JEFFERSON CYBER DEFENSE DOCTRINE

A NEW Policy Framework for Strategic National cyber Defense

The Jefferson Cyber Defense Doctrine proposes a strategic shift in cyber defense policy by recognizing the role of civilian organizations in national defense during periods of cyber conflict. Drawing inspiration from early American wartime strategy during the Barbary Wars, when Thomas Jefferson authorized privately operated vessels to defend American commerce under delegated authority, the doctrine establishes a framework for delegated civilian cyber defense during wartime conditions.

Front Line of Attack

The Doctrine organizes wartime cyber defense into seven structural pillars.

Pillar I: Delegated Civilian Cyber Defense Authority: This pillar establishes the legal mechanisms that allow qualified private sector defenders to participate in wartime cyber defense operations under federal authorization.
Pillar II: Wartime Safe Harbor and Reporting: During wartime cyber conflict, rapid incident reporting is essential for coordinating national defense. However, regulatory penalties and legal liability may discourage companies from reporting cyber incidents quickly.
Pillar III: Integrated Intelligence and Threat Sharing: Cyber defense requires rapid dissemination of threat intelligence across sectors. This pillar establishes national mechanisms for sharing indicators of compromise, adversary tactics, and operational intelligence.
Pillar IV: Critical Infrastructure Readiness and Containment: Infrastructure operators must be able to isolate compromised systems and maintain operational continuity during cyber attacks. This pillar focuses on resilience and containment capabilities.
Pillar V: National Civil Cyber Defense Mobilization: This pillar organizes civilian cyber defenders into a coordinated national defense network.
Pillar VI: Economic Counter Coercion: Cyber warfare often targets economic systems. This pillar introduces economic and legal countermeasures designed to deter adversaries and disrupt hostile cyber operations.
Pillar VII: Wartime Investigation and Digital Forensics Infrastructure: Investigating cyber attacks during wartime requires coordinated digital forensics capabilities and evidence preservation standards.

First Line of Defense

The Doctrine proposes five strategic principals for coordinated wartime cyber defense:

Principle 1: Commerce and Infrastructure Are Strategic National Assets: The doctrine recognizes that the defense of civilian managed systems as a national security responsibility rather than solely a corporate risk management function.
Principle 2: The Private Sector Is the Front Line of Defense: The doctrine recognizes that private sector defenders are the Front Line of Attack and First Line of Defense, mobilizing these defenders through legal authority, intelligence sharing, and coordinated response mechanisms expands the nation’s defensive capacity across the digital battlefield.
Principle 3: Delegated Defense Authority Expands National Capacity: The doctrine empowers qualified civilian cyber defenders increases the nation’s ability to respond to distributed attacks across privately operated infrastructure.
Principle 4: Wartime Cyber Defense Requires Different Rules: The doctrine emphasizes that Wartime cyber defense requires legal frameworks that encourage rapid cooperation, intelligence sharing, and operational resilience.
Principle 5: Civil Cyber Defense Requires Coordination: The doctrine emphasizes shared intelligence, coordinated investigation, and unified defensive posture during wartime cyber conflict.

DOCTRINE ARCHITECTURE

Strategic Principles

The doctrine is grounded in five principles: civilian infrastructure is a strategic asset, the private sector is the front line of defense, delegated authority expands national capacity, wartime cyber defense requires different rules, and civil cyber defense requires coordination.

Structural Pillars

Strategic Principles

The doctrine organizes wartime cyber defense into seven structural pillars: Delegated Civilian Cyber Defense Authority, Wartime Safe Harbor and Reporting, Integrated Intelligence and Threat Sharing, Critical Infrastructure Readiness and Containment, National Civil Cyber Defense Mobilization, Economic Counter Coercion, and Wartime Investigation and Digital Forensics Infrastructure.

Activation Threshold

Strategic Principles

Activation Threshold

37 Total Doctrine Mechanisms enabling coordinated civilian cyber defense during conflict.

The Jefferson Cyber Defense Doctrine activates at Cyber Defense Force Posture Level 4 and Level 5, when nation state cyber conflict transitions from threat conditions into active wartime operations.

