In his first public comments since assuming the head of U.S. Cyber Command, Gen. Paul Nakasone said the Department of Defense is taking a more aggressive approach to protect the nation’s data and networks and aims to stay ahead of malicious cyber and information-related activity.
The command’s new vision, called “Achieve and Maintain Cyberspace Superiority," published in April, describes the notion of “continuous engagement” and “defending forward” to understand adversary weaknesses and impose “tactical friction and strategic costs.”
“Through persistent action and competing more effectively below the level of armed conflict, we can influence the calculations of our adversaries, deter aggression, and clarify the distinction between acceptable and unacceptable behavior in cyberspace,” the document reads.
Nakasone speaking July 21 at the Aspen Security Forum, said adversaries have long worked below the threshold of war to steal intellectual property, personally identifiable information and undermine societal discourse. While individually, these activities don’t appear sensational, taken in aggregate, Nakasone said, they have grave national economic and security implications.
Many academics have criticized the U.S. response to Russian election interference and noted that the United States tends to view conflicts through the binary lens of war or peace while competitors such as Russia see themselves constantly engaged in a state of war.
From the U.S. perspective, many cyber acts are considered beneath the threshold of war, denoting a lesser response. But Nakasone said the philosophy of continuous engagement is more in line with the new National Defense Strategy, one that suggests the return of great power competition with nations such as Russia and China.
In practice, Nakasone articulated a more aggressive approach, one that involves entering an adversary’s network to learn what they are doing as a means of improving defenses.
The philosophy is “this idea that we want to have our forces to be able to enable our defensive capabilities and to act forward,” Nakasone said. “Act outside of the boundaries of the United States to understand what our adversaries are doing and be able to engage those adversaries and obviously [be] able to better protect our networks, our data and our weapon systems.
Such action, penetrating a network or sovereign territory, has not typically been an action a military organization has taken outside an engaged hostility with an organization or nation vice a covert action finding.
Nakasone’s predecessor told Congress that the command was mulling over cyber operations in nations where the United States is not actively involved in a conflict.
The head of U.S. Cyber Command said the government is currently working through how to use cyber capabilities in areas where U.S. forces are not engaged in active combat.
Then Adm. Michael Rogers, explained he is comfortable with his authorities to use offensive cyber tactics in Iraq, Syria and Afghanistan, however, he added that they need more speed and agility in employing these capabilities “outside the designated areas of hostility.”