Washington D.C., November 26, 2019 – In September 2018 the National Security Archive filed a FOIA request with the United States Cyber Command for a 2016 briefing on operational strategy given to the Defense Science Board by Dr. Richard J. Harknett, a professor at the University of Cincinnati who was then an adviser to the command’s Combined Action Group. The briefing was given to the Defense Science Board’s Task Force on Cyber as a Strategic Capability. Provided below are Dr Harknett’s thoughts on the slide deck, generously provided by Dr. Harknett himself, along with the Defense Science Board Task Force’s report and the requested briefing, titled “How understanding cyberspace as a strategic environment should drive cyber capabilities and operations.”
Research Note for National Security Archive ‘Cyber Vault’ Project
Professor Richard J. Harknett, PhD
University of Cincinnati
May 16, 2019
In early 2018, US Cyber Command released its unclassified Command Vision, “Achieve and Maintain Cyberspace Superiority,” which outlined its recognition of cyberspace as an environment of persistent action. Over the course of the subsequent year a fuller articulation of the strategy of persistent engagement emerged. In January 2019, General Paul Nakasone, the dual-hatted Commander of US Cyber Command and the Director of the National Security Agency, published an article in Joint Forces Quarterly in which he outlined the shift in strategic concept to that of a persistent force (rather than a response force). The declassified power point slide deck, “How Understanding Cyberspace as a Strategic Environment Should Drive Cyber Capabilities and Operations,” lays out the core theoretical and empirical analysis that led to this shift and adoption of a new strategy of persistent engagement.
The analysis outlined in the slide deck rested on several important departures from the anchoring strategic framework of deterrence at the time and ends with an important contrasting slide. The analysis argues that the structural features of cyberspace—at its core interconnectedness—leads to a fundamental condition of constant contact and that the nature of the technology both necessitates and facilitates persistence. Security is understood as resting on holding the cyber initiative; that is, the “effective anticipation of exploitation of cyber-related vulnerabilities.” The slides suggest that the notion of persistence captures the actual behavior of US adversaries and that the US must shift its strategy to counter that behavior. Importantly, the behavior is seen as having strategic effect. This notion parallels emphasis that US adversaries were using cyberspace effectively below the level of armed attack to challenge American relative power, which was subsequently to appear in the National Security Strategy of the US (released later in 2017), National Defense Strategy (2018), and DOD Cyber Strategy.