WARTIME FORCE POSTURE ADVISORIES

POLICY FRAMEWORK

AUTHORITY DELEGATION

Activation Threshold

26 Wartime Policies defining national cyber defense structure.

Show Less

AUTHORITY DELEGATION

11 Wartime Authorities governing delegated execution and oversight. Wartime authorities define both the operational capabilities delegated to civilian cyber defenders and the governance mechanisms exercised by state and federal entities to ensure controlled and lawful execution. Civilian cyber defenders operate under delegated authority

Show Less

HISTORICAL PRECEDENT

AUTHORITY DELEGATION

The United States recognizes that national defense may extend beyond standing military forces through the lawful participation of its citizens. Article I, Section 8 grants Congress authority to call forth the militia, while early practice, including Letters of Marque and actions under President Jefferson during the Barbary Wars, demonstrates the use of delegated civilian capability under legal authority. Together with the Federalist Papers, this establishes a consistent precedent for organized civilian participation in national defense.

Show Less

WARTIME POLICY FRAMEWORK

POLICY 1: Cyber Counterstrike Authorization ACT (C2A2)

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 1: Cyber Counterstrike Authorization ACT (C2A2)

PILLAR I: Delegated Civilian Cyber Defense Authority

Link: POLICY

Authorizes qualified U.S. organizations to conduct limited defensive cyber countermeasures against foreign adversary infrastructure during wartime under federal oversight.

POLICY 2: No Fines During Wartime Safe Harbor Policy

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 1: Cyber Counterstrike Authorization ACT (C2A2)

PILLAR II: Wartime Safe Harbor and Reporting

Link: POLICY

Suspends regulatory penalties for companies that experience cyber attacks during wartime when incidents are reported immediately to federal authorities.

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

PILLAR I: Delegated Civilian Cyber Defense Authority

Establishes a federal certification program allowing approved organizations to participate in authorized wartime cyber defense activities.

POLICY 4: Emergency Infrastructure Sanitization AUTHORITY (EISA)

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

PILLAR I: Delegated Civilian Cyber Defense Authority

Allows authorized defenders to disable adversary controlled infrastructure being actively used in cyber attacks against U.S. organizations.

POLICY 5: Civil Cyber Defense Deputization POLICY

POLICY 4: Emergency Infrastructure Sanitization AUTHORITY (EISA)

POLICY 6: Civil Cyber Defense Reimbursement POLICY

PILLAR V: National Civil Cyber Defense Mobilization

Creates a national program for deputizing private cybersecurity teams as part of a coordinated wartime cyber defense network.

POLICY 6: Civil Cyber Defense Reimbursement POLICY

POLICY 4: Emergency Infrastructure Sanitization AUTHORITY (EISA)

POLICY 6: Civil Cyber Defense Reimbursement POLICY

PILLAR V: National Civil Cyber Defense Mobilization

Establishes a reimbursement mechanism for approved defensive expenditures using preapproved cybersecurity capabilities to support national cyber defense operations.

POLICY 7: Mandatory Wartime Incident Reporting POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

PILLAR II: Wartime Safe Harbor and Reporting

Requires rapid reporting of cyber incidents to federal authorities and sector ISACs during wartime conditions.

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

PILLAR II: Wartime Safe Harbor and Reporting

Protects cybersecurity professionals who disclose vulnerabilities or attacks affecting national infrastructure during wartime.

POLICY 9: National Cyber Attack Early Warning System POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

POLICY 9: National Cyber Attack Early Warning System POLICY

PILLAR III: Integrated Intelligence and Threat Sharing

Establishes a national early warning capability for detecting large scale cyber attack campaigns targeting critical infrastructure.

POLICY 10: AlertNet National Cyber Defense Network POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

POLICY 9: National Cyber Attack Early Warning System POLICY

PILLAR III: Integrated Intelligence and Threat Sharing

Creates a national threat alert network distributing real time cyber intelligence to infrastructure operators.

POLICY 11: National Wartime Indicator Repository POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

PILLAR III: Integrated Intelligence and Threat Sharing

Establishes a CISA sponsored repository of indicators of compromise, YARA rules, and Sigma detections derived from attacks against U.S. infrastructure.

