Military Set for Cyber Attacks on Foreign Infrastructure

Cybercom nominee: U.S. intrusions in foreign networks to deter China and Russia

Paul Nakasone
Paul Nakasone / Getty Images
April 10, 2018

American military cyber warriors are ready to shut critical infrastructures in China and Russia during a future conflict by conducting cyber intrusions into their networks, according to the general set to lead Cyber Command.

Both China and Russia have been detected conducting similar cyber battlefield reconnaissance against the U.S. networks used to control critical infrastructure in the United States, including electric grids, transportation, financial, and other critical systems.

U.S. military plans for similar cyber attacks on foreign infrastructure was disclosed last month in a little-noticed written Senate testimony from Army Lt. Gen. Paul Nakasone, nominee for the dual positions of commander of Cyber Command and director of the National Security Agency.

Nakasone stated in advance policy questions posed by the Senate Intelligence Committee that cyber attacks against infrastructure networks are a "critical vulnerability in the nation's armor" that poses a significant danger to U.S. security.

"We face a challenging and volatile threat environment, and cyber threats to our national security interests and critical infrastructure rank at the top of the list," he said.

Written answers to senators' questions about cyber plans and intelligence gathering from Nakasone included some of the first public details on how the military will wage war in cyber space.

Nakasone revealed the U.S. military has taken steps to prepare for cyber attacks against foreign nations' critical infrastructure. The goal is to announce the ability to shut down or disrupt foreign infrastructures as part of a deterrence strategy.

The disclosure came in response to questions about a February 2017 Defense Science Board report on deterrence that warned the United States will be unable for the foreseeable future to prevent cyber attacks against critical U.S. infrastructure through defensive means.

Nakasone stated "yes" when asked by the committee if Cyber Command and the military are "actively developing capabilities to threaten the critical infrastructure of peer adversaries."

The comment was the first time U.S. cyber attack capabilities against foreign infrastructure were discussed in public. Most cyber attack capabilities and preparations are kept secret or discussed only in vague terms in public forums.

The three-star general was then asked if the United States should inform peer adversaries such as Russia and China that U.S. military forces will retaliate against their critical infrastructure to deter attacks on U.S. infrastructure. Nakasone said: "Yes. The ability to respond appropriately and effectively is an essential element of any deterrence strategy."

Secret activities such as mapping foreign infrastructures prior to the outbreak of a war are currently permitted under U.S. military authorities for commanders, he added.

"To be operationally effective in cyberspace, U.S. forces must have the ability to conduct a range of preparatory activities which may include gaining clandestine access to operationally relevant cyber systems or networks," Nakasone said.

The Defense Science Board report contained a dire conclusion that U.S. infrastructures like the electrical grid will remain vulnerable to cyber attacks from Russia and China for at least 10 years.

"A large-scale cyber attack on civilian critical infrastructure could cause chaos by disrupting the flow of electricity, money, communications, fuel, and water," the report stated. "Thus far, we have only seen the virtual tip of the cyber attack iceberg."

"Russia and China have both been part of the problem to date, and could take this threat to the next level by using cyber in sustained campaigns to undermine U.S. economic growth, financial services and systems, political institutions (e.g., elections), and social cohesion," the report added.

The FBI and Department of Homeland Security issued a public alert to American companies in October warning of ongoing attacks on critical infrastructure by cyber actors that were not identified.

Little is known about U.S. intrusions into the state-run companies in China and Russia that run critical infrastructures such as electric grids, transportation, or financial networks.

However, documents made public by renegade NSA contractor Edward Snowden have revealed impressive foreign cyber intrusions by NSA that works closely with Cybercom on foreign targeting of computer networks.

For example, NSA documents revealed that NSA's Tailored Access Operations group broke into networks and routers used by the Chinese government-linked telecommunications company Huawei Technologies.

Huawei has supplied hardware for telecommunications systems in China and around the world and NSA cyber penetrations likely allowed NSA to uncover and implant software that could allow the United States to conduct future cyber attacks against China's critical infrastructure.

Nakasone also was asked about a military concept for cyber operations called persistent engagement.

"Persistent engagement seeks to achieve and maintain the initiative in cyberspace over an adversary by continuously contesting them where they operate, particularly below the level of armed conflict," he said, adding that he plans to study adopting the concept if confirmed.

On the use of artificial intelligence in cyber operations, the general said adversaries already are using advanced, self-learning technology for cyber operations and that in the next three to five years it will become commonplace.

The Pentagon also is preparing for AI use and is developing its own capabilities for machine learning, he said.

Advanced cyber powers such as China and Russia are adding artificial intelligence and machine learning to their cyber attacks capabilities, something likely to increase the dangers of cyber attacks in a future conflict, he noted.

