In our latest episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Mieke Eoyang, the Deputy Assistant Secretary of Defense for Cyber Policy. As the highest ranking civilian at the U.S. Department of Defense (DoD), tasked with thinking exclusively about cyber policy, Ms. Eoyang was able to provide valuable insights around the recently released unclassified 2023 DoD Cyber Strategy summary.
The discussion captures how the DoD’s thoughts on cyber warfare have significantly evolved in the last decade, particularly in reaction to real-world international cyber events like the conflict in Ukraine. Ms. Eoyang highlights just how far we have come from analogies to nuclear war, and why cyber warfare has become an increasingly important part of the DoD’s toolkit. All of this evolutionary thinking has shaped the new DoD Cyber Strategy, published today and complementing the U.S. National Cyber Security Strategy and the implementation plan. The new defense strategy calls for strengthened partnership with both allied nations and the private sector through information sharing, technical support, and hunt forward operations - amongst other efforts.
A couple of other links we promised to share out of our chat with Ms. Eoyang:
- DoD civilian career opportunities
- An article on “The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations”
In addition to the above, this week’s episode includes news out of CISA and an update on the UN Cybercrime Convention proceedings, which we discussed with Microsoft’s Kaja Ciglic in S01E02.
If you want to read up more on any of the news stories we covered, you can find more here:
- Microsoft speaks out on the latest from UN Cybercrime Treaty
- Untangling the Web of Redlines: The UN Cybercrime Convention possible stalemate
- CISA publishes its Annual Report on the impact of the Government VDP Platform
- CISA Hires ‘Mudge’ to Work on Security-by-Design Principles
- The UK Government views the Investigatory Powers Act (one for the crypto activists!)
Finally, our Mystery Trivia Master this week is the delightful Florian Pennings, EU cyber policy expert.
Check out the newest Distilling Cyber Policy episode on Spotify, Apple or Google. As always, if you would like to submit cyber policy trivia for upcoming episodes, please email info@centerforcybersecuritypolicy.org.
Read Next
What States Can Learn from North Carolina’s Approach to Securing Government
As states across the country grapple with how to adopt AI responsibly, North Carolina offers a compelling case study - not because it has all the answers, but because it has built the institutional muscle to learn, adapt, and lead.
Developing a National Cybersecurity Strategy
Developing a national cybersecurity strategy is a critical investment a government can make to secure its future. This paper outlines the components and offers a framework with the tools to design, implement, and improve their strategies.
FedRAMP Signals Acceleration of Requirements for Machine-Readable Packages in the Rev5 Process
FedRAMP has proposed modifications to the Rev5 process in the newly published RFCs that could enact major changes and require Cloud Service Offerings to provide authorization packages in a “machine-readable format.”
