America's Adversaries Are Weaponizing Information, NSA Director Warns

U.S. needs a whole-of-government effort to counter foreign influence and cyber attacks

Paul Nakasone
Paul Nakasone / Getty Images
July 26, 2018

Foreign adversaries have stepped up the use of information warfare to control populations since 2011 and the operations are one of the new threats in the digital age, according to the director of the National Security Agency.

Army Gen. Paul Nakasone, who heads both NSA and Cyber Command, said in remarks last week that both the military and the nation as a whole are taking steps to counter foreign information warfare and to use information operations against adversaries.

The Arab Spring uprisings that began in April 2011 were fueled by social media and the internet and led to the unseating of several governments throughout the Middle East and North Africa.

"We looked at this as an indicator of how powerful a free and open internet can be in the world, and we looked at this from that lens," Nakasone said in remarks to a security conference in Aspen, Colorado.

"But I would also say that our adversaries looked at it from a completely different lens: As an existential threat to their existence."

Both Russia and China stepped up internal internet controls and other internal security measures after the Arab Spring aimed at blocking the spread of pro-democracy revolutions to their nations.

"And so what have you seen since then, I would say, is the weaponization of information," Nakasone said. "The idea of being able to control a populace with disinformation."

"I think that is an incredibly important trend that we're starting to see," he said.

Both states are "operating below the threshold of war," he said.

Russia's recent information warfare operations have involved the use of hard and soft power, such as the so-called "little green men" in Russian military uniforms without official insignia deployed to help take over Ukraine's Crimea and combined with aggressive disinformation operations to support the eventual annexation.

Another example was Russia's cyber-enabled intelligence operation to influence the 2016 presidential election by hacking political organizations' networks and posting stolen emails and documents online.

China, for its part, has taken steps to curtail access to free and open U.S. social media outlets inside China, such as Facebook and Twitter. Beijing also is engaged in large-scale government-backed influence operations on Chinese social media outlets such as WeChat and Weibo.

The Chinese government, for example, controls a group called 50 Cent Army, thousands of Chinese internet influence agents and trolls who are said to be paid the equivalent of $.50 for each online message posted.

China also deployed online technology capable of controlling search engine results so that, for example, a search entry for Tiananmen, the main Beijing square, will not return results on the 1989 government crackdown on unarmed, pro-democracy protesters in the square by Chinese military forces.

Asked if the United States is prepared to wage information warfare against the kind of activities used by Russia against Ukraine and the American election, Nakasone said the military has begun incorporating information warfare into its tactical training.

"We've recognized the importance of hybrid warfare within our Army, within our Marine Corps on the ground," he said. "We've already started to take action to train at places like the National Training Center that incorporates the idea of information warfare with a ground combat element."

The training shows the military recognizes the importance of incorporating information operations with traditional military operations.

Nationally, the United States needs to address information warfare threats and take steps to counter them using what the four-star general called "a whole-of-nation of approach."

"And I do think our nation is capable of it," he said. "It's not something new. This is something we have. I certainly grew up with it during the Cold War, and [we] have done it very effectively and I think we will do it again."

In addition to the foreign weaponization of information, Nakasone said a second trend in cyber threats is the targeting of large data sets.

"The stealing data, the importance of being able to secure your data. This is one of the trends of the past couple of years that I've certainly noticed," Nakasone said.

China has been blamed for stealing massive quantities of both U.S. government and private sector data. The Chinese were behind the theft in 2015 of more than 22 million records on federal workers, including extremely sensitive data on security clearance holders that can be used by China for intelligence recruitment and future cyber attacks.

China is believed to be using the massive data to assist with the use of advanced artificial intelligence technology.

Nakasone said China's development of artificial intelligence is being watched closely.

The United States remains a leader in technology innovation and as a result will be able to compete against the Chinese in the development of artificial intelligence, he noted.

Over the past 10 years, cyber threats have escalated from foreign nations' breaking into U.S. networks and stealing data, what Nakasone termed "exploitation" or spying.

"And that advanced to disruption," he said. "This is the whole denial-of-service attacks that we've seen from our adversaries."

At the higher end of cyber attacks is the use of cyber means to cause destruction of data, networks, and equipment, such as the North Korean cyber attack against Sony Pictures Entertainment in 2014, he said.

Regarding the threats from Russia and China, Nakasone said "we have to have some manner upon which we're going to have to be able to contest them in places like cyber space."

"If we don't, if we decide we're going to stand on the sidelines, that we're not going to bring the powers of our nation against our adversaries in cyber space … I think we run the risk of our adversaries defining what they are going to do in this domain."

Debate is needed on the costs and benefits of confronting Moscow and Beijing in the cyber realm, he added.

"But that discussion has to take place, and that discussion also has to take place with the idea of are we going to contest our adversaries in this new domain," Nakasone said.

On the risk of U.S. cyber attacks escalating in a future conflict, Nakasone disputed the idea that such attacks will automatically increase the danger of larger conflicts. "Maybe our adversaries do not want to escalate," he said, adding that they may prefer to continue to wage low-level conflict in the digital arena.

"But my concern is that if we do not bring the full elements of our nation's power against our adversaries in this space, if we don't decide that contesting them or engaging them is important, then I think our adversaries have a much easier time of defining what they're going to do."

Nakasone said NSA has set up a special unit called the Russia Small Group that is focused on monitoring Moscow's attempts to try and influence the upcoming 2018 elections in November.

Russia poses a "near peer threat" to the United States in the cyber realm. However, Cyber Command is prepared to act against Russia in a cyber conflict if called upon to do so, Nakasone said.

Earlier last week, Thomas Bossert, former White House cyber security chief under President Trump, said the concept of nuclear deterrence against adversaries is not applicable to cyber space.

"In nuclear war you're either at it, or you're not," Bossert said during the same conference. "News flash: We are in cyber conflict. And we've long joined it. And there's not a country on this planet that's not in it."

The United States is in "a constant state of not just low intensity, but in some cases intense conflict online," Bossert said.

"So the deterrent thinking of nuclear war does not apply. If you think that we're going to deter someone by escalating further the conflict that we're already in, I think you've misapplied your previous thinking."

Bossert said Russia carried out the June 2017 NotPetya cyber attack against Ukraine that took down networks of the government and business, but Moscow put no constraints on the malicious software that then spread globally.

The malware hit businesses in Europe with cyber attacks that caused $10 billion in damage, including the shutting down of three port facilities, he said.

"The Russians could have easily constrained the propagation of that cyber tool to the Ukraine, but they didn't," Bossert said.

Cyber Command has adopted a doctrine called "persistent engagement," Nakasone said.

"We should anticipate in this domain, within cyberspace, that our adversaries will continue to penetrate and continue to try and penetrate such things as our critical infrastructure," he said.

"What should we do about that? I say I think it's both the idea of being vigilant about that, certainly. It's also the idea of being able to act forward in terms of what your understanding what your adversaries may be doing in their own networks."

Last, cyber forces will enable action. "What's the partnership that's most effective to ensure that the Department of Homeland Security is armed with and has the information and both the capabilities to deal with this type of threats," Nakasone said.

Another area of cyber security is protecting American high-technology weapons systems, such as guided missile destroyers and F-35 jets from cyber attacks.

Nakasone said security for weapons should be "baked in" to the systems and not applied as an afterthought.

Secondly, intelligence agencies need to conduct aggressive cyber intelligence operations to learn what adversaries' capabilities, plans, and intentions are, he said.