaten US infrastructure and elections.
But the new strategy acknowledges that offensive cyber operations do little to deter those hacking groups on their own and instead should be paired with “other instruments of national power.” The strategy did not specify what levers should be pulled, but US officials often cite sanctions and arrests as other examples of policy tools used against hackers.
Cyber capabilities “held in reserve or employed in isolation render little deterrent effect on their own,” the strategy says.
Mieke Eoyang, a senior cyber official at the department, told reporters Tuesday that the US “cannot simply defend our way out of [the] problem” of persistent threats in cyberspace.
“There is a recognition that we will, as the department, need to disrupt … malicious cyber activity coming at the United States, and we have been doing so,” said Eoyang, who is deputy assistant secretary of Defense for cyber policy.