It was 2018, and senior leaders in the U.S. Department of Defense had had it: sitting on the sidelines, watching as nation-state actors interfered in elections, stole intellectual property from American companies, and unleashed crippling malware that snarled supply chains around the world.
They had realized the country needed a radical new strategy for dealing with these strategic cyber threats, and in 2018, they unveiled it. It was called Defend Forward.
Defend Forward means defending with an offensive mindset to proactively disrupt or stop malicious cyber activity before it can adversely impact targets. It involves collecting intelligence about adversaries’ tactics, techniques and procedures; strengthening the security and resiliency of systems and networks to make it harder and more costly for adversaries to achieve their objectives; public-private sector partnerships; and much more.
Examples of the Defend Forward strategy in action include:
Defend Forward remains as relevant today as it was in 2018. In fact, as the lines between financially motivated and state-sponsored attacks continue to blur, proactive cyber deterrence strategies like Defend Forward have arguably grown increasingly urgent for private-sector organizations worldwide, as they work to safeguard their intellectual property against nation-state driven cyber espionage campaigns and protect their businesses from cybercrime-driven ransomware attacks.
While ransomware operations aren’t typically politically motivated, they often serve geopolitical agendas, as was the case with the attacks on Colonial Pipeline and JBS.
Given the nature of today’s threats, the Cyber Defenders Council has made adapting the concept of Defend Forward for the private sector its mission. The Council, sponsored by Cybereason, is an independent group of preeminent cybersecurity leaders from public- and private-sector organizations across North America, EMEA and Asia-Pacific.
The Cyber Defenders Council is working with full awareness that offensive cyber operations are off limits for commercial organizations. Consequently, the Council is exploring how private-sector enterprises can incorporate the proactive spirit of Defend Forward and its underlying idea of deterring attacks by making them harder and more expensive for adversaries to carry out.
The inaugural report from the Cyber Defenders Council examines the origins of Defend Forward, its applicability to the private sector, and ways security leaders can apply it via six guiding principles. This report marks the first in a series of quarterly reports from the Cyber Defenders Council featuring prescriptive guidance designed to help organizations implement key Defend Forward strategies that will increase costs for attackers and improve the overall efficacy of Defenders.
Forthcoming reports will delve into each of the six principles to provide cybersecurity leaders with the specificity and practical ideas they need to apply Defend Forward in their organizations.