Unless DOD improves the monitoring of its key cyber strategies, it is unknown when DOD will achieve cybersecurity compliance. The arrangement will allow NATO and Finland to better protect and improve the resilience of their networks. 8 The highest-ranking civil servant in the Dutch Ministry of Defence. In this document, we outline how our Navy will develop leaders who demonstrate operational excellence, strong character, and resilience through community at every level of seniority. Along the same line, the Ministry of Defense emphasizes, in its Defence Vision 2035: Fighting for a safer future, the need for organizational decompartmentalization when countering hybrid threats in the information environment (Ministry of Defense Citation2020, 17) and promises to devote attention to the hybrid strategic competition between war and peace (Ministry of Defense Citation2020, 23). This includes protecting the information systems of the defense and for developing, coordinating, and deploying military cyber operations. The DCC concentrates on establishing and deploying defensive, intelligence, and offensive cyber capabilities. It is seldom distinct where one stage ends, and another begins. Responding to global challenges under the leadership of the CNO and guided by the precepts of our "Design for Maintaining Maritime Superiority" the U.S. It improves operational effectiveness and provides a mechanism to enhance integration and resource development. /Version /1.5 hbbd```b``" , :Q`Z0{"m"S&IL0;DAd%t'^+hFg` %Y 45 0 R 46 0 R 47 0 R] The Ministry of Defense (ibid) stresses that it will further develop the Intelligence Services ability to counter threats before incidents occur and emphasize that that cooperation and coordination between the above-mentioned actors in military cyber operations [the intelligence service and the FOH] will be strengthened, based on a military cyber operations center in the Intelligence Service. In this context, the DCCFootnote5, sees offensive cyber capabilities as digital resources the purpose of which is to influence or pre-empt the actions of an opponent by infiltrating computers, computer networks and weapons and sensor systems so as to influence information and systems. >> This blueprint describes how the Department will apply naval power as we continue to prepare for a more navigable Arctic Region over the next two decades. These documents are supported by interviews with military personnel, civil servants, and scholars in the three countries. JSCU is a collaboration between the two Dutch intelligence and security services the MIVD and the General Intelligence and Security Service (AIVD). 8 0 obj TENTH Fleet,CHIPS Magazine) /Filter /FlateDecode NATO Headquarters Cyber Defence: Cyber threats to the security of the Alliance are complex, destructive and coercive, and are becoming ever more frequent. It further details how each of the Office of Naval Research's (ONR) six Integrated Research Portfolios (IRPs) address the priorities for their respective naval domain customers. View GAO-17-512. Systematic attention has been less devoted to comparative empirical studies of the specific organization of cyber capabilities across military and intelligence agencies in European countries. Consequently, also in the French case, it is ambiguous how the entities complement each other in practice, and how the desired organizational collaboration will achieve impact. Russias Cyber Policy Efforts in the United Nations, Already in a Cyberwar with Russia, NATO Must Expand Article 5 to Include Cyberwarfare, Cyber Defence in NATO Countries : Comparing Models, NATOs Needed Offensive Cyber Capabilities, Cyber Conflict Uncoded : The EU and Conflict Prevention in Cyberspace, National Cyber Security Organisation : Czechia, NATO in the Cyber Age : Strengthening Security and Defence, Stabilizing Deterrence, Cybersecurity of NATOs Space-based Strategic Assets, Huawei, 5G, and China as a Security Threat, Offense as the New Defense: New Life for NATOs Cyber Policy, Preparing for Cyber Conflict : Case Studies of Cyber Command, Cybersecurity and the New Era of Space Activities, Initial Reference Architecture of an Intelligent Autonomous Agent for Cyber Defense [9 September 20169 February 2018], Achieve and Maintain Cyberspace Superiority : Command Vision for US Cyber Command, Mutually Assured Disruption : Framing Cybersecurity in Nuclear Terms. Shayna Gersher. The Navy must find innovative ways to defend and protect its assets against cyber attacks, a top service official said. %%EOF 18 . Sec. It was prepared by the Office of the Chief of Naval Operations, Deputy Chief of Naval