Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict
Pentagon Puts Cyberwarriors on the Offensive, Increasing
the Risk of Conflict
By David E. Sanger, New York Times Posted 8:28 p.m. June
16, 2018
WASHINGTON — The Pentagon has quietly empowered the
United States Cyber Command to take a far more aggressive approach to defending
the nation against cyberattacks, a shift in strategy that could increase the
risk of conflict with the foreign states that sponsor malicious hacking groups.
Until now, the Cyber Command has assumed a largely
defensive posture, trying to counter attackers as they enter American networks.
In the relatively few instances when it has gone on the offensive, particularly
in trying to disrupt the online activities of the Islamic State and its
recruiters in the past several years, the results have been mixed at best.
But in the spring, as the Pentagon elevated the command’s
status, it opened the door to nearly daily raids on foreign networks, seeking
to disable cyberweapons before they can be unleashed, according to strategy
documents and military and intelligence officials.
The change in approach was not formally debated inside
the White House before it was issued, according to current and former
administration officials. But it reflects the greater authority given to
military commanders by President Donald Trump, as well as a widespread view
that the United States has mounted an inadequate defense against the rising
number of attacks aimed at America.
It is unclear how carefully the administration has weighed
the various risks involved if the plan is acted on in classified operations.
Adversaries like Russia, China and North Korea, all nuclear-armed states, have
been behind major cyberattacks, and the United States has struggled with the
question of how to avoid an unforeseen escalation as it wields its growing
cyberarsenal.
Another complicating factor is that taking action against
an adversary often requires surreptitiously operating in the networks of an
ally, like Germany — a problem that often gave the Obama administration pause.
The new strategy envisions constant, disruptive “short of
war” activities in foreign computer networks. It is born, officials said, of
more than a decade of counterterrorism operations, where the United States
learned that the best way to take on al-Qaida or the Islamic State was by
destroying the militants inside their bases or their living rooms.
The objective, according to the new “vision statement”
quietly issued by the command, is to “contest dangerous adversary activity
before it impairs our national power.”
Pushing U.S. defenses “as close as possible to the origin
of adversary activity extends our reach to expose adversaries’ weaknesses,
learn their intentions and capabilities, and counter attacks close to their
origins,” the document says. “Continuous engagement imposes tactical friction
and strategic costs on our adversaries, compelling them to shift resources to
defense and reduce attacks.”
Another Pentagon document, dated May 2017, provides a
legal basis for attacking nuclear missiles on the launchpad using “nonkinetic
options” — meaning a cyberattack or some other means that does not involve
bombing a missile on the pad or otherwise blowing it up.
The policy was issued two months after The New York Times
revealed that the Obama administration had developed an extensive “left of
launch” capability to attack North Korea’s missiles using cyber and electronic
warfare, though it was unclear how well the strategy was working. The new
Pentagon legal strategy was first reported by The Daily Beast.
As the Defense Department elevated the Cyber Command to a
status equal to the Indo-Pacific Command, the European Command, the Space
Command and the Joint Special Operations Command, among others, it declared
that most of its 133 “cyber mission teams” were combat-ready after years of
development.
But most of those teams protect Defense Department
networks. Offensive cyberaction by the United States has been relatively rare,
a reflection of the time it takes to mount operations and the fact that only
the president can approve any use of a cyberweapon that is likely to have
significant effects. Those operations have included disabling another nation’s
nuclear facilities or its missiles, as the United States has attempted in Iran
and North Korea, or disrupting the communications of groups like the Islamic
State.
The president’s sole authority to authorize the use of
those weapons is similar to his authority to launch nuclear weapons, a
recognition that cyberweapons, even if less powerful than nuclear arms, can
have broad, unintended effects.
Under the Trump administration, the traditional structure
of White House oversight of U.S. offensive and defensive cyberactivities is
being dismantled. Days after taking office in April, the new national security
adviser, John R. Bolton, forced out the homeland security adviser, Thomas P.
Bossert, in part because of his discomfort that Bossert had direct access to
the president. Bolton then eliminated the position of White House
cybercoordinator, who had overseen the complex mix of cyberactivities run by
the U.S. government.
