U.S. Sen. Ben Sasse, R-Neb., has asserted that Americans are right to have little confidence in the government’s current cyberwar strategy, which he believes is essentially toothless, according to a story in a regional American newspaper.
He wrote that at present, American adversaries do not have any fear of repercussion when launching cyberattacks on U.S. businesses and infrastructure — an assessment that was also shared recently by President Trump’s pick to head the National Security Agency and U.S. Cyber Command.
“Right now they do not think that much will happen to them,” Army Lt. Gen. Paul Nakasone testified before the Senate Armed Services Committee.
Sasse seized on Nakasone’s comments, calling his overall assessment of U.S. cyber-response “the most important thing that will happen on Capitol Hill today.”
“We’re four years into regular attacks against the United States to which we publicly admit we don’t respond, or we don’t respond in any way that’s sufficient to change behavior,” Sasse said.
The senator said the U.S., as the world’s most powerful country with 90 percent of its critical infrastructure in the private sector, can no longer afford to only seek to defend against cyber assaults.
“So we stand to absorb attack after attack after attack, unless we add offensive cyber capabilities,” Sasse said.
Nakasone’s predecessor at NSA and CYBERCOM, Adm. Mike Rogers, gave a similar assessment, adding that he had not been ordered to go after Russian cyberthreats where they originate.
Sasse said he was “a big fan” of Nakasone, but was nonetheless critical of the government’s non-responses to cyber incursions.
“Why should the American people have any confidence in their government right now in the area of cyberwar?” Sasse said. [source]
Analysis: Again, cyber continues to be on the minds of many — in industry, in government, in the intelligence community, and in the Pentagon. But if the assessment that the U.S. is essentially refusing to respond to such attacks — if that indeed is official policy and not just political posturing by a politician — then for sure we are inviting more attacks.
The hearing last week was not the first forum in which lawmakers complained about a lack of cyberwar strategy from the Trump administration. Last fall, a frustrated Sen. John McCain, chairman of the Senate Armed Services Committee, threatened to subpoena the Trump White House’s national security official responsible for coordinating cybersecurity policy across the federal government over the lack of a comprehensive policy. [source]
Is the frustration justified? It’s difficult to say because so often, in public, much of what passes for discussion and debate in D.C. is nothing more than political posturing. American lawmakers on both sides of the aisle often have trouble framing issues without using healthy amounts of hyperbole.
Of course, the cyber-issue is a serious one but that’s not to say that we’re ‘inviting’ a much larger attack. The Pentagon announced during the Obama administration that it had adopted a policy that a major cyber attack would be treated as an act of war drawing an appropriate response involving the full weight of the Pentagon’s considerable resources. Now, some are saying that Russia’s attempts to interfere electronically in our 2016 election amounted to a “cyber-911,” but given the low-level of resources dedicated to the electronic effort [source], it’s hard to take someone who says that seriously. People who do always seem to be the same ones with a “get Trump” mentality.
Bottom line: Cyber threats are real and in some cases — North Korea comes to mind — it isn’t possible to respond in kind if Pyongyang were to destroy large sections of our power grid, for example, because there is considerably less power generation in North Korea to begin with. That said, the U.S. maintains significant resources to respond to such attacks, so the question becomes what’s the appropriate level of response to the level of daily cyber activity Sasse and others say is occurring?