Operations for Warfighting Requirements and Capabilities (OPNAV N9) and approved for release by the Office of the Secretary of the Navy. Third, we have witnessed an expansion of intelligence activities beyond traditional espionage, with tasks and responsibilities ranging from protecting government networks to executing offensive cyber operations abroad (Gioe, Goodman, and Stevens Citation2020). Report to Congress on the annual long-range plan for construction of naval vessels for fiscal year 2020 prepared by the Office of the Chief of Naval Operations. Comprehensive review of Department of the Navy Uniformed Legal Communities from SECNAV Executive Review Panel, Dec. 9, 2019. How do I access the full text of journal articles ? DON strategy to treat innovation beyond just about buying a new platform or weapon system; by changing the way we think, challenging outdated assumptions, and removing bureaucratic processes that prevent great ideas from becoming reality. Fri: 10:00 - 15:30. endstream endobj 203 0 obj <>/Metadata 21 0 R/Outlines 35 0 R/PageLayout/OneColumn/Pages 200 0 R/StructTreeRoot 112 0 R/Type/Catalog>> endobj 204 0 obj <>/ExtGState<>/Font<>/XObject<>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>> endobj 205 0 obj <>stream The DCC does not have mandate to play an active role in disrupting continuous adversarial cyber behavior short of war. This not only makes it difficult to select and impact targets, but it also makes it hard to attract and maintain the necessary human skills (Smeets Citation2021). /Subject () Japan, Australia, Canada, and the U.K. are . The paper proceeds by locating the study in relation to relevant debates in cybersecurity scholarship. DODIN Operations, to design, build, configure, secure, operate, maintain, and sustain DOD communications systems and networks across the entire DODIN. A cyber command function outside the Intelligence Service will, for Norway, be an unfortunate and costly solution. The capability and competence in offensive cyber operations is to be further developed (Forsvarsdepartementet Citation2020, 118). Experts review the Department of the Navy's cybersecurity posture. Lawrence Michelon, a senior electronics engineer for the Systems Design and Integration Branch at Carderocks Combatant Craft Division in Norfolk, receives the Rear Adm. George W. Melville Award for engineering excellence at the Naval Surface Warfare Center, Carderock Division Honor Awards ceremony Aug. 1, 2017, in West Bethesda, Md. Existing scholarship has documented how European countries (Liebetrau Citation2022) and NATO (Jacobsen Citation2021) struggle to address such cyber aggressions below the threshold of war. Fourth, in the US context, we have seen continuous debate about the dual-hat arrangement concerning the NSA and the US Cyber Command (Chesney Citation2020; Demchak Citation2021), and Lindsay (Citation2021) has recently examined and criticized the organization of the US Cyber Command. /Im3 56 0 R 3 A ransomware attack allegedly carried out by Russian criminals. It describes both intelligence and military cyber operations as offensive actions, notes that they are usually carried out in the network of the opponent, and stresses that their execution falls under the responsibility of the chief of the intelligence service (Forsvarsdepartementet Citation2014, 6 and 17). Controlling almost half of the gasoline, jet fuel and diesel flowing along the East Coast of the US turn off the spigot (David and Perlroth Citation2021). While our work is far from complete, the following report highlights progress made and areas demanding our greatest focus to ensure success. Drawing out key organizational differences and ambiguities, the analysis identified three models of organizing military and intelligence relations: A Dutch collaboration model, a French separation model, and a Norwegian centralization model. The release of this strategic plan marks the five-year anniversary of Navy Fleet Cyber Command/TENTH Fleet. The Unmanned Campaign Plan represents the Navy and Marine Corps strategy for making unmanned systems a trusted and integral part of warfighting. Despite their divergence in organizing cyber capabilities, the three countries converge on the assumption that both responding to cyber conflict short of war and developing military cyber power are dependent on the skills, information, and infrastructure of intelligence services. JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL (13 September 2017), European Commission, COM/2017/0477 final - 2017/0225 (COD), (13 September 2017). << Author (s): Arts, Sophie. Belgium, Mon - Thu: 10:00 - 17:00 The