POLICY 12: National Cyber Defense Coordination Center POLICY

PILLAR V: National Civil Cyber Defense Mobilization

Establishes a central coordination hub for national cyber defense operations and cross sector collaboration.

POLICY 13: National Coordinated Wartime DFIR POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

PILLAR VII: Wartime Investigation and Digital Forensics Infrastructure

Establishes a coordinated digital forensics response capability supporting infrastructure operators during cyber conflict.

POLICY 14: National Cyber Forensics Laboratory POLICY

PILLAR VII: Wartime Investigation and Digital Forensics Infrastructure

Creates a national laboratory dedicated to digital forensic investigation and evidence preservation during cyber conflict.

POLICY 15: National DFIR Training and Evidence POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

POLICY 15: National DFIR Training and Evidence POLICY

PILLAR VII: Wartime Investigation and Digital Forensics Infrastructure

Provides training, forensic tools, and multimedia analysis capabilities through national laboratories.

POLICY 16: Supply Chain Cyber Transparency POLICY

POLICY 18: Emergency Satellite Communications Reserve POLICY (Starlink Reserve)

POLICY 15: National DFIR Training and Evidence POLICY

PILLAR IV: Critical Infrastructure Readiness and Containment

Requires vendors supporting critical infrastructure to disclose cybersecurity incidents and vulnerabilities.

POLICY 17: Operational Technology Vendor Training POLICY

POLICY 18: Emergency Satellite Communications Reserve POLICY (Starlink Reserve)

PILLAR IV: Critical Infrastructure Readiness and Containment

Requires vendors providing operational technology platforms to provide standardized cybersecurity training for infrastructure operators.

POLICY 18: Emergency Satellite Communications Reserve POLICY (Starlink Reserve)

PILLAR IV: Critical Infrastructure Readiness and Containment

Establishes emergency satellite communications capability to maintain national connectivity during cyber attacks on telecommunications networks.

POLICY 19: Retaliatory Cyber Tariff POLICY

POLICY 20: Cyber Terrorist Organization Designation POLICY

PILLAR VI: Economic Counter Coercion

Allows tariffs or economic penalties against states harboring or supporting cyber attacks on U.S. infrastructure.

POLICY 20: Cyber Terrorist Organization Designation POLICY

PILLAR VI: Economic Counter Coercion

Designates specific cyber threat groups as terrorist organizations to prohibit ransom payments and financial support.

POLICY 21: Wartime Ransomware Prohibition Policy

POLICY 20: Cyber Terrorist Organization Designation POLICY

POLICY 22: Enhanced Wartime Cybercrime Penalties POLICY

PILLAR VI: Economic Counter Coercion

Prohibits ransom payments that could finance hostile nation states or their proxies.

POLICY 22: Enhanced Wartime Cybercrime Penalties POLICY

PILLAR VI: Economic Counter Coercion

Increases criminal penalties for cyber attacks conducted during wartime conditions.

POLICY 23: EXPANDED SECURITY CLEARANCE POLICY

POLICY 22: Enhanced Wartime Cybercrime Penalties POLICY

POLICY 24: NATIONAL LABORATORY COLLABORATION POLICY

PILLAR III: Integrated Intelligence and Threat Sharing
Expands security clearance access for critical infrastructure cyber leaders to improve wartime intelligence coordination.

POLICY 24: NATIONAL LABORATORY COLLABORATION POLICY

POLICY 22: Enhanced Wartime Cybercrime Penalties POLICY

POLICY 24: NATIONAL LABORATORY COLLABORATION POLICY

PILLAR III: Integrated Intelligence and Threat Sharing
Supports advanced cyber threat analysis, malware research, and defensive capability development through collaboration with national laboratories, separate from operational coordination functions.

POLICY 25: National Civil Cyber Defense Network Policy

POLICY 26: National Cyber Defense Exercises and Training Policy

PILLAR V: National Civil Cyber Defense Mobilization
Organizes civilian cyber defenders into a coordinated national defense network during wartime cyber conflict.

