US Must Project Cyber Warfare Capabilities to Deter Attacks

The United States must demonstrate its cyber warfare capabilities to help deter sophisticated attacks from Russia and other adversaries while building strategies on a battlefield still misunderstood by commanders and senior officials, a panel of defense experts told lawmakers recently.

"Cyber operations are a legitimate means of projecting national power, especially when proportionately supplemented by kinetic force, and we should advertise them accordingly," retired US Navy Admiral James Stavridis, the former leader of European Command, told the Senate Armed Services Committee in prepared remarks.

Russia, North Korea, China and other nations launch sophisticated attacks against the United States, including attempts to destroy infrastructure and undermine credibility of elections in America and France, Stavridis said. And the United States is often sheepish to strike back in shows of force, he added.

"Unwillingness to operate offensively in cyber-space is driven less by a fear of retaliation and more by a fear of compromising our intelligence community's sensitive tradecraft," he said.

Retired Air Force General Michael Hayden, former director of the CIA, said there is still a lack of consensus in the United States and the international community about what kinds of attacks warrant a response, and outdated thinking still suggests cyber assaults require an in-kind digital response, when other measures, such as conventional military strikes or sanctions, might be more appropriate. "One way to recognise practice is to practice," Hayden said.

In response to Russian election interference for example, the United States could have disrupted bank accounts linked to Russian oligarchs and revealed the extent of President Vladimir Putin's finances and property, Stavridis said.
Recent protests have rocked Russia following allegations of embezzlement by Prime Minister Dmitry Medvedev, and overt jabs over the wealth of Russian leaders would undermine the government there, he said.

Crippling intelligence-gathering networks would also restrict Putin's ability to surveil his own people, Hayden said, at a crucial time when he seeks to squash dissent.

James Clapper, former director of national intelligence, stressed throughout the hearing about shortfalls within the government to anticipate the response of adversaries once cyber operations are launched. "We can't count on equal or symmetrical retaliation," he said.

Senator John McCain, the committee's chairman, opened his remarks for the hearing with a quip signaling his frustration with a lack of vision and cohesion in cyber operations in the military and intelligence communities.
"The committee meets today to receive testimony on cyber policy, strategy and organisation, of which there is very little," McCain said.

His remarks are an echo of a hearing held in early May, when McCain said: "Our nation remains woefully unprepared to address these threats."

The panel offered various reasons why the United States appears unprepared to strike and vulnerable to attack in the cyber domain, chief among them is a lack of coherent guidance and command that is spread throughout the military branches and intelligence agencies, which results in redundancies and overlap.

Clapper and other officials have urged the separation of the National Security Agency and Cyber Command, the so-called "dual hat" organization led by Navy Adm. Michael Rogers, that has become too big for one commander, Clapper said.
Those organisations have different missions, Cyber Command focuses on offensive and defensive strikes while NSA's main efforts are in spying and intelligence-gathering, Stavridis said. Elevating the cyber mission to full combatant command would crystalise doctrine and send a message to adversaries on the seriousness of the United States to execute missions, he said.

The experts and members of the committee voiced the need for President Donald Trump to provide guidance in cyber operations after he missed a self-imposed deadline to deliver a strategy within 90 days of his inauguration. Shortly after the hearing concluded, Trump signed an executive order "aimed at strengthening the federal government's cyber security and protecting the nation's critical infrastructure from cyber-attacks," Reuters reported.
McCain reiterated concerns recently voiced by service chiefs that a disparate focus and investment in cyber warriors in the military leaves talent untapped and later poached by the private sector. "I don't see a clear career path for cyber warriors," he said.

Stavridis said none of the 126 airmen who recently completed their first tour with the Pentagon's cyber mission force were retained for a second tour. The Defense Department launched the initiative last year to consolidate forces in order to defend its networks, support commanders and protect US infrastructure. It staffs 5,000 troops across 133 teams as of October, according to a Pentagon news release. All 126 of those airmen were reassigned to Air Force missions "with no cyber nexus whatsoever," Stavridis said in written testimony.

Recent attacks have converged across the public and private sectors, targeting US power companies and corporations such as Sony, for instance, which became a victim of North Korean hacking.

The blurring of lines could lead to a Coast Guard-like cyber operations entity in the future, Clapper and the other experts suggested, which would blend military and law enforcement capabilities with an arm that occasionally responds to attacks affecting private citizens and businesses.
"We're kind of on the beach at Kitty Hawk," Stavridis said. "We have some work ahead."

Military.com

You Might Also Read:

Intelligence In The Age of Cyber Warfare:

Germany May Go Offensive After Russian Cyber Attacks:

National Security Chief Talks About The UK’s Cyber Dangers:

The Limits Of Cyber Warfare:


 

« Attitudes To Facebook Are Changing
A Major Development in Deep-Learning »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Niksun

Niksun

Niksun's forensics-based cyber security and network performance monitoring products provide customers with actionable insight into security threats, performance issues, and compliance risks.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

xMatters

xMatters

xMatters is a digital service availability platform that helps enterprises prevent, manage, and resolve IT incidents before they can become business problems.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.