Written byZaid Shoorbajee
Russia and China continue to hack into U.S. companies and government agencies because they aren’t afraid of a potential response, senior U.S. officials say.
The Army general expected to be confirmed as the next head of the NSA and U.S. Cyber Command told senators at a congressional hearing Thursday that he doesn’t believe U.S. adversaries in cyberspace fear any repercussions for conducting hacking campaigns and cyber-espionage.
Lt. Gen. Paul Nakasone’s bleak assessment at at a Senate Armed Services Committee hearing comes two days after the the same committee grilled the outgoing Adm. Mike Rogers, who Nakasone would replace, for indicating that the U.S. does not have offensive plans in motion to retaliate against cyberattacks.
Responding to a line of questioning from Sen. Dan Sullivan, R-Alaska., who called the U.S. “the cyber punching bag of the world”, Nakasone said that countries known to target the U.S. in cyberattacks are not deterred by U.S. policy.
“I would say right now they do not think that much will happen to them,” Nakasone said. “They don’t fear us.”
He added: “The longer that we have inactivity, the longer that our adversaries are able to establish their own norms.”
Russian interference in the the 2016 presidential election has for more than a year been the subject of numerous federal investigations across the legislative and executive branches. In February, the Department of Justice issued indictments against 13 Russians and three Russian entities for operating a complex disinformation campaign leading up to the election. The Department of Homeland Security has also warned that Russian hackers have scanned various parts of state election infrastructures for vulnerabilities.
In terms of how the U.S. could fix the lack of deterrence, Nakasone largely echoed the position Rogers expressed during his hearing: that the head of the NSA and Cyber Command is not a policymaker but should provide options to the executive branch. Nakasone was asked about how he would respond to Russia aggression by multiple senators.
“We’re 31 years into cyber war, but we’re four years into regular attacks against the United States to which we publicly admit we don’t respond, or we don’t respond in any way that’s sufficient to change behavior,” said Sen. Ben Sasse, R-Neb., in one of these many exchanges. “In the cyber war, if we’re just playing cyber defense, we have an asymmetric war against us.”
Nakasone responded by saying that he would develop a new set of cyber warfare options for policymakers to consider for the purpose of deterrence, using hacking operations to disrupt adversary networks.
“What I think has to happen is, obviously if confirmed, I provide a series of cyber and military options that’s considered by the secretary of defense and ultimately the president,” Nakasone explained. He expanded on what these “options” could be in a written response to the committee in an advance of the hearing.
“The Department [of Defense] can improve its cyber deterrence posture in several ways. First, by conducting operations to frustrate and counter adversary cyber activities to decrease will, increase cost, and deny benefits. Second, by developing a highly skilled force and demonstrating capabilities to deliver cyber effects and hold adversaries at risk. Finally, by improving the defense and resilience of critical systems and infrastructure,” Naksone wrote.
Senators also tried to gauge Nakasone’s opinion on whether Cyber Command should be separated from the NSA now that it has received elevated authority. A split would cause the current “dual hat” status for the head of Cyber Command and the NSA to end, forcing the Trump administration to then also nominate a candidate for the military unit. Nakasone said he planned to submit his opinion on that plan within 90 days of being appointed.
“I don’t have a predisposed opinion on this,” Nakasone said. “Is it best for the nation that the National Security Agency and U.S. Cyber Command stay together under one leader, or is time now that we think about a separate National Security Agency and a separate combatant and command?”