POLICY 26: National Cyber Defense Exercises and Training Policy

PILLAR V: National Civil Cyber Defense Mobilization
Establishes national wartime cyber defense exercises and training programs to prepare infrastructure operators and private defenders for coordinated conflict response.

WARTIME AUTHORITIES

AUTHORITY 1: Wartime Break the Glass Administrative AUTHORITY

Link: AUTHORITY

Delegated Civilian Operational Authority

Enables critical infrastructure to implement “Break the Glass” procedures during wartime for all MSP, vendor, and administrative support interactions.

AUTHORITY 2: Wartime Motive Alignment Test AUTHORITY

AUTHORITY 1: Wartime Break the Glass Administrative AUTHORITY

Delegated Civilian Operational Authority

Requires defenders to confirm that observed activity aligns with known wartime objectives before taking destructive defensive action.

AUTHORITY 3: Wartime Chain of Custody Authority

AUTHORITY 1: Wartime Break the Glass Administrative AUTHORITY

AUTHORITY 4: Defensive Action Restriction Authority

Delegated Civilian Operational Authority

Requires strict chain of custody procedures for digital evidence collected during wartime cyber incidents to ensure evidentiary integrity, coordination, and admissibility.

AUTHORITY 4: Defensive Action Restriction Authority

AUTHORITY 6: Infrastructure Segmentation Execution Authority

AUTHORITY 4: Defensive Action Restriction Authority

Delegated Civilian Operational Authority

Restricts authorized cyber defense actions to those directly tied to active hostile operations and prohibits retaliation, financial exploitation, or unnecessary collateral disruption.

AUTHORITY 5: Expected Risk Posture Authority

AUTHORITY 6: Infrastructure Segmentation Execution Authority

Link: AUTHORITY

Delegated Civilian Operational Authority
Requires participating organizations to treat material cyber compromise, adversary presence, and exploitability as expected conditions during wartime cyber force posture activation.

AUTHORITY 6: Infrastructure Segmentation Execution Authority

Delegated Civilian Operational Authority
Authorizes infrastructure operators to rapidly isolate, segment, or disconnect compromised systems and networks during active cyber conflict conditions to contain adversary activity and preserve operational stability.

AUTHORITY 7: WCDAC Certification Authority

AUTHORITY 9: Operational Logging and Oversight Authority

AUTHORITY 7: WCDAC Certification Authority

Governance Authority

Limits participation in delegated wartime cyber defense activities to organizations that maintain active federal certification under the Wartime Cyber Defense Authorization Certificate program.

AUTHORITY 8: Federal Attribution Authority

AUTHORITY 9: Operational Logging and Oversight Authority

AUTHORITY 7: WCDAC Certification Authority

Governance Authority

Reserves nation state attribution authority to federal agencies while allowing private sector defenders to identify threat groups, techniques, and adversary behaviors.

AUTHORITY 9: Operational Logging and Oversight Authority

AUTHORITY 10: Certification Revocation Authority (State and Federal Oversight)

Governance Authority

Requires detailed operational logging, forensic evidence retention, and incident reporting to federal authorities for all delegated wartime cyber defense actions.

AUTHORITY 10: Certification Revocation Authority (State and Federal Oversight)

Governance Authority
Allows designated state and federal authorities to suspend or revoke certification, impose civil penalties, or pursue criminal liability for organizations that violate wartime cyber defense controls.

AUTHORITY 11: Maximum Severity Advisory Authority

AUTHORITY 10: Certification Revocation Authority (State and Federal Oversight)

AUTHORITY 11: Maximum Severity Advisory Authority

Link: AUTHORITY

Governance Authority
Establishes a wartime escalation construct that treats nationally significant cyber advisories as exceeding peacetime critical thresholds when active conflict conditions are present.

historical precEdent

1. Constitutional Militia Authority (Clause 15)

The Constitution grants Congress authority to call forth the militia to execute laws, suppress insurrections, and repel invasions, establishing the legal foundation for mobilizing civilian capability in defense of the nation.

