The U.S. Pledges A Harder Line In Cyberspace — And Drops Some Hints

Mar 26, 2019
Originally published on March 26, 2019 5:51 am

Army Gen. Paul Nakasone, who heads both the National Security Agency and the U.S. Cyber Command, usually doesn't say much in public. But recently, he's been on what amounts to a public relations blitz. The message he's pushing is that the U.S. will be more aggressive in confronting and combating rivals in cyberspace.

"I have all the authorities that I need right now to conduct the full spectrum of operations, that's defensive operations all the way to offensive operations. And when I don't have those authorities, I will certainly ask for them," said Nakasone, wearing short sleeves and no tie at the recent RSA Conference, a high-tech gathering in San Francisco.

He's even offering a few select details, a rarity for the super-secretive NSA and Cyber Command.

"For the first time, we sent our cyberwarriors abroad," Nakasone said earlier this month in Capitol Hill testimony about countering Russian attempts to meddle in last fall's midterm elections. "We sent defensive teams forward in November to three different European countries. That's acting outside of our borders that impose[s] costs against our adversaries."

How to respond?

Over the past decade, the U.S. has been wrestling with the question of how to deal with cyberattacks. What's the proper response when China steals high-tech secrets from a U.S. company? Or when North Korea hacks into Sony Pictures because that country doesn't like a satirical movie about its leader Kim Jong Un?

Often the answer was to do little or nothing. But at his confirmation hearing last year, Nakasone made clear he wanted to take a harder line.

The National Security Agency and U.S. Cyber Command both have headquarters at the same campus in Fort Meade, Md. The NSA, which was established in 1952, monitors foreign communications, while Cyber Command, created a decade a ago, is designed to take action against rivals in the cyber realm.
Patrick Semansky / AP

At that hearing, Alaska Republican Sen. Dan Sullivan asked Nakasone: "What do you think our adversaries think right now? If you do a cyberattack on America, what's going to happen to them?"

Nakasone replied: "So basically, I would say, right now, they do not think that much will happen to them."

"They don't fear us?" Sullivan said.

"They don't fear us," Nakasone replied.

President Trump has given Nakasone more authority to act, but this approach raises two big concerns:

First, will other countries stop attacking the U.S?

Probably not.

Second, will this ignite a cycle of retaliation and escalation?

No one really knows.

"If you create awareness, it makes the attackers' job harder"

The NSA and U.S. Cyber Command work side by side at the same sprawling campus in Ft. Meade, Md. Distinguishing between them can be tricky, but here's the shorthand: The NSA, established in 1952, monitors foreign communications, while Cyber Command, created just a decade ago, is designed to take action in the digital realm.

Gen. Paul Nakasone, the head of the National Security Agency and U.S. Cyber Command, speaks at a recent high-tech conference in San Francisco.
YouTube

P.W. Singer, a cyber expert at the New America think tank and author of Like War, says it's uncharacteristic for either agency to be offering a peek behind the curtain.

"So you're seeing a change from keeping everything classified — not talking about anything — to trying to share a little bit more information," said Singer. "The reason is a belief that if you create awareness, it makes the attackers' job harder."

The U.S. now routinely names and shames hackers.

"A lot of countries can hack," said Thomas Rid, a professor at Johns Hopkins University's School of Advanced International Studies who studies cyberwarfare. But, he added, few countries can figure out who did the hacking.

The U.S. is one of those that can.

Special Counsel Robert Mueller's team has indicted 25 Russians for election interference — by name and with details that could only be obtained by hacking their computers.

"So finding out who hacked you, finding the evidence, and then assessing the evidence in a professional way, the attribution capabilities, these are hard to develop," Rid said.

The NSA took another unusual step recently, making one of its own software programs freely available to the public. It's called Ghidra and it reverse-engineers malware that's been detected in a computer system. Now anyone can download Ghidra to analyze malware and figure out how best to combat it.

U.S. actions

Of course, the U.S. has its own history of surveilling rivals, planting malware and even waging offensive attacks. The best known attack attributed to the U.S. (along with Israel) is the Stuxnet virus that made Iranian centrifuges malfunction in 2010. In a nuclear program, centrifuges are key to the uranium enrichment process.

