The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.
The momentum behind this proactive cyber strategy can be found in America’s Defend Forward initiative, the rise of cyber persistence among U.S. allies and the successful takedowns of infamous groups like LockBit ransomware. Meanwhile, the broader implications of this shift are revealed in the U.S. Department of State’s focus on digital solidarity in contrast to digital sovereignty.
Cyber persistence: A strategic pivot
The idea of cyber persistence, as opposed to cyber deterrence, is reshaping global cybersecurity efforts. Traditional deterrence theory, which aims to dissuade adversaries through the promise of retaliation, has failed to address the complexities of cyber criminal behavior. Malicious cyber actors, including state-sponsored entities and organized crime groups, continue to exploit vulnerabilities, which leads to critical infrastructure compromise, sensitive data theft and government or corporate network disruption.
In response, the U.S. Department of Defense 2023 Cyber Strategy reinforced the country’s commitment to “Defend Forward,” a proactive approach designed to directly disrupt adversaries’ operations. This strategy empowers cybersecurity forces to identify malicious activities before they escalate, track adversaries and take action to prevent or mitigate attacks. U.S. allies like the United Kingdom, Japan, Canada and the Netherlands have subsequently adopted similar strategies. They’ve all come to realize that cyberspace requires constant vigilance and operational persistence to stay ahead of evolving threats.
As the U.S. DoD outlines, engaging adversaries early in planning is essential to creating a more secure cyberspace. This involves tracking the capabilities and intentions of malicious actors and degrading their ability to act. Such a proactive stance requires cooperation, coordination and trust among allies. This is especially true since cyber campaigns often involve joint operations where one nation may invite another into its networks to assist in defense.
The shift from deterrence to persistent engagement
Increasingly, nations like the UK and the Netherlands are taking proactive measures to combat cyber threats by operationalizing cyber persistence. For example, the UK’s National Cyber Strategy highlights the importance of actively tackling adversaries’ cyber dependencies and emphasizing the need for persistent engagement in cyberspace. Further examples of this shift include Japan’s efforts to introduce active cyber defense and Canada’s participation in “Hunt Forward” operations. Both aim to actively search for and disarm malicious actors.
NATO has also acknowledged the necessity of a more proactive cyber stance. The 2022 NATO Strategic Concept recognizes that cyberspace is “contested at all times.” The document explicitly states that the cumulative effect of cyber activities could reach the level of an armed attack, potentially triggering NATO’s mutual defense obligations under Article 5. This signals the acceptance of cyber persistence as a critical aspect of national and collective security.
While deterrence remains a core strategy for nuclear and conventional warfare, it is becoming clear that in cyberspace, persistence — constantly identifying, mitigating and neutralizing threats — is critical to preventing large-scale cyber incidents.
Explore IBM X-Force Red offensive security services
The LockBit ransomware takedown: A case study in persistence
The February 2024 takedown of the LockBit ransomware group under Operation Cronos serves as a prime example of how persistent cyber strategies can effectively neutralize significant threats. LockBit, one of the most prolific Ransomware-as-a-Service (RaaS) groups, was responsible for approximately a quarter of all ransomware attacks in 2023. This included attacks on hospitals and other critical services during the COVID-19 pandemic.
Operation Cronos, a coordinated international effort, resulted in significant arrests, sanctions and the seizure of LockBit’s operational infrastructure. This was not just a technical takedown but a broader effort to undermine the group’s viability. Law enforcement agencies managed to access LockBit’s internal communications, expose its affiliates and disrupt its financial networks. This cumulative disruption severely damaged the group’s reputation, making it difficult for them to regain support within the cyber crime community.
While LockBit’s ringleader, known as “LockBitSupp,” has tried to claim the group’s resurgence, analysis shows that the law enforcement operation has had lasting effects. The exposure of the group’s inner workings has sowed distrust among affiliates, with many distancing themselves from the group. The takedown’s success demonstrates the power of cyber persistence, as it involved not only technical measures but also strategic psychological operations aimed at eroding the group’s support base.
Digital solidarity vs. digital sovereignty
At the heart of the United States’ international cyber strategy lies the concept of digital solidarity, which stands in stark contrast to the protectionist policies of digital sovereignty. Digital solidarity promotes collaboration and mutual support among nations, emphasizing the need for a secure, inclusive and resilient digital ecosystem. This strategy, unveiled in the U.S. Department of State’s 2024 International Cyberspace and Digital Policy Strategy, advocates for building international coalitions, aligning regulatory frameworks and fostering a free flow of data across borders.
The key pillars of digital solidarity include promoting an inclusive digital ecosystem, aligning governance approaches to data and advancing responsible state behavior in cyberspace. These efforts aim to ensure that all nations, especially emerging economies, have access to secure digital infrastructure and that global cooperation can thwart cyber threats through shared intelligence and mutual defense efforts.
In contrast, digital sovereignty emphasizes national control over digital infrastructure and data. Countries that adopt this stance seek to protect their digital assets by restricting foreign access to their markets and mandating data localization. While proponents argue that this approach can reduce dependence on foreign technology and enhance security, critics warn that it fragments the global digital ecosystem and makes it harder to respond collectively to cyber threats.
The tension between digital solidarity and digital sovereignty has significant implications for global cybersecurity. As the world’s digital infrastructure becomes more interconnected, the U.S. and its allies argue that collaboration, not isolation, is the key to addressing the complex cyber challenges of the future.
The future of proactive cyber defense
The shift from deterrence to persistence in cyberspace represents a new era of proactive cyber defense. By identifying vulnerabilities, disrupting adversaries’ operations and engaging in continuous cyber campaigns, the U.S. and its allies are reshaping the way nations approach cybersecurity.
Operations like the LockBit takedown underscore the effectiveness of this strategy. Plus, the emphasis on digital solidarity highlights the importance of international cooperation in creating a safer and more resilient digital ecosystem. As cyber threats continue to evolve, the persistence approach will likely become a cornerstone of modern cybersecurity. The goal is to ensure that nations can stay ahead of their adversaries and secure the future of cyberspace.
The post Taking the fight to the enemy: Cyber persistence strategy gains momentum appeared first on Security Intelligence.
