The way in which top government brass is speaking about the military’s cyber capabilities is shifting, with policy experts, former intelligence and current U.S. officials telling Cyberscoop they are seeing a move toward an outward declaration of strength.
Following a closed door meeting with Russian President Vladimir Putin at the 2016 G20 Hangzhou summit earlier this year, President Barack Obama issued a subtle warning to his Russian counterpart by saying that the United States boasts “more capacity than anybody, both offensively and defensively” when it comes to cyber warfare.
On Monday, Democratic presidential nominee Hillary Clinton carefully touched America’s supremacy in the cyber arena during the presidential debates.
“We need to make it very clear — whether it’s Russia, China, Iran or anybody else — the United States has much greater capacity. And we are not going to sit idly by and permit state actors to go after our information, our private sector information or our public sector information,” Clinton said Monday.
Obama and Clinton’s comments contrast from advice previously offered by White House Cybersecurity Coordinator Michael Daniel.
“If you know much about it, [cyber is] very easy to defend against,” Daniel said during a 2015 interview with Politico, “Therefore, that’s why we keep a lot of those capabilities very closely guarded … We are still, as are all governments, thinking through how do you actually employ these capabilities in a way that make sense and how do you fit them into your larger strategic context.”
While the President’s G20 speech was far from revelatory, the willingness to speak on offensive cyber intent is a different approach from what had become the status quo.
Former NSA Deputy Director Chris Inglis said he is noticing a difference in the way American politicians have recently discussed the country’s cyber capabilities, although it may just be a sign of the times rather than the result of a new, concentrated policy directive.
“If you want to deter someone you broadly want to do one of two things: make it such so that they [cyber adversaries] will not succeed because it would just be too costly to them… or that you’ll impose consequences on them if they try,” Inglis said. “That needs to be perceived in their mind, as oppose to felt in the physical world, because deterrence is in the mind of that person you’re trying to deter. This sort of public discussion can certainly support that.”
Signaling U.S. supremacy in cyberspace has the potential to act as a deterrent, ultimately discouraging cyber attacks through the fear of repercussions, U.S. Assistant Attorney General for National Security John Carlin, who leads the Justice Department’s National Security Council, told Cyberscoop.
“I do think it is important in just about any other field, when someone actually attacks companies and people inside the U.S., is to say that ‘We’ll find out who you are and keep you accountable,’ ” said Carlin. “I think it is important to start signaling what could be done in response as you come up with a deterrence framework.”
A source familiar with Clinton’s debate preparation told Cyberscoop that the aforementioned remarks concerning cyber warfare are consistent with her overall national security approach and do not represent an “uptick in assertiveness.”
To some policy experts, however, Clinton’s brief cybersecurity comments came off as “war hawkish,” a description typically reserved for politicians who are likely to favor military campaigns over other policy solutions in resolving international conflict.
“It is clear that Clinton believes that cyberspace is a new domain of warfare, and has already decided to engage U.S. adversaries on the digital battlefield,” said Kenneth Geers, a senior research scientist with Comodo and ambassador to NATO’s Cooperative Cyber Defense Center of Excellence.
“Clinton was one of the more hawkish members of the Obama administration,” said Geers, “there is no reason to think that Clinton would have a more dovish position on cyber war.”