US Must Project Cyber Warfare Capabilities to Deter Attacks

Uploaded on 2017-05-26 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The United States must demonstrate its cyber warfare capabilities to help deter sophisticated attacks from Russia and other adversaries while building strategies on a battlefield still misunderstood by commanders and senior officials, a panel of defense experts told lawmakers recently.

"Cyber operations are a legitimate means of projecting national power, especially when proportionately supplemented by kinetic force, and we should advertise them accordingly," retired US Navy Admiral James Stavridis, the former leader of European Command, told the Senate Armed Services Committee in prepared remarks.

Russia, North Korea, China and other nations launch sophisticated attacks against the United States, including attempts to destroy infrastructure and undermine credibility of elections in America and France, Stavridis said. And the United States is often sheepish to strike back in shows of force, he added.

"Unwillingness to operate offensively in cyber-space is driven less by a fear of retaliation and more by a fear of compromising our intelligence community's sensitive tradecraft," he said.

Retired Air Force General Michael Hayden, former director of the CIA, said there is still a lack of consensus in the United States and the international community about what kinds of attacks warrant a response, and outdated thinking still suggests cyber assaults require an in-kind digital response, when other measures, such as conventional military strikes or sanctions, might be more appropriate. "One way to recognise practice is to practice," Hayden said.

In response to Russian election interference for example, the United States could have disrupted bank accounts linked to Russian oligarchs and revealed the extent of President Vladimir Putin's finances and property, Stavridis said.
Recent protests have rocked Russia following allegations of embezzlement by Prime Minister Dmitry Medvedev, and overt jabs over the wealth of Russian leaders would undermine the government there, he said.

Crippling intelligence-gathering networks would also restrict Putin's ability to surveil his own people, Hayden said, at a crucial time when he seeks to squash dissent.

James Clapper, former director of national intelligence, stressed throughout the hearing about shortfalls within the government to anticipate the response of adversaries once cyber operations are launched. "We can't count on equal or symmetrical retaliation," he said.

Senator John McCain, the committee's chairman, opened his remarks for the hearing with a quip signaling his frustration with a lack of vision and cohesion in cyber operations in the military and intelligence communities.
"The committee meets today to receive testimony on cyber policy, strategy and organisation, of which there is very little," McCain said.

His remarks are an echo of a hearing held in early May, when McCain said: "Our nation remains woefully unprepared to address these threats."

The panel offered various reasons why the United States appears unprepared to strike and vulnerable to attack in the cyber domain, chief among them is a lack of coherent guidance and command that is spread throughout the military branches and intelligence agencies, which results in redundancies and overlap.

Clapper and other officials have urged the separation of the National Security Agency and Cyber Command, the so-called "dual hat" organization led by Navy Adm. Michael Rogers, that has become too big for one commander, Clapper said.
Those organisations have different missions, Cyber Command focuses on offensive and defensive strikes while NSA's main efforts are in spying and intelligence-gathering, Stavridis said. Elevating the cyber mission to full combatant command would crystalise doctrine and send a message to adversaries on the seriousness of the United States to execute missions, he said.

The experts and members of the committee voiced the need for President Donald Trump to provide guidance in cyber operations after he missed a self-imposed deadline to deliver a strategy within 90 days of his inauguration. Shortly after the hearing concluded, Trump signed an executive order "aimed at strengthening the federal government's cyber security and protecting the nation's critical infrastructure from cyber-attacks," Reuters reported.
McCain reiterated concerns recently voiced by service chiefs that a disparate focus and investment in cyber warriors in the military leaves talent untapped and later poached by the private sector. "I don't see a clear career path for cyber warriors," he said.

Stavridis said none of the 126 airmen who recently completed their first tour with the Pentagon's cyber mission force were retained for a second tour. The Defense Department launched the initiative last year to consolidate forces in order to defend its networks, support commanders and protect US infrastructure. It staffs 5,000 troops across 133 teams as of October, according to a Pentagon news release. All 126 of those airmen were reassigned to Air Force missions "with no cyber nexus whatsoever," Stavridis said in written testimony.

Recent attacks have converged across the public and private sectors, targeting US power companies and corporations such as Sony, for instance, which became a victim of North Korean hacking.

The blurring of lines could lead to a Coast Guard-like cyber operations entity in the future, Clapper and the other experts suggested, which would blend military and law enforcement capabilities with an arm that occasionally responds to attacks affecting private citizens and businesses.
"We're kind of on the beach at Kitty Hawk," Stavridis said. "We have some work ahead."

Military.com

You Might Also Read:

Intelligence In The Age of Cyber Warfare:

Germany May Go Offensive After Russian Cyber Attacks:

National Security Chief Talks About The UK’s Cyber Dangers:

The Limits Of Cyber Warfare:


 

« Attitudes To Facebook Are Changing
A Major Development in Deep-Learning »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

DOT Security

DOT Security

DOT Security provides advanced security services for businesses of all sizes.

Cyber Security Centre for the Isle of Man (CSC)

Cyber Security Centre for the Isle of Man (CSC)

The Cyber Security Centre for the Isle of Man is responsible for the delivery of the Isle of Man National Cyber Security Strategy.