The release of the Department of Defense’s (DOD) 2023 Cyber Strategy could not have come at a better time. The first DOD Cyber Strategy since 2018, it shows the DOD recognizes the scale of the cyberthreats facing our nation and are looking to build a forward-facing posture in our nation’s cyber defense.
The digital age has fundamentally altered the nature of conflict between nations. For example, it is well known that nation states are routinely involved in all manner of criminal cyber activity which blurs the line between traditional civil law enforcement role and national defense. As a result, a reconsideration of the military’s role in addressing cybercrime – potentially beyond the traditional armed force’s role – is required to counter the escalating surge of cyber-attacks.
The modern threat creates an evolving ambiguity between traditional military activities and criminal behavior that is and state-sponsored or affiliated and the USA has not updated its structures and roles to keep pace with this reality.
As a result, our current policy process is failing to adequately address cybercrime. We are, in fact, losing the fight against cyber criminals – and badly. Cybercrime is at an all-time high, and there are no signs that it is slowing down. Economic losses from cybercrime are estimated to be as much as $2 trillion annually—and increasing to as much as $10.5 trillion by 2025.
Meanwhile, the United States successfully prosecutes roughly one percent of cybercriminals. This almost negligible rate of successful prosecution has not changed significantly in decades. This means that law enforcement provides practically zero deterrent power. It is obvious that we need to be far more aggressive and creative in assisting our law enforcement agents to address cybercrime.
The fault lies not with our overwhelmed law enforcement personnel but with the antiquated systems and lack of resources they are given to do an extremely difficult and important job.
Cyber law enforcement agents are competing with a sophisticated and resilient enemy, one that often has nearly unlimited resources—including collaboration with state actors. Since so much of cybercrime is international in origin and implementation and severly threaten our national secuoty, traditional lines between law enforcement and the military need to be fundamentally modified for the digital age.
FUNDAMENTAL QUESTIONS OF THE MILITARY’S ROLE IN CYBER NEED TO BE ADDRESSED AND ANSWERED
The effectiveness of a potentially more integrated role for DOD in fighting cybercrime hinges on the precision of well-defined guidelines. ISA suggests a comprehensive reassessment of the nation’s defense against cyber threats with an emphasis on clarifying and dispelling “conceptual confusion” that is obscuring understanding about the roles and appropriate responsibilities of the DOD and civil law enforcement facing modern cyber threat which may go beyond the traditional conceptualization.
It is critical however, that this reassessment is not carried out soley by DOD or DOD just with the DIB. The reassment will not succeed unless a braoder community on a co-equal partnership basis is part of thereassment.
There is a need for clarity regarding the nature and the criteria for specific dimensions of the military’s participation in civilian cyber defense against international. Such clarification is a crucial step toward establishing clear and actionable guidelines, fostering enhanced cooperation, alignment, and synergy in response to sophisticated cyberattacks that are causing significant harm the United States but are not being adequately addressed due to outdated jurisdictional boxes.
A BROAD-BASED COMMISSION SHOULD EXAMINE FUNDAMENTAL ISSUES
ISA recommends the appointment of a distinct commission tasked with formulating a pragmatic strategy for enhancing the prosecution of cybercriminals in a sustainable manner. This commission should comprise sixteen individuals: four former law enforcement officials, four former military personnel, four industry representatives (with no more than one from any sector), and four representatives of cybercrime victims, all devoid of prior government experience. The commission’s deliberations should encompass how military and law enforcement collaboration can be more effective in pursuing cybercriminals, the necessary modifications to domestic and international laws to implement the strategy, and the development of an international political consensus to make the plan viable.