Principles: Delegated Authority Expands National Capacity
Pillars: Pillar I, Delegated Civilian Cyber Defense Authority
Policies: C2A2, WCDAC
Authorities: WCDAC Certification Authority

2. State Governance of Militia (Clause 16)

The Constitution reserves to the states the authority to govern and discipline militia forces, creating a dual-layer governance model balancing federal activation with state oversight.

Principles: Civil Cyber Defense Requires Coordination
Pillars: Pillar V, National Civil Cyber Defense Mobilization
Policies: Civil Cyber Defense Deputization Policy
Authorities: Certification Revocation Authority, Governance Authorities

3. Blended Public and Private Defense Model

Early American defense relied on both federal forces and private actors, demonstrating that national defense has historically extended beyond standing government institutions.

Principles: Private Sector is the Front Line of Defense
Pillars: Pillar V, National Civil Cyber Defense Mobilization
Policies: National Civil Cyber Defense Network Policy
Authorities: Expected Risk Posture Authority

4. Letters of Marque and Reprisal

Congress authorized private citizens to act against foreign adversaries under legal authority, enabling offensive and defensive actions outside traditional military structures.

Principles: Delegated Authority Expands National Capacity
Pillars: Pillar I, Delegated Civilian Cyber Defense Authority
Policies: C2A2, EISA
Authorities: Defensive Action Restriction Authority

5. Legal Constraints on Private Actors

Private actors operating under Letters of Marque were subject to strict legal boundaries, ensuring actions remained aligned with national objectives and lawful conduct.

Principles: Wartime Cyber Defense Requires Different Rules
Pillars: Pillar II, Wartime Safe Harbor and Reporting
Policies: Mandatory Incident Reporting, Safe Harbor Policy
Authorities: Operational Logging and Oversight Authority, Defensive Action Restriction Authority

6. Scalable Defense Without Standing Expansion

The use of private capabilities allowed the United States to scale defense capacity without permanently expanding federal military forces.

Principles: Delegated Authority Expands National Capacity
Pillars: Pillar V, National Civil Cyber Defense Mobilization
Policies: Civil Cyber Defense Reimbursement Policy
Authorities: WCDAC Certification Authority

7. Jefferson’s Barbary Wars Strategy

Jefferson employed a combination of naval force, delegated authority, and strategic action to counter persistent external threats to U.S. commerce and sovereignty.

Principles: Civilian Infrastructure is a Strategic Asset
Pillars: Pillar IV, Critical Infrastructure Readiness and Containment
Policies: Supply Chain Cyber Transparency Policy
Authorities: Infrastructure Segmentation Authority

8. Integration of Civilian-Supported Operations

The Barbary Wars demonstrated coordination between federal authority and nontraditional capabilities, reflecting a distributed defense model.

Principles: Civil Cyber Defense Requires Coordination
Pillars: Pillar III, Integrated Intelligence and Threat Sharing
Policies: AlertNet, Indicator Repository
Authorities: Operational Logging and Oversight Authority

9. Jefferson’s Advocacy for Active Defense

Jefferson’s correspondence emphasized that national security may require decisive action when faced with persistent threats, rather than passive defense.

Principles: Wartime Cyber Defense Requires Different Rules
Pillars: Pillar VI, Economic Counter Coercion
Policies: Retaliatory Cyber Tariff Policy, Ransomware Prohibition
Authorities: Defensive Action Restriction Authority

10. Federalist Recognition of Evolving Threats

The Federalist Papers assert that the powers required for national defense must be sufficient to address evolving and unpredictable threats.

Principles: Wartime Cyber Defense Requires Different Rules
Pillars: Pillar III, Integrated Intelligence and Threat Sharing
Policies: National Cyber Attack Early Warning System
Authorities: Maximum Severity Advisory Authority

11. Distributed Responsibility for National Defense

Early governance models accepted that defense responsibilities could be distributed across federal, state, and civilian actors.

Principles: Civil Cyber Defense Requires Coordination
Pillars: Pillar V, National Civil Cyber Defense Mobilization
Policies: National Cyber Defense Coordination Center
Authorities: Governance Authorities (Attribution, Oversight)

12. Lawful Civilian Participation as Precedent

Taken together, constitutional authority, legislative action, and executive practice establish a clear precedent for lawful civilian participation in national defense under structured authority.

