U.S. efforts to head off cyber events and impose consequences on adversaries has worked, at least in the short-term, the head of U.S. Cyber Command told Congress Jan. 29. However, it is unclear if that success will change the way enemies act in the long run.
Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the National Security Agency, pointed to the relatively quiet midterm elections as a success story for the government in deterring foreign influence, which officials said was targeted by foreign entities.
“We have been able to show effectiveness against, primarily, in this case the Russians, as we take a look at our mid-term elections,” he told the Senate Intelligence Committee Jan. 29. “Whether or not that spawns long term behavior change, I think that’s still to be determined.”
Nakasone appeared before the committee in his role as director of the NSA.
During questioning, Sen. Ben Sasse, R-Neb., referred to Nakasone’s confirmation hearing in March 2018 before the Senate Armed Services Committee when he asked if the Russians or the Chinese should worry about a U.S. response as a result of their hostile cyber activity toward the United States.
Nakasone, at the time, noted that adversaries did not fear the United States, had not seen a response and had not changed their behavior. In fact, at the time, Cyber Command leaders had noticed they needed to alter their approach in cyberspace given the brazenness of adversaries and the change in the cyber landscape.
“In order to improve security and stability, we need a new approach,” the organization’s command vision, published in April 2018 but drafted several months earlier, read. “The cyberspace domain that existed at the creation of U.S. Cyber Command (USCYBERCOM) has changed. Our adversaries have exploited the velocity and volume of data and events in cyberspace to make the domain more hostile. They have raised the stakes for our nation and allies.”
Since then, Cyber Command has adopted a new approach its leaders call “persistent engagement” and “defending forward.”
Persistent engagement follows the idea that it is necessary to have constant contact with adversaries in cyberspace, and to do so often in ways that are below the threshold of war. Defending forward, meanwhile, appears to be the notion of offense for defensive purposes. Think of fighting the cyber battle on someone else’s turf as opposed to fighting it at home. Tactically, this means gaining access to adversary networks or infrastructure to get insights into what they might be planning.
These new paradigm shifts combined with new authorities provided by the executive branch and Congress have made a difference, officials have said.
“Over the last six months we’ve been given sufficient authorities that allow us to implement the approach of defending forward,” Lt. Gen. Vincent Stewart, deputy commander of Cyber Command, said during a speech in Washington Nov. 14. “We can no longer have policy that runs all the way to the very senior levels of our organizations before we can take action. We need the flexibility to act as we see emerging threats and opportunities in this space.”
The New York Times reported in October that Cyber Command had individually targeted Russian cyber operators ahead of the 2018 midterm elections to deter them from spreading misinformation a la the 2016 presidential election.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.