A Cooperative Cyberspace Policy for National Defense Published May 12, 2025 By LCDR Frank Conenna Jr. Maxwell AFB -- Cyberspace is unquestionably integral to both military and civilian operations. Despite the ubiquity, there is a fundamental misunderstanding on how cyberspace functions. According to Gabi Siboni and Ido Sivan-Sevilla, researchers in digital risk governance and cyber security “most of the users in cyberspace are unaware of the implicit dangers and feed it with sensitive and critical information that is not suitably protected” [1] Implementing cyberspace law and policy is challenging due to this widespread misunderstanding of the technology we use daily. However, cyberspace policy is becoming more robust as understanding of the cyber domain grows over time. Both government and society have become dependent on cyberspace for daily life and operations. The vulnerable nature of cyber systems requires policies that strengthen cyberspace security. Cyber policy is unique due to the ethereal nature of cyberspace and the physical assets it can influence. This paper discusses key elements of cyberspace policy and examines its impact on national security and the defense of critical infrastructure, emphasizing cooperation with joint military and government agencies CYBERSPACE POLICY AND NATIONAL SECURITY Cyberspace has a direct impact on national security; safeguarding the infrastructure and networks protects national assets and people’s livelihood. In addition to national security, cyberspace policy ensures infrastructure defense and cyber security enhancement. Two executive orders were signed to strengthen and improve critical infrastructure. Executive Order (EO) 13636, signed in 2013, states that the “cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront”[2]. EO 13636 encouraged the creation of a critical framework that “shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks”. EO 13800, signed in 2017, identified that “known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies”. This order reduces risk to federal networks by “implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data”[3]. These EOs emphasize the security requirements of infrastructure in both government and civilian sectors. Siboni and Sivan-Sevilla describe how commercial efforts against “cyberattacks—currently estimated in the billions of dollars—creates an incentive for companies to protect themselves, on the national level the civilian sector is, for the most part, not obligated to report a cyber breach”[4]. The security of infrastructure depends on incentivizing companies to continuously develop and improve defenses against vulnerabilities. The 2023 National Cybersecurity Strategy states that “defending the systems and assets that constitute our critical infrastructure is vital to our national security, public safety, and economic prosperity”[5]. The strategy identifies four pillars but two—Pillar One: Defending Critical Infrastructure, and Pillar Two: Shaping Market Forces to Drive Security and Resilience—focus specifically on national cyber infrastructure vulnerabilities. The strategy proposes defending critical infrastructure by shaping “market forces to place responsibility on those within our digital ecosystem that are best positioned to reduce risk”. The key to defending critical infrastructure is to leverage the innovative talent that exists in the United States (U.S.) and encourage those individuals to contribute to national defense. The U.S. has historically offered boundless opportunities to its citizens, and this legacy continues. American technological talent must prioritize the protection of national critical infrastructure. Cyber policy should foster innovation in defending critical infrastructure while promoting cooperation between military and non-military government organizations. JOINT MILITARY AND NON-DOD GOVERNMENT COOPERATION National cyberspace policy forms the foundation for the Department of Defense’s (DOD) cyberspace operations. Cyberspace’s pervasiveness requires all DOD users to understand cyberspace operations and defense beyond general military training. To establish an effective structure for joint cyberspace operations, the DOD applies DOTMLPF-P or doctrine, organization, training, materiel, leadership and education, personnel, facilities, and policy[6]. As Simone Krause notes, this approach “gives you the toolkit to adapt, train, fight, and win in that domain”[7]. Doctrine is codified at the joint level and is further refined for each branch’s own cyber component, addressing organization, leadership, and personnel. Each branch of the military has their own cyber component; according to AFDP 3-12, “serve as the subject matter expert for service-specific cyberspace capabilities, forces, and operations”, and “organize, train, and equip cyberspace units and present forces to [U.S. Cyber Command]”[8]. The U.S. Cyber Command’s “mission is to direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners”. The primary domestic partner for the DOD is the Department of Homeland