WASHINGTON — The U.S. military’s top cyber official is defending the government’s shift toward a more aggressive strategy in cyberspace, saying the mission has evolved over the last decade to become more proactive and offensive in order to keep pace with sophisticated threats.
Gen. Paul Nakasone, the commander of U.S. Cyber Command and the director of the National Security Agency, writes in a piece published Tuesday in the magazine Foreign Affairs that the military’s cyber fighters have moved away from a “reactive, defensive posture” and are increasingly engaging in combat with foreign adversaries online.
“We learned that we cannot afford to wait for cyber attacks to affect our military networks. We learned that defending our military networks requires executing operations outside our military networks. The threat evolved, and we evolved to meet it,” wrote Nakasone in a piece co-authored with Michael Sulmeyer, his senior adviser.
As an example, Nakasone cited a mission from last October in which Cyber Command dispatched an elite team of experts to Montenegro to join forces with the tiny Balkan state, which was targeted by Russia-linked hackers. The “hunt forward” mission not only helped defend an ally but was also an opportunity for the U.S. to improve its own cyber defenses before the 2020 election, Nakasone wrote.
Cyber Command and NSA worked before the 2018 U.S. midterm election to protect against Russian meddling, he said, creating a task force that shared information about potential compromises and other threats, including how to counter trolls on social media.
“Thanks to these and other efforts, the United States disrupted a concerted effort to undermine the midterm elections. Together with its partners, Cyber Command is doing all of this and more for the 2020 elections,” Nakasone wrote.
The proactive strategy is a change from a decade ago when Cyber Command was first established in the wake of a punishing cyberattack on the Defense Department’s classified and unclassified networks. Cyber Command, created in 2010 to protect U.S. military networks, was initially more focused on “securing network perimeters,” but officials recognized that was not enough, Nakasone wrote.
In recent years, Cyber Command has gone on the offensive, as 68 cyber protection teams “proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified,” Nakasone wrote.
It’s also doing more to combat adversaries on an ongoing basis and to broadly share information about malicious software it uncovers to render the malware a less effective threat.
“Some have speculated that competing with adversaries in cyberspace will increase the risk of escalation — from hacking to all-out war. The thinking goes that by competing more proactively in cyberspace, the risk of miscalculation, error, or accident increases and could escalate to a crisis,” Nakasone wrote.
He said that while Cyber Command takes those concerns seriously, “We are confident that this more proactive approach enables Cyber Command to conduct operations that impose costs while responsibly managing escalation. In addition, inaction poses its own risks: that Chinese espionage, Russian intimidation, Iranian coercion, North Korean burglary, and terrorist propaganda will continue unabated.”