All day every day American hackers are breaking into foreign networks to slug it out with adversaries on their own turf — part of a new aggressive strategy by the U.S. Cyber Command.
Because in cyberspace, the best defense is a good offense.
“While we cannot ignore vital cyber defense missions, we must take this fight to the enemy, just as we do in other aspects of conflict,” Gen. Paul Nakasone, the head of both the National Security Agency and the military’s Cyber Command wrote in a military journal [PDF] recently.
Nakasone said that when U.S. Cyber Command was set up, it was naturally assumed to be a defensive organization tasked with securing military and classified networks. But as high-profile foreign cyber-attacks on U.S. targets mounted after 2013 — including a suspected Iranian attack on a Las Vegas Casino and an attack on Sony Pictures attributed to North Korea — American officials realized they were doing it all wrong.
“We’ve learned that if we’re going to have an impact on an adversary, we have to persistently engage with that adversary, we have to understand that adversary, we have to be able to impose cumulative costs on that adversary, and we have to be able to understand where that adversary not is but also where he is going,” Nakasone said.
The result is what Nakasone called a “transformational moment” in how the U.S. conducts cyber operations, where now the U.S. had to constantly go on the offensive to “raise the cost that our adversaries incur from attacking the United States.”
“If we find ourselves defending inside our own networks, we have lost the initiative and the advantage,” he said.
Nakasone didn’t reveal exactly what America’s aggressive new strategy entails tactically, but he said it involves targeting the “infrastructure” of adversary cyber actors, hurting their ability to target American interests in the virtual world.
As for who the U.S. is targeting, Nakasone said that Russia and China were “near-peer” competitors that can “operate across the full spectrum of cyberspace operations.” The capabilities of Iran and North Korea also worried Nakasone, as do those of non-state actors like the terrorist organization ISIS.
“One of the things that we have going for us is that we have some pretty active adversaries,” he said. “Today peer and near-peer competitors operate continuously against us. These activities are not isolated hacks or incidents, but strategic campaigns… Continuous action in cyberspace for the strategic effect has become the norm, and thus the command requires a new strategic concept.”
Nakasone referenced an operation against ISIS, conducted by a group called Joint Task Force Ares, which he said was “focused on the defeat of [the terror group] in virtual space.” The Washington Post previously reported that the Ares project involved, in part, changing the passwords to ISIS’s social media accounts, cutting off a vital communications and propaganda tool for the group.
Nakasone also revealed that a partnership between U.S. Cyber Command and the NSA called the Russia Small Group helped secure the 2018 midterm elections against Russian interference. That effort reportedly included warning individual Russian operatives that they were being watched. (After the election, the U.S. intelligence community reported that while online influence campaigns were active, there was no hacking of the vote.)
But the battlefield is ever-changing, Nakasone said.
Whereas conventional weapons like tanks or missiles are effective for years or even decades before becoming obsolete, cyber tools have a shelf life of six months at the most.
“In the last couple of years, we have learned that capabilities rapidly change; accesses are tenuous; and tools, techniques, and tradecraft must evolve to keep pace with our adversaries,” he said.
And advantages in cyberspace are fleeting. Nakasone said that in coming years Cyber Command push for more authority, allowing it to operate as flexibly as military special operations units like SEAL Team 6.
“Unlike the nuclear realm, where our strategic advantage or power comes from possessing a capability or weapons system, in cyberspace it’s the use of cyber capabilities that is strategically consequential. The threat of using something in cyberspace is not as powerful as actually using it because that’s what our adversaries are doing to us,” he said.
This article was featured in the InsideHook newsletter. Sign up now.