WASHINGTON -- After years of ceaseless attacks from state-sponsored hackers, the US is toughening its stance in the cyber fight against Russia, China and other nations.
Critics have long charged that America’s response has fallen woefully short as adversaries targeted US national security networks, government agencies and voting systems.
But under a series of new measures, US officials are touting a more muscular approach — including a greater willingness to launch offensive cyber operations.
President Donald Trump recently revoked his predecessor Barack Obama’s rules requiring high-level authority for big military cyber operations, and National Security Advisor John Bolton warned that any country conducting cyber attacks could face an offensive response.
Then on Thursday, Defense Secretary Jim Mattis said the US is making its cyber capabilities available to NATO, warning Moscow it must “pay the piper” after the Netherlands revealed an alleged plot by Russia’s GRU military intelligence agency to hack the Organisation for the Prohibition of Chemical Weapons.
Coincidentally, the US on Thursday indicted seven GRU agents as part of a joint crackdown with Western allies on a series of major hacking plots attributed to Moscow.
Mattis said an international response to hacking attacks would not necessarily be a tit-for-tat cyber offensive, but told Moscow it would “have to be held to account.”
RAND Corporation intel and cyber expert Cortney Weinbaum told AFP that in today’s modern threat environment, kinetic weapons alone are no longer sufficient.
She said she interpreted Mattis’s comments “as meaning that the US will offer all of our warfare capabilities, which now include cyber, to defend the NATO alliance members.”
“This pledge will hopefully have a deterrent effect to prevent such a scenario from occurring,” she added.
Other experts also approved of the move.
“NATO needs to ensure it has the requisite tools, capabilities and strategies in place to match the current threat environment,” Frank Cilluffo, who directs the McCrary Insitute for Cyber & Critical Infrastructure at Auburn University, told AFP.
Still, the Pentagon is playing catch up as it bolsters its capabilities, having for years under invested in talent that all too often is swiped up by the well-paying private sector.
“A great deal of the department’s cyber readiness issues revolve around the shortage of skilled cyber-capable personnel,” Senator Mike Rounds, who heads a Senate cybersecurity subcommittee, said last week.
“The current recruitment, pay, retention, and career pathway structures in place are not equipped to manage this problem.”
Last month, the Pentagon released a revamped cyber strategy that states it will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict.
The report blasted Russia and China for what it called their continued interference.
“We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict,” the strategy states.
According to a report in Bloomberg News on Thursday, tiny chips inserted in US computer equipment manufactured in China were used as part of a vast effort by Beijing to steal US technology secrets.
The chips, the size of a grain of rice, were reportedly used on equipment made for Amazon, which first alerted US authorities, as well as Apple and possibly for other companies and government agencies including the military.
The US has not said much about the types offensive cyber operations it has pulled off in the past, though it has acknowledged attacking Islamic State group networks.
But “if you look at what the Russians are doing, figure that we can probably do that stuff too — whether we would is another question,” said cyber expert Martin Libicki, a professor at the US Naval Academy.
“US operational security is pretty good. We may well be doing things that others have not discovered,” he told AFP.