The Pentagon building, headquarters for the U.S. Department of Defense. Photo: Mia2you/Shutterstock.

In the latest sign of the federal government refocusing its cybersecurity efforts, the Department of Defense has released a 2018 Cyber Strategy to replace a previous one launched in 2015. The new strategy represents a move by the DoD to build out its cyber capabilities to support military operations and better compete with China and Russia in cyberspace, and to pre-empt and defend cyberattacks against critical infrastructure in the U.S.

The strategy, however, also extends the DoD's efforts to collaborate more closely with the private sector on cybersecurity issues and pushes the department to use its purchasing power to motivate companies to better secure their products and services.

David Simon, a partner at Mayer Brown and a former special counsel at the DoD, noted that with the new strategy, the department will aim “to buttress the existing efforts of [Department of Homeland Security] and other departments and agencies to share information with the private sector and to enhance private-public collaboration.”

He added, “With respect to public-private partnerships, the DoD can and should play an even greater role in providing or sharing indications and warnings of potential attacks on the private sector in the U.S.”

The 2018 DoD cyber strategy was announced weeks after the DHS launched the National Risk Management Center, a new effort dedicated to helping the private sector identify and reduce cyber threats, and develop risk management strategies.

To be sure, the DoD's public-private partnership effort is more narrowly focused than the one at DHS. The DoD's aim is to bolster cybersecurity only at companies that provide infrastructure and services to the department and its military bases around the world.

Still, the DoD is a major government purchaser and has influence over a significant portion of the U.S. economy. “The defense department has over a $500 billion budget, and the last time I checked, over half the budget goes to defense procurement,“ said Jonathan Reiber, head of cybersecurity strategy at cloud computing company Illumio and former chief strategy officer at the DoD. “So when the military spends money on something, it has an impact on the economy.”

The new DoD strategy also calls on the department to push defense contractors to take cybersecurity more seriously than ever before. For example, the strategy calls for increasing “cybersecurity accountability” within the department, which includes holding “private sector partners accountable for their cybersecurity practices and choices.”

Indeed, in announcing the new strategy at the DoD, Deputy Secretary of Defense Patrick Shanahan said that cybersecurity due diligence will be an expectation from all companies the department works with and purchases from, according to FedScoop.

“Security is one of those measures that we need to hold people accountable for. And it shouldn't be that being secure comes with a big bill,” he said. “Like we wouldn't pay extra for quality, we shouldn't pay extra for security. We're in a new world, and security is the standard. It's the expectation; it's not something that's above and beyond what we've done before.”