Lt. Gen. Paul Nakasone

Lt. Gen. Paul Nakasone Cliff Owen/AP

Science & Tech

NSA Pick Will Develop Cyber Retaliation Plans But Don’t Expect Government to Use Them

The other options for deterring cyberattacks aren't much better, though.

Joseph Marks

|
Joseph Marks
By Joseph Marks
Senior Correspondent

Lawmakers pressed President Donald Trump’s pick to lead the National Security Agency over the government’s failure to deter Russian cyber aggression Thursday at the same time the Treasury Department imposed the broadest sanctions to date against Russian government hackers.

The timing underscored two points made frequently by government cyber officials and by their critics outside government. First, the best response to a cyber strike often isn’t a cyber counterstrike. Second, those non-cyber responses, though they keep piling up, still aren’t doing the trick.

Thursday’s sanctions target five Russian entities, including intelligence services and social troll creator, the Internet Research Agency, as well as 19 individuals, many of whom were previously indicted by Special Counsel Robert Mueller.

The sanctions respond both to Russian meddling in the 2016 election and to global cyber mischief such as the NotPetya ransomware attack, which locked computers around the world last year.

The Treasury Department notice also cited Russian efforts to burrow into government and critical industry computer systems, including in the energy, nuclear, aviation and manufacturing sectors. Those efforts were detailed in a separate joint technical alert from the Homeland Security Department and the FBI.

The sanctions follow months of complaints from congressional Democrats and some Republicans that Trump—who has wavered on whether Russia was responsible for data breaches connected to the 2016 election—has been far too slow to punish Russia for its cyber aggression.

During Thursday’s confirmation hearing, Trump’s NSA pick, Lt. Gen. Paul Nakasone, repeatedly stressed that, while he expects to prepare possible military responses to enemy cyber strikes, he expects political leaders will often prefer non-military responses, such as sanctions, indictments and diplomatic pressure.

“I think it’s important to state that it’s not only cyber or military options that may be the most effective, and, in fact, it may be less effective than other options,” he said.

Since 2014, the U.S. government has indicted government hackers from China, Iran and now Russia. It has also instituted cyber sanctions against Russia and North Korea.

By contrast, the only offensive cyber actions the Defense Department has acknowledged target recruiting and communications efforts by the Islamic State, though it’s highly possible there are other offensive cyber strikes that are not publicly known.

The preference for non-cyber responses stems partly from the fact the U.S. is much more reliant on technology than its adversaries and so is in danger of coming out behind in a tit-for-tat exchange.

Diplomatic pressure and the threat of sanctions is widely believed to have forced a 2015 U.S.-China agreement that caused a steep reduction in Chinese hacking of U.S. companies to steal intellectual property. In most other cases, however, sanctions and indictments have had little visible deterrent effect.

While lawmakers generally praised Thursday’s sanctions, many Democrats also complained that they were unlikely to force a significant change.

“Sanctioning individuals already under indictment thanks to Special Counsel Robert Mueller is not going to change Russia’s behavior,” said Rep. Jim Langevin, D-R.I., who called the sanctions “woefully inadequate.”

“I thought the Obama administration’s sanctions were just a first step," he later tweeted. "That this administration is getting credit for re-sanctioning Russians 15 months later shows how askew our Russia policy is.”

Senate Intelligence ranking member Sen. Mark Warner, D-Va., criticized the sanctions for not going far enough.

“Nearly all of the entities and individuals who were sanctioned today were either previously under sanction during the Obama administration or had already been charged with federal crimes by the special counsel,” Warner said. “With the midterm elections fast approaching, the administration needs to step it up now if we have any hope of deterring Russian meddling in 2018.”

When asked Thursday if Russian cyber meddling is likely to decrease before the 2018 midterm elections, Nakasone cited a negative assessment by Director of National Intelligence Dan Coats, saying “unless the calculus changes, we should expect continued issues."

During a daily press briefing, White House Press Secretary Sarah Huckabee Sanders said: “We’re going to be tough on Russia until they decide to change their behavior.”

Reviewing the Dual Hat

Nakasone repeated a pledge Thursday to review within 90 days the current “dual hat” leadership of NSA and U.S. Cyber Command. Nakasone said he has “no predisposition” on whether the agencies are ready for the split.

“My assessment is that what we should do at end of day is make a determination that is in the best interest of the nation,” he said.

Congress has set a series of conditions that CYBERCOM must meet before the Defense Department splits that leadership role. Critics say the dual leadership leads to confused priorities between the intelligence agency and the military command.

Yep, Encryption’s Tricky

Nakasone answered with a “conditional yes,” when Sen. Ron Wyden, D-Ore., asked him to confirm security experts’ conventional view that it’s impossible to provide a government backdoor into encrypted communications without also making it easier for criminal hackers to access those communications.

FBI and Justice Department officials have frequently warned that end-to-end encryption systems which shield communications even from the communications provider are allowing terrorists and criminals to “go dark” online.

Intelligence officials, however, have generally expressed far less concern about those systems.

Wyden called Nakasone’s comments “encouraging.”

Not Buying Huawei

Nakasone said he would not use products provided by Chinese telecom companies Huawei or ZTE and would not recommend that friends or family use them.

The comments were in response to a question from Sen. Tom Cotton, R-Ark., who has introduced legislation to ban those companies and their affiliates from government contracts. Lawmakers are concerned the companies could be used as conduits for information theft by Chinese spies.

A Senate Intel Committee First

Thursday’s hearing marked the first time an NSA director nominee has faced a confirmation hearing before the Senate Intelligence Committee. Director nominees were only required to appear before the Senate Armed Services Committee prior to a change in the 2014 Intelligence Authorization Act.

NEXT STORY: The Military Race for Space Will Turn on the Ability to Choose Commercial Services

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.