EU's Cybersecurity Strategy for the Digital Decade. Update: DoD Instruction 5000.02 "Operation of the Adaptive Acquisition Framework" dated 23 January 2020 has been released. U.S. Cyber Command and the Director of National Intelligence, new Presidential Executive Order on Cybersecurity, changes to Army Doctrine, and updated cyberspace organization information. Increased focus on the organizational aspects can help states to clarify and communicate their priorities and decisions when it comes to answering the questions of how, when, and who engages in cyber conflict short of war. 5. DOD Cybersecurity Campaign. This calls for cooperation and coordination across military and intelligence entities. The sinew of maneuver across all domains is the network. Second, there is much ambiguity related to attribution, intention, and effect of cyber operations (Buchanan Citation2016). 2 0 obj In the face of a rapidly evolving cyber threat landscape, strong partnerships play a key role in effectively addressing cyber challenges. EU to beef up cybersecurity agency 13. As paradigmatic cases they were not chosen because of e.g. endstream endobj startxref /Author (U.S. Fleet Cyber Command,U.S. The National Strategy for the Arctic Region sets forth the United States Government's strategic priorities for the Arctic region. 1 A Russian-led supply chain attack compromising the widely used SolarWinds software. Such embattled nations may find individual cyber-safety even more salient in light of the increased global tendency towards military cyberwarfare ( Baram, 2017; Cohen et al., 2016 ). Defensive Cyberspace Operations, to defend DOD or other friendly cyberspace. The "Blueprint" for a coordinated response to large-scale cybersecurity incidents and crises at the Union level. It is, however, crucial to examine and assess the organization of cyber capabilities if we are to better understand the practical, political, and democratic implications of engaging with the current challenges that persistent cyber operations short of war as well as military cyber operations in armed conflict amount to. Note: According to Section 1.4 Transition Plan of the new instruction, the old DoDI 5000.02 dated Jan 7, 2015 (Change 3 dated 10 Aug 2017) has been renumbered to DoDI 5000.02T. stream At the time of writing, there is no public information that the DCC has conducted offensive cyber operations. hb``f``6d```\01G030000_ffcy5!ew3K Given the secrecy and confidentiality that shroud the topic and the lack of existing studies, the conclusions of this piece are to be considered tentative. /Pages 2 0 R >> He also emphasized both the long-term goal of eliminating nuclear weapons and the requirement that the United States have modern, flexible, and resilient nuclear capabilities that are safe and secure until such a time as nuclear weapons can prudently be eliminated from the world. TheNavy Aviation Vision 2030-2035reflects key concepts to meet CNOs vision of a Navy that swarms the sea, delivering synchronized lethal and non-lethal efforts from near and far, on every axis and in every domain. Register a free Taylor & Francis Online account today to boost your research and gain these benefits: Organizing cyber capability across military and intelligence entities: collaboration, separation, or centralization, National Cyber Crisis Management: Different European Approaches, Hackers, Wiz Kids, en Offensieve Cyberoperaties, Bridging the Gap between Cyberwar and Cyberpeace, Cyber Security Meets Security Politics: Complex Technology, Fragmented Politics, and Networked Science, Intelligence Reform and the Transformation of the State: The End of a French Exception, A New Role for the Public? endobj Speech by NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference (Ecole militaire, Paris) (15 May 2018) Cyber Defence Pledge. >> The Netherlands presented a military cyber doctrine in 2019. This has arguably led to overly militarized approaches to cyber security (Burton and Christou Citation2021, 1732). The agency will therefore establish a branch in Rennes with the goal of bringing it closer to the major institutional players associated with the Ministry of Defense, starting with COMCYBER (Secrtariat gnral de la dfense et de la scurit nationale Citation2019, 29). endobj hbbd``b`$ +qUAD=""gVH0* /A 52 0 R Reinforcing America's traditional tools of diplomacy, the Department provides military options to ensure the President and our diplomats negotiate from a position of strength. /Resources 12 0 R (POSTED: May 24, 2022) The U.S. Navy and Marine Corps climate strategy, Climate Action 2030, setsthe Department of the Navy (DON) on a path to achieve the Nations commitment to net-zero greenhouse gas emissions by 2050, while becoming a more capable, agile, and lethal fighting force. According to Sergie Boeke (2018, 28), it hampers the effectiveness and execution of Dutch cyber power that intelligence and military operations operate on different mandates, cultures, and methods of working. 