The cybersecurity community has had a Defense in Depth strategy for well over a decade. What does that mean?
From a practical home application, Defense in Depth, would start with a fence around your property as an example, then a lock on all points of entry into the house, such as doors and windows, an alarm system, and even a safe for your valuables from not only a threat of being stolen, but for the threat of fire or water. Defense in depth, basically puts up many defenses around what you value. From a digital perspective, Defense in Depth, would include a firewall on your router and an antivirus on all you digital devices, as just another example.
However, in the past couple of years, there has been a new cybersecurity strategy, from the Department of Defense called Defend Forward. The Defend Forward cybersecurity strategy was also included in “The John S. McCain National Defense Authorization Act for Fiscal Year 2019, which created the Cyberspace Solarium Commission, CSC, to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences”. https://www.congress.gov/bill/115th-congress/house-bill/5515/text
The Cyberspace Solarium Commission CSC, co-chairman Senator Agnus King, released in March of 2020, a 182 page report that first provides a reality check to not only our nations cybersecurity weakness, but to us as individuals. The report discusses the heavy reliance on networks and digital devices and the fact that our country has “lost hundreds of billions of dollars to nation-state sponsored intellectual property theft using cyber espionage”. The report also provides an outline and makes over 80 recommendations to help our nation to become more secure including the defend forward cybersecurity strategy. https://www.solarium.gov
The defend forward strategy started with misconceptions that the strategy was just a really good cybersecurity defense. But that is not the case, defend forward includes disrupting cybersecurity campaigns and defeat advance persistent threats. In addition, the United States government will “actively observe, pursue, and counter adversaries”. The United States government will now respond consistent within international law, which will include monetary fines.
For me, it is exciting to see how our government is embracing the need to address cybersecurity. We want to stay Connected safely.