The cyber domain is a vulnerable area in which the Pentagon needs to continue investing in, Joint Chiefs of Staff Chairman Gen. Mark Milley testified today with Defense Secretary Lloyd Austin before the Senate Appropriations defense subcommittee.
"The domain of cyber as a domain of war, as a domain of competition with adversary nations, is a relatively new domain," Milley said. "And we are building those capabilities. We have the most significant cyber capabilities in the world. That doesn't mean it's perfect, and we witnessed what happened with the hackers and in Colonial Pipeline, and we have to do much, much more."
The DOD is requesting a total of $715 billion in funding for fiscal year 2022, with $10.4 billion in FY-22 to fund its cyberspace activities.
The money would fund four new teams for its Cyber Mission Force, zero trust technology investments and efforts to remediate vulnerabilities in critical infrastructure and the defense industrial base.
"This budget is about, I think, $2.3 [billion] or $2.4 billion into increasing our cyber capabilities just in the uniform branches," Milley said. "But, there is a lot more work to do. There is no question about it. And this is an area in which we are vulnerable and we need to continue to invest."
Austin added the Pentagon has "the ability to defend forward in terms of making sure that we address aggressive actions" when it comes to cyberattacks.
But DOD doesn't have a formal definition for what a cyberattack against the U.S. constitutes, Austin confirmed.
"We need one," Sen. Lindsey Graham (R-SC) said. "Don't you think we need to define what a cyberattack would be and rules of engagement about how to respond*"
Earlier this week, President Biden and other leaders from the nations that make up the North Atlantic Treaty Organization endorsed a new cyber defense policy that calls for invoking Article 5 -- the alliance's self-defense clause -- against cyberattacks from adversaries on a "case-by-case basis."
It remains unclear what would constitute invoking Article 5 for a cyberattack, but Biden touted the cyber defense policy as the first in seven years to "improve the collective ability to defend against [and] counter threats from state and non-state actors against our networks and our critical infrastructure."