Behind The White House’s Plan To Be More Aggressive In Cyberspace

For nearly a year, White House leaders had debated the rules for how America should operate in cyberspace. After brazen hacks by the Chinese and Russian governments that targeted millions of Americans and the 2016 presidential election respectively, senior officials believed they needed to stop the raid on American bits and bytes.

Administration leaders broadly fell into two camps. The first blamed Obama-era rules to operate in cyberspace as too timid and the reason America did not have digital options to deter North Korea’s nuclear program. 

Unleashing viruses that could upend North Korea’s rockets would require a wide swath of consensus across US government agencies, which all but stifled many hacking plans.

Other officials, such as then Homeland Security adviser Tom Bossert, disagreed, and over a period of months argued that while the procedures needed to change, loosening the rules of engagement too liberally and without caution would be dangerous.

A Decision Loomed

While the North Korean debate did not lead to immediate policy changes, it was one of several events that helped push the Trump administration toward a new cybersecurity strategy, according to four current and former White House and intelligence officials who were in the room or briefed on the situation. 

When the White House announced the new policy in September, national security adviser John Bolton was blunt: “We’re going to do a lot of things offensively, and I think our adversaries need to know that.”

America enters the Cyber Age

In the early 2010s, Russia was known inside the US intelligence community for its clandestine cyber operations. If White House administrators or National Security Agency analysts spotted Moscow’s cyber-warriors probing American networks before 2014, the Kremlin spies would often suddenly disappear.

“The Russians were known for being stealthy and highly targeted. If you saw them on the network, they would vanish like ghosts and go quiet,” Michael Daniel, the top cybersecurity official at the Obama administration, told Fifth Domain.

One of the first digital disinformation operations against the United States targeted diplomats. Digital sleuths from the Kremlin listened in on a phone call between Victoria Nuland, then the top US American diplomat to Europe, and Geoffrey Pyatt, the US ambassador to Ukraine, according to the State Department. 

Nuland and Pyatt discussed how to support a new government in Ukraine. Nuland believed the Europeans were being too timid and made her position clear in colorful language.

The phone call was being secretly recorded and was posted to YouTube days later.

"It wasn’t their first use of cyber and aggressive tactics, including manipulating emails and leaking things,” said Nuland, who is now head of the Center for a New American Security. “What was new is their targeting of Americans and the United States in a way where their hand was not masked. Obviously, they denied it, but it was transparent what was going on.

Russian hackers breached the White House’s networks and swiped President Obama’s email correspondence in 2014,according to the New York Times. Two days before Christmas in 2015, Russian hackers allegedly used spear-phishing emails and malicious code embedded in Microsoft Word documents to launch the first publicly acknowledged cyberattack in the world to cause power outages against Ukraine.

But the Russian government was not the only country developing a playbook for hacking. China was revving up a campaign to infiltrate the US government as well.

In April 2015, US officials say that China hacked records of 22 million government officials that were stored by the Office of Personnel Management. That included copies of all US government security clearances. 

Election Meddling

It took less than a year for another historic breach.

In a cream-colored building with roman arches near the meandering Moscow River, Russian intelligence officials sent a spear-phishing email to Tony Podesta, the campaign chairman for Hillary Clinton on March 19, 2016. The hackers disguised the email as a Google security notification and tricked Podesta into changing his password. 

An accompanying link was a disguised Russian intelligence agency website, and the Kremlin spies soon swiped a trove of emails. Russian officials then passed the emails to WikiLeaks, according to a July 13 indictment from Special Counsel Robert Mueller.

“The Russians were over time perfecting their ability to target social media to specific political objective in their own country, in Ukraine, and across Europe before 2016,” Nuland said during 2018 Senate testimony,

But to leaders inside the US government, Russia’s role was not immediately clear. Former US officials said the assessment of Moscow’s responsibility solidified around June after Americans analyzed the activity of Guccifer 2.0, who claimed to be a digital vigilante but was actually a group of Russian spies, according to the Mueller indictment.

It was then that Russian hackers allegedly broke into the Illinois state election network and stole voter registration information of up to 200,000 people. While the hack remained secret for weeks, it set off alarms within the White House and intelligence agencies, two former US officials said.

Trump in Charge

From the onset of the Trump administration, former and current White House and Pentagon officials were set on changing how the America operated in cyberspace. With information about Russia’s hacking and disinformation becoming clearer by the day, their discussion took a new sense of urgency.