Principles: All Five Principles
Pillars: All Seven Pillars
Policies: Entire Policy Framework
Authorities: Entire Authority Structure

Frequently Asked Questions

Please reach us at partner@cyberdefensecenter.org if you cannot find an answer to your question.

1. What is the Jefferson Cyber Defense Doctrine?

The Jefferson Cyber Defense Doctrine is a national framework for defending critical infrastructure during wartime cyber conflict by integrating civilian organizations into a coordinated defense posture through defined policies and delegated authorities.

2. When does the doctrine apply?

The doctrine activates at Cyber Defense Force Posture Level 4 and Level 5, when cyber activity escalates from persistent threat conditions into active nation state conflict. SEE CURRENT ADVISORY LEVEL HERE

3. Why involve the private sector in national defense?

Most critical infrastructure is owned and operated by the private sector, making these organizations both the primary targets and the first line of defense during cyber conflict.

4. Does this allow companies to “hack back”?

No. The doctrine authorizes limited, controlled defensive actions under federal oversight, with strict operational authorities governing what actions are permitted and prohibited.

5. What ensures these actions are controlled and lawful?

The doctrine includes 11 wartime authorities that define execution boundaries, oversight requirements, attribution control, and enforcement mechanisms, ensuring actions remain lawful and aligned with national objectives.

6. How is this different from current cybersecurity frameworks?

Traditional frameworks focus on risk management and compliance. This doctrine establishes a wartime operational model, where cyber defense is treated as an active component of national security.

7. Is the Jefferson Cyber Defense Doctrine currently authorized by Congress, the President, or a federal agency?

No. The Jefferson Cyber Defense Doctrine is a proposed policy framework and is not currently authorized by Congress, established through Executive Order, or implemented by a federal agency. It is intended to inform future policy development by outlining a structured approach to wartime cyber defense based on constitutional authority, historical precedent, and modern operational requirements.

8. What is meant by “delegated authority”?

Delegated authority allows qualified civilian organizations to perform specific defensive cyber actions under defined legal authorization, similar to historical practices such as Letters of Marque.

9. How are organizations authorized to participate?

Organizations must meet certification requirements under the Wartime Cyber Defense Authorization Certificate (WCDAC) program and operate within defined governance and oversight structures.

10. What role do states play in this doctrine?

States retain governance and oversight responsibilities, consistent with constitutional principles, while federal authorities coordinate national defense activation and strategic direction.

11. How does the doctrine handle attribution of cyber attacks?

Nation state attribution authority is reserved to federal agencies, while private sector defenders may identify threat actors and techniques without escalating geopolitical risk.

12. What is the “Expected Risk Posture”?

During wartime conditions, organizations are required to treat cyber compromise and adversary presence as expected rather than unlikely, shifting from risk avoidance to active defense.

13. What is the “Maximum Severity Advisory Authority”?

This authority establishes a wartime escalation model where critical cyber advisories are treated as exceeding peacetime severity thresholds during active conflict.

14. How does the doctrine support rapid response?

Through integrated intelligence sharing, early warning systems, and coordinated national response mechanisms, the doctrine enables faster detection, containment, and recovery.

15. What protections exist for organizations that report incidents?

The Wartime Safe Harbor Policy suspends regulatory penalties for organizations that promptly report cyber incidents during wartime conditions.

16. How does this doctrine deter adversaries?

By increasing defensive capacity, enabling coordinated response, and introducing economic and legal countermeasures, the doctrine raises the cost and complexity of cyber attacks.

17. Is this doctrine based on historical precedent?

Yes. It draws from constitutional authority, the use of militia, Letters of Marque, and early American wartime practices under Thomas Jefferson.

18. Does this replace existing cybersecurity programs?

No. The doctrine operates as an overlay during wartime conditions, augmenting existing cybersecurity frameworks rather than replacing them.

19. What is the ultimate goal of the doctrine?

To establish a coordinated, lawful, and scalable national cyber defense capability that protects critical infrastructure and preserves national security during cyber conflict.

