Persistent engagement is the operational doctrine adopted by U.S. Cyber Command (USCYBERCOM) under General Paul Nakasone, formalized in the command's 2018 Achieve and Maintain Cyberspace Superiority vision document. It marks a shift away from a reactive, deterrence-by-punishment posture toward one in which U.S. cyber forces operate continuously against adversaries to impose friction, expose tradecraft, and seize the initiative in what the doctrine describes as a domain of "constant contact."
The doctrine rests on two linked concepts. The first is persistent presence: maintaining U.S. cyber operators inside or near adversary networks to observe and contest activity in real time. The second is defend forward, the practice of disrupting malicious activity at its source — on foreign infrastructure — before it reaches U.S. networks. Defend forward was endorsed in the 2018 Department of Defense Cyber Strategy and the 2018 National Cyber Strategy.
Persistent engagement assumes that most state-on-state cyber competition occurs below the threshold that would trigger Article 51 self-defense or an armed-conflict response, and that ceding this "gray zone" allows rivals — principally Russia, China, Iran, and North Korea — to accumulate strategic gains through espionage, intellectual-property theft, and influence operations. The doctrine therefore emphasizes tempo, agility, and recurring operations rather than discrete retaliatory strikes.
Concrete applications include USCYBERCOM and NSA "Hunt Forward" operations, in which U.S. teams deploy to partner countries (Ukraine, Estonia, Lithuania, North Macedonia, and others) to identify adversary malware on host networks. Reported operations against the Internet Research Agency around the 2018 U.S. midterm elections and against ISIS media infrastructure (Operation Glowing Symphony, 2016) are often cited as early examples.
Critics, including some allied governments and academics such as Max Smeets and Jason Healey, argue the doctrine risks escalation, normalizes intrusion into third-country networks, and lacks clear off-ramps. Proponents counter that passivity is itself escalatory.
Example
In 2022, U.S. Cyber Command publicly disclosed Hunt Forward operations in Ukraine ahead of and during Russia's invasion, citing them as an application of persistent engagement.
Frequently asked questions
Classical deterrence threatens punishment to prevent attacks; persistent engagement assumes deterrence often fails in cyberspace and instead seeks to continuously contest and disrupt adversaries below the use-of-force threshold.
Keep learning