Building effective cyber defenses is a major challenge for defense planners, just as missile defense has been since the original Strategic Defense Initiative. In both realms the offense has the advantage, making effective defense difficult. Missile defense, however, now has several decades of experience producing and fielding new technologies. The Project on Military and Diplomatic History hosted a panel discussion of CSIS experts and Michael Sulmeyer of the Belfer Center on the history of missile defense, its experience in developing new technologies, and what these tell us about the prospects for building effective cyber defenses.

The focus on cyber-deterrence is understandable but misplaced. Deterrence aims to change the calculations of adversaries by persuading them that the risks of an attack outweigh the rewards or that they will be denied the benefits they seek. But in seeking merely to deter enemies, the United States finds itself constantly on the back foot. Instead, the United States should be pursuing a more active cyberpolicy, one aimed not at deterring enemies but at disrupting their capabilities. In cyberwarfare, Washington should recognize that the best defense is a good offense.

The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.

The administration should be given relatively high marks for the document’s cybersecurity components—especially for recognizing the breadth of the threat and that it’s going to take more than the help desk to fix it. Admittedly, that’s a pretty low bar. But National Security Strategy documents are not known as documents where big policy innovation occurs. Instead, the best you can usually do is articulate the broad contours of the main threats to national security coupled with some rough themes about what the government will do to make things better. Here, the administration does not isolate “the cyber” to the sidelines; instead, by talking about cyber issues throughout the document, the administration shows an understanding that cyberspace is a critical part to practically every aspect of national security.

Elevating Cyber Command is only one step on the road to turning it into something else: an institution less intertwined with the intelligence community and better integrated with the other elements of the military.

Michael Sulmeyer unpacks the possible NSA/CyberCom split and what it would mean to elevate U.S. Cyber Command to the status of a unified command.

For two hours on a March afternoon, Harvard Kennedy School’s Bell Hall buzzed as Kennedy School students huddled for 15-minute one-on-one sessions with Belfer Center fellows and project directors to get career advice and to ask questions about the others’ career trajectories, research, and methods.

As cyber weapons are incorporated into US military planning, policy makers and field commanders will increasingly confront a core issue: How to formulate the rules of engagement (ROEs) for US forces with regard to military operations that may use such weapons. Michael Sulmeyer, Herbert Lin, and C. Robert Kehler address ROEs from the perspective of US military operators. 

Cyber Security Project Director Michael Sulmeyer and Project Affiliate Charley Snyder discuss the recent memo that clarifies how the Department of Defense (DoD) will implement President Trump's executive order to freeze all civilian hiring across all departments and agencies.