Building Partner Capabilities for Cyber Operations. Policy Paper from the Cyberspace Solarium Commission

The United States works closely with allies and partners in building traditional military warfighting capabilities, such as planes and missile systems that support airpower or tanks and artillery that support land power. We have taken a much more reserved approach to developing cyber capabilities in defensive and especially offensive capabilities.

This session will look at whether and how the US (and others) can improve allies’ and partners’ defensive cyber capabilities (this is more than just ‘hunt-forward ops’), and whether and how one could utilize private-sector partners in this effort. We will also examine how to approach ally/partner offensive cyber support and whether this should be ‘nuclear umbrella’ type of support or whether we should work to build and sustain ally/partner offensive cyber capacity. And if the US (or others) decide to work to build partner offensive capability, how should this be done? Is it a full ‘train-maintain-equip’ effort, or is it more of a legal/policy training effort with an emphasis on understanding unintended consequences and the development of rules of engagement? Finally, how should we integrate and employ offensive cyber forces? Does this provide a framework for response options against future attacks as happened in Albania, and if so, what will coalition command and control look like?