Pentagon military planners will no longer be holding back when it comes to deploying forces and capabilities to defend the United States and its allies in cyberspace.
The Defense Department Tuesday unveiled an unclassified version of its updated cybersecurity strategy, calling for the nation's cyber forces to persistently seek out and engage adversaries including China and Russia, as well as terrorist organizations and transnational criminal groups, to minimize threats to the U.S.
It also emphasized the need to work with a variety of partners, across the U.S. government and even with the private sector, to make sure U.S. cyber efforts do not go to waste.
"Cyber capabilities held in reserve or employed in isolation render little deterrent effect on their own," according to the unclassified strategy. "These military capabilities are most effective when used in concert with other instruments of national power, creating a deterrent greater than the sum of its parts."
The release of the unclassified version of the Pentagon's 2023 Cyber Strategy comes more than three months after the classified version was shared with U.S. lawmakers.
At the time, the Pentagon said the new strategy would see U.S. cyber forces "campaign in and through cyberspace below the level of armed conflict to reinforce deterrence and frustrate adversaries."
The concept, described by senior cyber defense officials as "persistent engagement," has repeatedly been on display.
Earlier Tuesday, U.S. Cyber Command announced one of its teams had just completed a two-month-long operation in Lithuania, working with the NATO ally to search for and disrupt or minimize threats to networks belonging to the Ministry of the Interior.
Other recent deployments include "hunt forward" operations in Albania and Latvia earlier this year. And according to Cyber Command officials, there have been 50 such deployments to some 23 countries going back to 2018.
U.S. military officials have said information gained during these operations has not only helped allies but proved invaluable as the U.S. tries to protect its own networks — including during the country's 2020 presidential election, when the U.S. applied lessons it learned from helping officials in Montenegro a year earlier.
"There is a recognition that we will, as a department, need to disrupt malicious cyber activity coming at the United States," said Mieke Eoyang, the Pentagon's deputy assistant secretary for cyber policy.
"The cyber domain is one that is constantly being updated, patched, modified as technology changes," she told Pentagon reporters while briefing them on the updated cyber strategy. "So outside of an armed conflict, there is a need for us in the department to remain engaged with the cyber domain, to be able to deny adversaries advantageous positions."
The new Pentagon cyber strategy also incorporates lessons from Russia's invasion of Ukraine, notably the Kremlin's failure, so far, to use its cyber capabilities to its advantage.
"Prior to this conflict, there was a sense that cyber would have a much more decisive impact in warfare than what we experienced," Eoyang said.
"What this conflict has shown us is the importance of integrated cyber capabilities in and alongside other war fighting capabilities," she said. "Cyber is a capability that is best used in concert with those others and may be of limited utility when used all by itself."
U.S. and Ukrainian officials say that is a lesson Russia's cyber forces have started to learn. And the new cyber strategy warns that Moscow could apply that knowledge in future dealings with the West.
"Russia has repeatedly used cyber means in its attempts to disrupt Ukrainian military logistics, sabotage civilian infrastructure, and erode political will," according to the unclassified strategy. "In a moment of crisis, Russia is prepared to launch similar cyberattacks against the United States and our Allies and partners."
But while the new strategy describes the cyber threat from Russia as acute, it points to China as posing the most significant challenge.
"Malicious cyber activity informs the PRC's [People's Republic of China] preparations for war," the strategy said, echoing a warning shared even by U.S. civilian officials.
"In the event of conflict, the PRC likely intends to launch destructive cyberattacks against the U.S. homeland in order to hinder military mobilization, sow chaos, and divert attention and resources," the report added. "It will also likely seek to disrupt key networks which enable Joint Force power projection in combat."
Speaking separately Tuesday, a key U.S. National Security Agency official was equally blunt.
"PRC officials have gone as far as to state that they view technology as the main battlefield between the United States and the PRC," NSA Assistant Deputy Director David Frederick told a virtual forum.
"We've got indications all the way back to that 2010 to 2012 timeframe, and more recently, that the PRC would use attacks on critical infrastructure as part of a conflict," Frederick said of Beijing's willingness to fight in the cyber domain.
"They would not only aim to achieve disruptions to a U.S. military plan, but also induce societal panic," he added.
Officials at the Chinese Embassy in Washington, who in the past have accused the U.S, of "distorting the truth" on Beijing's cyber policies, called the allegations by the Pentagon and the NSA "groundless."
"The Chinese government's position on cybersecurity is consistent and clear. We firmly oppose and combat cyberattacks of any kind," embassy spokesperson Liu Pengyu told VOA in an email.
Liu further cited PRC reports detailing alleged U.S. government cyberattacks on China's critical infrastructure.
"The U.S. must take seriously and respond to the concerns from the international community, and immediately stop carrying out cyberattacks around the world," Liu added. "We will continue to take necessary action to prevent and stop all kinds of cyberattacks that threaten the security of our critical infrastructure."
VOA also reached out to the Russian Embassy in Washington for comment.
Russian officials have routinely denied any involvement in cyberattacks, especially those aimed at civilian infrastructure.
Pentagon officials, however, believe the new cyber strategy will help them push back against China and Russia by positioning U.S. cyber forces to identify malicious cyber activity "in the early stages of planning and development."
The strategy further calls on U.S. cyber teams to "defend forward by disrupting the activities of malicious cyber actors and degrading their supporting ecosystems."
As for whether such an approach could spark a larger conflict with U.S. adversaries, the strategy acknowledges the concern.
"As it campaigns in cyberspace, the Department will remain closely attuned to adversary perceptions and will manage the risk of unintended escalation," it said.