The last person who held the job, Rob Joyce, had
previously run the Tailored Access Operations unit of the National Security
Agency — the covert “special forces” of America’s cyberoperations, which has
mounted attacks on critical foreign targets, from Iran’s nuclear facilities to
North Korean missile testing sites. Joyce returned to the NSA.
U.S. intelligence agencies have identified cyberthreats
as the No. 1 risk facing the United States — it has ranked ahead of terrorism
for years now in the annual assessment provided to Congress, even before the
Russian intrusion into the election. But the White House declared that it did
not need a separate cybercoordinator because the issues are included in many
other programs. A young National Security Council staff member, with scant
experience in the topic, now oversees offensive cyberissues.
The U.S. Cyber Command was created partly in response to
a Russian hacking attack that long predated the 2016 election. In the fall of
2008, Russian intelligence agencies penetrated SIPRNet, the Pentagon’s secret
internal network; that led to a rush to consolidate several cyberprograms into
a command. The Chinese, meanwhile, were stealing weapons designs, including
blueprints for the F-35, America’s most expensive fighter jet.
Cyber Command is placed at Fort Meade, Maryland, home of
the National Security Agency, but it has been criticized for being far too
dependent on the NSA’s hacking skills.
A decade later, it is under new command, led by Gen. Paul
Nakasone. He was a junior officer in the command’s early days and was deeply
involved in one of its first big classified projects, “Nitro Zeus”: the plan to
use cybertools, among other things, to take down Iran’s air defenses, its communications
systems and its power grid if a conflict broke out. To prepare for that day, if
it ever happened, the United States tunneled deep inside Iran’s grids, and even
Revolutionary Guards Corps command-and-control systems. It was a huge mission,
involving hundreds of troops and civilians.
The program was never activated; the 2015 Iran nuclear
agreement avoided conflict. But now that Trump has announced that he is
abandoning the accord, many of those plans are being dusted off, according to
several officials.
Nakasone, in his confirmation hearings in March, made
clear that a more aggressive approach to opponents in cyberspace would be
needed, though he gave few details. “By conducting operations to frustrate and
counter adversary cyberactivities to decrease will, increase cost and deny
benefits,” he said, the United States could begin to deliver more decisive
blows with its attacks.
The same month, Gen. John E. Hyten, head of Strategic
Command, said in testimony that if the United States was going to defend itself
in cyberspace, it needed clear rules of day-to-day engagement.
“Cyberspace needs to be looked at as a warfighting
domain,” he said, “and if somebody threatens us in cyberspace, we need to have
the authorities to respond.” His statement seemed to reflect a view that the
current legal authority is too slow.
There is little debate inside the government’s sprawling
community of cyberwarriors and defenders that the United States needs to step
up its game: It did not see the Russian hack of the 2016 election coming, or
North Korea’s “WannaCry” attack last year, which crippled the National Health
Service in Britain and rippled around the world, partly driven by stolen U.S.
cyberweapons.
But the risks of escalation — of U.S. action in foreign
networks leading to retaliatory strikes against U.S. banks, dams, financial
markets or communications networks — are considerable, according to current and
former officials. Trump has shown only a cursory interest in the subject,
former aides say, not surprising for a man who does not use a computer and came
of age as a business executive in a predigital era. Efforts to rewrite the main
document governing the presidential authorities in the cyberarena —
Presidential Policy Directive 20, signed by Barack Obama — have faltered in the
chaos of Bolton’s decision to oust the key players.
“It is essentially a ‘forward defense’ approach,” Jason
Healey, who runs the cyber initiative at Columbia University in New York, said
recently. “Clearly, what we have been doing so far isn’t working. But you want
to think through the consequences carefully.”
The chief risk is that the internet becomes a
battleground of all-against-all, as nations not only place “implants” in the
networks of their adversaries — something the United States, China, Russia,
Iran and North Korea have done with varying levels of sophistication — but also
begin to engage in daily attack and counterattack.
Copyright 2018 New York Times News Service. All rights
reserved.
Comments
Post a Comment