On cyber threats, Nakasone said cyber attacks already are challenging public trust and confidence in governments around the world and imposing significant costs on American and international economies.

"Cyber threats also pose an increasing risk to public health, safety, and prosperity as cyber technologies are integrated with critical infrastructure in key sectors," the three-star general testified.

"Adding to the problem, some adversaries remain unconstrained from conducting reconnaissance, espionage, influence, and even attacks in cyberspace."

Nakasone identified the four nations of China, Russia, Iran, and North Korea as the main cyber threats.

Nakasone also said that Cyber Command is prepared to use its cyber intelligence and attack capabilities to target funds and other assets of Russian leader Vladimir Putin.

The Defense Science Board report concluded that threatening the holdings of adversary leaders like Putin is one possible response to Russia's covert campaign to influence the 2016 elections.

Nakasone said he agreed with the board that threatening Putin's sources of power, wealth, and support would improve efforts to deter Russia from intensifying its ongoing campaign to influence the American electorate.

The Trump administration last week stepped up pressure on Moscow over election meddling and other activities.

The Treasury Department on Friday blocked access to the U.S.-led international financial system for seven Russian oligarchs—as the powerful billionaires are called—including Putin's son-in-law, Kirill Shamalov.

The sanctions prevent any U.S. banks and financial institutions from conducting transactions with the oligarchs and their companies. Seventeen Russian government officials were also sanctioned but the action did not directly target Putin.

Putin is believed to have private financial assets worth at least $28 billion, much of it hidden in banks outside Russia.

One option for pressuring the Russian leader into backing off Moscow's malign activities, ranging from the takeover of Ukraine's Crimea to election meddling, is to conduct cyber attacks aimed at stealing his money or making it inaccessible.

Nakasone said he favors closer cooperation between the government and private sector companies that own 90 percent of critical U.S. infrastructures.

"This issue should not be viewed in a binary manner," he said. "We should look to help each other…. While the responsibility for protecting privately owned networks lies primarily with the system owner, the U.S. government has the responsibility to defend national interests more broadly."

Nakasone identified Russia as the most technologically advanced cyber warfare power and China as a "near-peer competitor" in cyber space "whose cyber capabilities pose a high threat to U.S. government and commercial networks." North Korea and Iran were described as "moderate" cyber threats.

Some security experts say cyber deterrence is not as likely to succeed as it did with nuclear arms during the Cold War.

Michael Sulmeyer, former director for plans and operations for cyber policy at the Pentagon, says cyber deterrence is unlikely to produce results because the United States is more wired than its adversaries and stands to lose more in a cyber conflict.

"Instead, the United States should be pursuing a more active cyber policy, one aimed not at deterring enemies but at disrupting their capabilities," Sulmeyer wrote in a recent article in Foreign Affairs. "In cyberwarfare, Washington should recognize that the best defense is a good offense."

Sulmeyer urged conducting offensive cyber attacks on hackers targeting the U.S. government and private sector companies, and working with technology companies to block hackers from using the internet.

"Today’s fight in cyberspace occurs in the gray zone between war and peace," he said. "If the United States hopes to win, it should spend less time trying to persuade its competitors that it is not worth hacking and more time preempting them and degrading their ability to do so. It is time to target capabilities, not calculations."

Cyber attacks against the United States are increasing in severity, sophistication, and frequency and the failure to take action in response has emboldened cyber actors to continue attacking.

"Our adversaries likely assess there are minimal consequences in response to their malign actions and are increasingly devoting resources to their cyber programs resulting in increased sophistication and frequency of their cyber operations," Nakasone said.

"It is paramount that the U.S public and private sectors work together to create a shared understanding of the threat in order to better defend our national security interests."

The general said determining if a cyber attack is an act of war should be assessed on a case-by-case basis. Criteria to define an act of war in cyber space includes whether an attack causes death, injury, or significant property damage.

Nakasone's written answers suggest he favors a more aggressive posture as Cybercom commander than his predecessors.

"The current level and tempo of cyber attacks is not tolerable," he said. "Our adversaries see opportunity for strategic advantage through continuous activity in the domain. We must act purposefully to frustrate their intentions, increase their costs, and decrease their likelihood of success."

Nakasone, currently commanding general at the Army Cyber Command, appeared before the Senate committee March 12.

A vote by the full Senate to confirm Nakasone for both positions is expected in the coming days.

Nakasone, is an experienced cyber warfare expert and led the anti-terrorism Joint Task Force Ares that is conducting cyber operations against the Islamic State.

The Task Force worked with Special Operations commandos during Operation Glowing Symphony that is aimed at undermining ISIS's online videos and propaganda.