Government officials recalled the shock of the incoming Trump team when they learned how conservative the military was when it came to hacking. “The incoming Trump administration had this assumption that the US was some big gorilla in cyberspace and was actively hacking everyone. There was a little bit of surprise that US policy was very conservative,” a former White House official told Fifth Domain.

The Obama-era rules that governed American cyber operations were called Presidential Policy Directive 20 and said that cyber operations likely to result in “significant consequences” needed presidential approval. Hacking operations also needed to have near unanimous consent between US government agencies.

For some, an inflection point came as the White House considered options to deter North Korea’s nuclear capability. The lines of code honed inside NSA labs to monitor, stop or alter Pyongyang’s nuclear and military capably would likely have to travel through China, which supplies nearly all North Korea’s internet. 

During previous debates, officials feared China might mistakenly believe the Americans were hacking them instead of North Korea. The scenario was deemed too risky by some because it could have unforeseen consequences. 

Advocates for the more aggressive approach in cyberspace argued that the Obama-era rules for cyberspace effectively blocked America from embedding and prepositioning this malware inside of North Korea’s systems. As a result, America was empty-handed when it came to hacking options, according to this line of thinking.

And by some accounts there was also evidence that America already had effective hacking programs to deter North Korea’s nuclear ambitions.

According to Bob Woodward’s book “Fear,” during the Obama administration, the United States was able to infect the North Korean government’s missile telemetry with malware that caused errors in their launch sequence. 

Two former intelligence officials said that North Korea offers limited cyber options because a majority of the country does not have internet access. And by cutting off North Korea’s Internet, US officials feared they could also lose intelligence capabilities.

Both the Pentagon and the NSA declined to comment and respond to questions.

Publicly, support for more offensive cyber operations came in the form of congressional testimony from Adm. Michael Rogers, the head of the NSA, and the incoming commander, Gen. Paul Nakasone.

“President Putin has clearly come to the conclusion there is little price to pay here … and that therefore I can continue this activity,” Rogers told Congress in February 2018.

‘Our hands are not tied’

After Trump’s national security adviser H.R. McMaster left the White House in March 2018, Trump replaced him with John Bolton. Days later, Bossert was pushed out of the White House, along with the White House cybersecurity coordinator Rob Joyce.

At the time, a senior Pentagon cyber official described the administration's cyber policy as "a potential catastrophe.” The official explained how critical cyber issues were not being coordinated and briefings were either being missed or not even taking place.

That summer, the White House finalised its strategy to overhaul the Obama rules from cyberspace. Mattis was given the ability to conduct cyber operations without authority from the president except if it could interfere with the “national interest” of the United States. After Trump rescinded the Obama-era rules Aug. 15, Bolton described the changes in drastic terms.

“Our hands are not tied as they were in the Obama administration,” Bolton said. “Our presidential directive effectively reversed those restraints, enabling offensive cyber operations through the relevant departments.”

Still, some current and former US officials caution that greater authority in cyberspace might not actually deter hacking from foreign nations in some situations.

And there are questions about if the new cyber authorities will have any effect at all on offensive operations. Some experts argue that the officials making a decision about whether to hack another country are more important than the process they use.

“What the Russians did is a little bit like 9/11,” Michael Hayden, the former director of the CIA and the NSA under the Bush administration, told Fifth Domain. “It was an attack from an unexpected direction against a previously unappreciated target.”

Hayden believes that America has encountered a new threat, and like the September 11th attacks, the US government needs a dedicated effort to respond to Russia’s hacking. 

“President Bush did that. A lot of it was controversial, but you can’t argue it wasn’t extraordinary. President Trump has never called on us to go extraordinary. Everyone is doing their best, but they are playing traditional positions.”

Fifth Domain:

You Might Also Read:

White House To Step Up Cyber Counter-Offensive

US Senator Calls For New Cyber Doctrine

« 10 Cyber Security Trends To Look Out For In 2019
The NSA Is Spying On You Now »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

Highen Fintech

Highen Fintech

Highen is a blockchain software development company with offices in the United States and development centers in India.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.

Stern Cybersecurity

Stern Cybersecurity

Stern Cybersecurity offers a robust defense against the ever-evolving landscape of digital threats.