7 0 obj Belgium, Mon - Thu: 10:00 - 17:00 9 These operations are based on 2017 Intelligence and Security Services Act and are not conducted as military operations. The cornerstone of French cyber defense is The National Cybersecurity Agency (ANSSI). ^6y~(L n7)l# 8Py. Report is in response to your request to conduct an independent Cybersecurity Readiness Review following the loss of significant amounts of Department of the Navy data. NATO and the European Union work together to counter cyber threats, Deputy Secretary General stresses NATO will continue to increase Ukraines cyber defences, NATO and North Macedonia strengthen responses to cyber threats, NATO helps to strengthen Mongolia's cyber defence capacity, Deputy Secretary General at CYBERSEC: NATO is adapting to respond to cyber threats, New NATO hub will gather the Alliance's cyber defenders, NATO Cooperative Cyber Defence Centre of Excellence, Cybersecurity : A Generic Reference Curriculum, Cyber - the good, the bad and the bug-free. It is achieved through communication intelligence and interaction with several other intelligence capabilities (Forsvarsdepartementet Citation2019b). This includes political and legal questions of when exactly an offensive cyber operation can be regarded as a use of force. Instead, it aims for the empirical analysis to provoke and open up academic and policy discussions on the practical, political, and democratic implications of the organizational aspect of developing and deploying cyber capabilities, while keeping in mind its entanglements. The Norwegian organization of cyber capabilities is founded on a centralized model that dissolves the organizational distinction between military and intelligence entities. 245 0 obj <>stream Cyber threats to the security of the Alliance are complex, destructive and coercive, and are becoming ever more frequent. << This would, inter alia, lead to the creation of a duplication of capabilities, resulting in an unclear distinction between offensive cyber operations inside and outside military operations. /Resources 33 0 R /Contents 34 0 R The DON's Information Superiority Vision outlines the Secretary's vision to modernize so that the right information can be delivered to the right Sailor or Marine at the right time to defeat high-paced and evolving threats. Yet, the scholarly and political debate about the organization of cyber capabilities has been dominated by U.S. voices and U.S. issues (Devanny and Stevens Citation2021). The German Marshall Fund of the United States, 13 December 2018. /Annots [11 0 R] This paper discusses the concept of cyber defence exercises (CDX) that are very important tool when it comes to enhancing the safety awareness of cyberspace, testing an organization's ability to . endstream endobj 99 0 obj <. The mission of the DCC is to carry out offensive cyber operations in the context of armed conflict and war and act as a potential deterrent measure in time of peace (Ministry of Defense Citation2015, Citation2018). Sx~otSKu'NKm c*(,G\X$u62|zJ^C1_ $7{j>3$+908 |xGcMxyI-udI&w6$E>Z@h1;{5_#wJMeB?8x7c9FFugDa+Qf;;~ Forum Cybersecurity Fellow. The rapid development of cyber threats and intelligence challenges the traditional design of static cyber defense platforms. /Type /Annot 11 0 obj stream Drawing out these three models of organizing cyber capabilities and their dominant characteristics, should be considered a starting point for further explorations and discussions of how European countries can and ought to organize their cyber capabilities across intelligence and military entities. /Kids [4 0 R 5 0 R 6 0 R] /CreationDate (D:20150518000000-07'00') Cybersecurity has the attention of senior DoD officials and the Service chiefs. >> Photo: Navy. Following the same line of thinking, this article offers a comparative exploratory qualitative analysis (Yin Citation2014) of how the development and deployment of cyber capabilities are structured across military cyber commands and foreign intelligence services in the Netherlands, France, and Norway. A key pillar in the organization of French cyber capabilities is a governance model that separates offensive missions and capabilities from defensive missions and capabilities (Desforges Citation2022; Liebetrau Citation2022). >> /Keywords (Cybersecurity, Spectrum, Telecommunications, Wireless) As part of this clarification, the strategic review formalizes four operational cyber chains and consolidates their governance. /Type /Pages Declaration by the High Representative Josep Borrell on Behalf of the EU: European Union Response to Promote International Security and Stability in Cyberspace, Declaration by the High Representative on behalf of the EU on respect for the rules-based order in cyberspace, RECOMMENDATIONS COMMISSION RECOMMENDATION (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises [L 239/36], Resilience, Deterrence and Defence: Building strong cybersecurity for the EU [JOIN(2017) 450 final], Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act''), Council Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities ("Cyber Diplomacy Toolbox"), Draft Council Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities ("Cyber Diplomacy Toolbox") - Adoption, Directive on Security of Network and Information Systems, Draft Council Conclusions on Cyber Diplomacy European Council, 11 February 2015, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace ["2013 Cybersecurity Strategy"], EU Cyber Security Strategy open, safe and secure, Cyber Security strategy and Proposal for a Directive, Proposal for a Directive on Attacks Against Information Systems, Repealing Framework Decision 2005/222/JHA (MEMO/10/463), Council Framework Decision 2005/222/JHA of 24 February 2005 on Attacks Against Information Systems, National Cyber Strategy of the United States of America, Cyberspace Operations - Joint Publication 312, Cyber and Electromagnetic Activities: Joint Doctrine Note 1/18, Department of Defense Cyber Strategy 2018, Joint UK-Australia Statement on Cyber Co-operation, [Resolution] Expressing the sense of the House of Representatives that the United States should develop and adopt a comprehensive cybersecurity policy, Presidential Policy Directive -- United States Cyber Incident Coordination, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, Executive Order -- Improving Critical Infrastructure Cybersecurity, H.R. The operational capability of the DCC is, however, hampered by its limited mandate that restricts the DCCs possibility to gather intelligence and conduct reconnaissance when not in war. %PDF-1.5 % The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats it faces. No potential conflict of interest was reported by the author(s). >> In parallel, the EU Directive on the security of network and information systems (NIS Directive) forces member states to adopt legal measures to boost the overall level of their cybersecurity by May 2018. According to Stphane Taillat (Citation2019), a significant part of offensive cyber operations is the responsibility of the DGSE and lies outside of the French military cyber strategy. The primary tasks of the unit are the collection of signal intelligence and the delivery of intelligence through cyber operations. The Alliance needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats it faces. It stresses that the difference between the conduct of cyber operations in war and for espionage relates to the purpose and the desired effect and underlines that those cyber capabilities are complementary and non-competing (Defence Cyber Command Citation2019, 1415). Request PDF | On Jun 1, 2017, Risa Savold and others published Architecting Cyber Defense: A Survey of the Leading Cyber Reference Architectures and Frameworks | Find, read and cite all the . The exploratory nature of the study ensures an empirical sensitivity in line with understanding cybersecurity as a situated and contextual object of study, rather than being predetermined by the existing theories and categories (Liebetrau and Christensen Citation2021). Organizing cyber capability between military and intelligence, The Netherlands: organizational collaboration, Conclusion: future paths for policy and research, https://english.defensie.nl/topics/cyber-security/cyber-command, https://www.ihemi.fr/articles/organisation-france-europe-cybersecurite-cyberdefense-V2. Center for Strategic and International Studies (CSIS), January 2017. It is hence clear that the competence to deploy cyber capabilities for both intelligence and military ends lies solely with the foreign intelligence service. The United States Navy, as the maritime component of the Department of Defense, has global leadership responsibilities to provide ready forces for current operations and contingency response that include the Arctic Ocean. Language in the 2017 National Defense Authorization Act called for the elevation of U.S. Cyber Command's status and the end of the "dual-hat" role for its leader. Registered in England & Wales No. This should be done with great sensitivity to tangential elements of developing and deploying cyber capabilities such as strategic guidance, legal mandate, doctrinal procedures, human skills, technological capacity as well as the specificity of national contexts. This creates risks that operational capability and activity may be mismatched with broader strategic or governance goals, that the military and intelligence entities operate with different purposes and goals, that political decision-making is hampered, and that democratic oversight is hindered. 