Analysis & Opinions - The New York Times

Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict

| June 17, 2018

The Pentagon has quietly empowered the United States Cyber Command to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that could increase the risk of conflict with the foreign states that sponsor malicious hacking groups.

Until now, the Cyber Command has assumed a largely defensive posture, trying to counter attackers as they enter American networks. In the relatively few instances when it has gone on the offensive, particularly in trying to disrupt the online activities of the Islamic State and its recruiters in the past several years, the results have been mixed at best.

But in the spring, as the Pentagon elevated the command’s status, it opened the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed, according to strategy documents and military and intelligence officials.

The change in approach was not formally debated inside the White House before it was issued, according to current and former administration officials. But it reflects the greater authority given to military commanders by President Trump, as well as a widespread view that the United States has mounted an inadequate defense against the rising number of attacks aimed at America.

It is unclear how carefully the administration has weighed the various risks involved if the plan is acted on in classified operations. Adversaries like Russia, China and North Korea, all nuclear-armed states, have been behind major cyberattacks, and the United States has struggled with the question of how to avoid an unforeseen escalation as it wields its growing cyberarsenal.

Another complicating factor is that taking action against an adversary often requires surreptitiously operating in the networks of an ally, like Germany — a problem that often gave the Obama administration pause.

The new strategy envisions constant, disruptive “short of war” activities in foreign computer networks. It is born, officials said, of more than a decade of counterterrorism operations, where the United States learned that the best way to take on Al Qaeda or the Islamic State was by destroying the militants inside their bases or their living rooms.

The objective, according to the new “vision statement” quietly issued by the command, is to “contest dangerous adversary activity before it impairs our national power.”

Pushing American defenses “as close as possible to the origin of adversary activity extends our reach to expose adversaries’ weaknesses, learn their intentions and capabilities, and counter attacks close to their origins,” the document says. “Continuous engagement imposes tactical friction and strategic costs on our adversaries, compelling them to shift resources to defense and reduce attacks.”

Another Pentagon document, dated May 2017, provides a legal basis for attacking nuclear missiles on the launchpad using “nonkinetic options” — meaning a cyberattack or some other means that does not involve bombing a missile on the pad or otherwise blowing it up.

The policy was issued two months after The New York Times revealedthat the Obama administration had developed an extensive “left of launch” capability to attack North Korea’s missiles using cyber and electronic warfare, though it was unclear how well the strategy was working. The new Pentagon legal strategy was first reported by The Daily Beast.

As the Defense Department elevated the Cyber Command to a status equal to the Indo-Pacific Command, the European Command, the Space Command and the Joint Special Operations Command, among others, it declared that most of its 133 “cyber mission teams” were combat-ready after years of development.

But most of those teams protect Defense Department networks. Offensive cyberaction by the United States has been relatively rare, a reflection of the time it takes to mount operations and the fact that only the president can approve any use of a cyberweapon that is likely to have significant effects. Those operations have included disabling another nation’s nuclear facilities or its missiles, as the United States has attempted in Iran and North Korea, or disrupting the communications of groups like the Islamic State.

The president’s sole authority to authorize the use of those weapons is similar to his authority to launch nuclear weapons, a recognition that cyberweapons, even if less powerful than nuclear arms, can have broad, unintended effects.

Under the Trump administration, the traditional structure of White House oversight of American offensive and defensive cyberactivities is being dismantled. Days after taking office in April, the new national security adviser, John R. Bolton, forced out the homeland security adviser, Thomas P. Bossert, in part because of his discomfort that Mr. Bossert had direct access to the president.

Mr. Bolton then eliminated the position of White House cybercoordinator, who had overseen the complex mix of cyberactivities run by the American government.

For more information on this publication: Belfer Communications Office
For Academic Citation: Sanger, David.“Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict.” The New York Times, June 17, 2018.

The Author