US Military Cyber Chief Defends More Aggressive Strategy

America's top cyber official has defended the US government's adoption of a more aggressive stance in cyberspace. 

In a piece published on Tuesday in Foreign Affairs magazine, the commander of US Cyber Command, General Paul Nakasone, said the United States was right to swap a “reactive, defensive posture" for one that was more proactive and offensive. 

"The threat evolved, and we evolved to meet it," wrote Nakasone.

The commander, who is also director of the National Security Agency, said that actively engaging adversaries was necessary to keep pace with the ever-increasing number of sophisticated cyber-threats. 

“We learned that we cannot afford to wait for cyber-attacks to affect our military networks," wrote Nakasone in a piece co-authored with his senior advisor, Michael Sulmeyer.

"We learned that defending our military networks requires executing operations outside our military networks."

Nakasone described a mission that took place in October 2019 as an example of this proactive approach. As part of the "hunt forward" mission, Cyber Command deployed an elite team of cybersecurity experts to Montenegro to help the Balkan state defend itself against hackers with links to Russia. 

While supporting an ally, the team were simultaneously able to gather information and experience that could be used to strengthen America's cyber defenses, wrote Nakasone.

When Cyber Command was first established in June 2009, it was with the mission to protect US military networks through securing perimeters. Nakasone wrote that officials realized that this approach didn't go far enough to protect the country in cyber-space. 

The commander wrote that today's Cyber Command boasts 68 cyber-protection teams that “proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified."

Nakasone said while some believe that a more aggressive approach may provoke an escalation into physical violence, inaction in the face of cyber-threats could also have dire consequences. 

“Some have speculated that competing with adversaries in cyberspace will increase the risk of escalation—from hacking to all-out war," Nakasone wrote.

He went on to write that "inaction poses its own risks: that Chinese espionage, Russian intimidation, Iranian coercion, North Korean burglary, and terrorist propaganda will continue unabated."

What’s Hot on Infosecurity Magazine?