20. What services does the Cyber Defense Center offer aligned with the doctrine?

The Cyber Defense Center provides services aligned to the Jefferson Cyber Defense Doctrine to support wartime cyber readiness, operational resilience, and coordinated defense. These services include wartime preparation and readiness exercises, including CISA Tabletop Exercise Packages (CTEPs), advisory services for implementing doctrine-aligned policies and authorities, threat intelligence and adversary analysis, advanced research into emerging cyber threats, and incident response governance and consulting. The Center also supports organizations in integrating wartime defense principles, operational objectives, and coordinated response strategies into their existing cybersecurity programs.

Cyber Defense Center

JEFFERSON CYBER DEFENSE DOCTRINE

A NEW Policy Framework for Strategic National cyber Defense

Front Line of Attack

First Line of Defense

“The hackers of today are the pirates of the past”

DOCTRINE ARCHITECTURE

Strategic Principles

Strategic Principles

Strategic Principles

Structural Pillars

Strategic Principles

Strategic Principles

Activation Threshold

Strategic Principles

Activation Threshold

POLICY FRAMEWORK

AUTHORITY DELEGATION

Activation Threshold

AUTHORITY DELEGATION

AUTHORITY DELEGATION

AUTHORITY DELEGATION

HISTORICAL PRECEDENT

AUTHORITY DELEGATION

AUTHORITY DELEGATION

“To provide [policies] for calling forth the Militia to execute the Laws of the Union, suppress Insurrections and repel [cyber] Invasions”

WARTIME POLICY FRAMEWORK

POLICY 1: Cyber Counterstrike Authorization ACT (C2A2)

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 1: Cyber Counterstrike Authorization ACT (C2A2)

POLICY 2: No Fines During Wartime Safe Harbor Policy

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 1: Cyber Counterstrike Authorization ACT (C2A2)

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 4: Emergency Infrastructure Sanitization AUTHORITY (EISA)

POLICY 4: Emergency Infrastructure Sanitization AUTHORITY (EISA)

POLICY 3: Wartime Cyber Defense Authorization Certificate (WCDAC)

POLICY 5: Civil Cyber Defense Deputization POLICY

POLICY 4: Emergency Infrastructure Sanitization AUTHORITY (EISA)

POLICY 6: Civil Cyber Defense Reimbursement POLICY

POLICY 6: Civil Cyber Defense Reimbursement POLICY

POLICY 4: Emergency Infrastructure Sanitization AUTHORITY (EISA)

POLICY 6: Civil Cyber Defense Reimbursement POLICY

POLICY 7: Mandatory Wartime Incident Reporting POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

POLICY 9: National Cyber Attack Early Warning System POLICY

POLICY 8: Cybersecurity Whistleblower Wartime Protection POLICY

POLICY 9: National Cyber Attack Early Warning System POLICY

POLICY 10: AlertNet National Cyber Defense Network POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

POLICY 9: National Cyber Attack Early Warning System POLICY

POLICY 11: National Wartime Indicator Repository POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

POLICY 12: National Cyber Defense Coordination Center POLICY

“The circumstances that endanger the safety of nations are infinite. For this reason no constitutional shackles can wisely be imposed on the power to which the care of it is committed.”

POLICY 13: National Coordinated Wartime DFIR POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

POLICY 15: National DFIR Training and Evidence POLICY

POLICY 14: National Cyber Forensics Laboratory POLICY

POLICY 15: National DFIR Training and Evidence POLICY

POLICY 16: Supply Chain Cyber Transparency POLICY

POLICY 18: Emergency Satellite Communications Reserve POLICY (Starlink Reserve)

POLICY 15: National DFIR Training and Evidence POLICY

POLICY 17: Operational Technology Vendor Training POLICY

POLICY 18: Emergency Satellite Communications Reserve POLICY (Starlink Reserve)

POLICY 18: Emergency Satellite Communications Reserve POLICY (Starlink Reserve)

POLICY 18: Emergency Satellite Communications Reserve POLICY (Starlink Reserve)