5 Howick Place | London | SW1P 1WG. The White House Blog - Melissa Hathaway (29 May 2009), White House 60-Day Cyberspace Policy Review (2009), U.S. Department of Homeland Security (February 2003). This paper presents a brief survey of artificial intelligence applications in cyber defense (CD), and analyzes the prospects of enhancing the cyber defense capabilities by means of increasing the . Why does Norway not have a standalone cyber command? Giving more thought to the organizing of offensive cyber capabilities - and its entanglements - would equip scholars and decision makers to better engage the discussion of when and whether a warfare, competition, or intelligence framework is the most suitable for cyberspace. The COMCYBER is responsible for the military action chain. 0 The observed divergence in organizing cyber capabilities raises several questions for policy makers, practitioners, and scholars to consider. Instead, its operations are based on a specific intelligence services legislation.Footnote9 The legal framework does allow MIVD to conduct counter-operations. 12 0 obj First, there is a need for political and public debate about the organization of cyber capabilities across military and intelligence entities and its relation to combating cyber hostilities short of war. As stressed by Claver (Citation2018, 168), all three organizations are very different in procedures, operating style, tasks, and outlook. In 2017 it became the cyber defense command (COMCYBER) and was placed directly under the chief of staff of the armed force. As our future enlisted leaders proceed from the stern to the bow over the course of their careers, making each milestone, they are building the backbone of our future Navy that is enduring and deeply connected to the heritage of those that have gone before us. In 2018, the Norwegian Ministry of Defense (Forsvarsdepartementet Citation2018, 8) explained, in an investment plan accepted by the government, that. This seems to overcome some of the challenges to organizational collaboration pointed out above, but the extent to which this is the case is hard to say, as it is unclear how intelligence and military operations complement each other in practice. 6 0 obj Belgium, Mon - Thu: 10:00 - 17:00 3523) (7 May 2012), Republic of Estonia, Office of the President (12 April 2012), James A. LEWIS, Center for Strategic and International Studies (February 16, 2012). endobj /Rotate 0 In 2014, the Netherlands established a Defence Cyber Command (DCC), with the aim to strengthen the countrys defense and offense in the cyber domain. Cited by lists all citing articles based on Crossref citations.Articles with the Crossref icon will open in a new tab. This raises concern that the operational cyber capability of the Netherlands is hampered by the current organizational structure and legal mandate. /Parent 2 0 R This underlines the importance of intelligence. For more information, contact Joseph W. Kirschbaum at (202) 512- cybersecurity suffers from institutional frag-mentation and a weak financial base. /Contents [7 0 R 8 0 R 9 0 R] endobj The guide shows what telework capabilities exist across the Navy for military and civilian personnel. This Arctic Strategic Outlook describes the United States Navy's strategic approach to protect U.S. national interests and promote stability in the Arctic. << % Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine. Yet, there is very little public information on how the collaboration plays out between the ANSSI, COMCYBER, and the intelligence services. The organizational separation contains multiple ambiguities. >> The Norwegian Ministry of Defense (Forsvarsdepartementet Citation2019a, 19) describes it in the following way: The responsibility for network intelligence operations and offensive cyberoperations are with the Intelligence Service. Remarks by Thomas B. Modly Acting Secretary of the Navy Hampton Roads Chamber of Commerce, Hampton Roads, VA December 10, 2019.