Security (DHS). Joint Publication 3-12 describes DHS’s role as “secure[ing] U.S. cyberspace, at the national level, by protecting non-DOD [U.S. Government] networks against cyberspace exploitation and attacks, including actions to reduce and consolidate external access points, deploy passive network defenses and sensors, and define public and private partnerships in support of national cybersecurity policy”[9]. The DOD, DHS, and other governmental agencies, must work in close cooperation to implement National Cyberspace Policy. This cooperation includes the sharing of materiel, training, and education without compromising tactics and procedures. Programs and initiatives foster cooperation between organizations. One such initiative is Under Advisement (UNAD) which “is an unclassified program that allows partners across all sectors of industry to collaborate and share technical information on foreign threats, which has been pivotal in countering foreign cyber threats to the Nation”[10]. Another initiative is the Defense Innovation Unit (DIU). On April 3, 2025, DIU “launched a new marketplace designed to connect technology firms with vetted advanced manufacturing companies whose production approaches could bring speed, scale and security to the U.S. defense industrial base”[11]. Collaboration and rapid development will strengthen cyber defense and benefit the economy. CONCLUSION Cyberspace policy should focus on defending critical infrastructure and fostering cooperation between the government and commercial entities by incentivizing the development of stronger network and infrastructure defenses. The intention of cyberspace policy is best described by Ara Yeremyan and Lilit Yeremyan that “everyone’s wish and efforts should be directed towards creating guarantees that the technological development is used for the benefit of mankind, for raising the threshold of our expectations towards the level of humanity rather than erasing the humanness and realness”[12]. However, cyberattacks have been ongoing for decades, and when it comes to nation state actors, it is difficult to define what an act of war is in cyberspace. Joint Publication 3-12 conveys this uncertainty: “precisely how the law of war applies to [cyber operations] is not fully settled, and some aspects of the law in this area will continue to develop, especially as new types of cyberspace capabilities emerge and nations determine their views in response to such developments”[13]. The DOTMLPF-P provides a structured for joint cyber operations to address these complexities. While the law takes time to define malicious cyber operations, cyberspace continues to evolve. Cyberspace policy must be robust and prioritize cooperative efforts to defend critical infrastructure for national security and society. LCDR Frank Conenna, Jr., USN (BS, Embry-Riddle Aeronautical University; MS, Naval Postgraduate School) is a Naval Aviator and a prospective Department Head for an MH-60S squadron in San Diego. His operational experience includes several operational deployments in the Western Pacific and the Arabian Sea. He is currently completing his JMPE I from Air University Global College of Professional Military Education. [1] Gabi Siboni and Ido Sivan-Sevilla. Regulation in Cyberspace. Tel Aviv, Israel: The Institute for National Security Studies, 2019, 26. [2] President Barak Obama. “Executive Order 13636 Improving Critical Infrastructure Cybersecurity.” National Archives and Records Administration, February 12, 2013. [3] President Donald J. Trump. “Executive Order 13800 Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” National Archives and Records Administration, May 11, 2017 http://https://trumpwhitehouse.archives.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/. [4] Siboni and Sivan-Sevilla. Regulation in Cyberspace, 26. [5] President Joseph R. Biden. “National Cybersecurity Strategy.” National Archives and Records Administration, March 2023. [6] CJCSI 3010.02E (Guidance for Developing and Implementing Joint Concepts). Chairman of the Joint Chiefs of Staff, August 17, 2016: A-3. [7] Simone Kraus. "DOTMLPF to Counter Cognitive Warfare in Cyberspace." Medium, Apr 8, 2025. [8] AFDP 3-12 (Air Force Doctrine Publication 3-12) - Cyberspace Operations. U.S. Air Force Doctrine, February 1, 2023: 15-16. [9] JP 3-12 (Joint Publication 3-12) Joint Cyberspace Operations. Washington, DC: Joint Chief of Staff, 2022: III-12. [10] Cyber National Mission Force Public Affairs. “CYBERCOM’s ‘Under Advisement’ to Increase Private Sector Partnerships, Industry Data-Sharing in 2023.” U.S. Cyber Command, June 29, 2023. [11] Courtney Albon. “Defense Innovation Unit Unveils Advanced Manufacturing Marketplace.” Defense News, April 3, 2025 https://www.defensenews.com/pentagon/2025/04/03/defense-innovation-unit-unveils-advanced-manufacturing-marketplace/. [12] Ara Yeremyan and Lilit Yeremyan. “International Law Issues of Cyber Defense.” Moscow Journal of International Law, June 14, 2022. [13] JP 3-12 (Joint Publication 3-12) Joint Cyberspace Operations: III-12.