"The Russians plant malware and look for openings in various infrastructure in the United States," said author James Bamford, who has written about the NSA for decades. "It's exactly the same thing we do in other countries. It's not necessarily an act of aggression. It's just normal espionage."

Whatever you call it, Nakasone says it's here to stay.

"I think this is a new normal," he said at the RSA Conference. The U.S. response, he added, "can't be episodic. You have to be involved every day. You have to be aware of what your adversary's doing."

Planning, he said, is already underway to protect the 2020 elections.

Greg Myre is a national security correspondent. Follow him @gregmyre1.

Copyright 2019 NPR. To see more, visit https://www.npr.org.

RACHEL MARTIN, HOST:

Efforts to stop Russia from interfering in U.S. elections come from two of the most secretive parts of the U.S. government the National Security Agency and Cyber Command. They worked side by side at the same sprawling campus in Fort Meade Maryland where the NSA monitors foreign communications. While cyber command takes action in the digital realm the army general who heads them both is a proponent of more aggressive measures. Here's NPR national security correspondent Greg Myre.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED PERSON: It's a pleasure to introduce to you the commander of U.S. Cyber Command and director of the National Security Agency, General Paul Nakasone.

(SOUNDBITE OF MUSIC)

GREG MYRE, BYLINE: Paul Nakasone usually doesn't say much in public. But recently, he's been on what amounts to a PR blitz. Here he is, in short sleeves and no tie, addressing a high-tech confab in San Francisco.

(SOUNDBITE OF ARCHIVED RECORDING)

PAUL NAKASONE: I have all the authorities that I need right now to conduct full-spectrum operations. That's defensive operations all the way to offensive operations. And when I don't have those authorities, I will certainly ask for them.

MYRE: Nakasone is driving home the point that the U.S. needs to directly confront rivals in cyberspace. Here's what he said on Capitol Hill about countering Russian attempts to meddle in last fall's midterm elections.

(SOUNDBITE OF ARCHIVED RECORDING)

NAKASONE: For the first time, we sent our cyberwarriors abroad. We sent defensive teams forward in November to three different European countries. That's acting outside of our borders that imposed costs against our adversaries.

MYRE: Over the past decade, the U.S. has been wrestling with the question of how to deal with cyberattacks. What's the proper response when China steals high-tech secrets from a U.S. company or when North Korea hacks into Sony because that country doesn't like a satirical movie about its leader Kim Jong Un? Nakasone made clear he wanted to take a harder line at his confirmation hearing a year ago. Here he responds to Alaska senator Dan Sullivan.

(SOUNDBITE OF ARCHIVED RECORDING)

DAN SULLIVAN: What do you think our adversaries think right now? If you do a cyberattack on America, what's going to happen to them?

NAKASONE: So basically, I would say right now they do not think that much will happen to them.

SULLIVAN: They don't fear us?

NAKASONE: They don't fear us.

MYRE: President Trump has given Nakasone more authority, but this approach raises two big questions. First, will other countries stop attacking the U.S.? Probably not. Second, will this ignite a cycle of retaliation and escalation? No one really knows. But we are getting a peek behind the curtain, says P. W. Singer, a cyber expert at the New America think tank.

P W SINGER: So you're seeing a change from keeping everything classified, not talking about anything to trying to share a little bit more information. And the reason is a belief that if you create awareness, it makes the attacker's job harder.

MYRE: The U.S. now routinely names and shames hackers.

THOMAS RID: A lot of countries can hack.

MYRE: That's Thomas Rid of Johns Hopkins University who says not a lot of countries can figure out who did the hacking. The U.S. can. Robert Mueller's team indicted 25 Russians for election interference by name and with details that could only be obtained by hacking their computers.

RID: So finding out who hacked you, finding the evidence and then assessing the evidence in a professional way - the attribution capabilities, these are hard to develop.

MYRE: The NSA took another unusual step recently, making one of its own software programs available to the public for free. It's called Ghidra, and it reverse-engineers malware that's been detected in a computer system. Now anyone can download Ghidra to analyze malware and figure out how best to combat it. Of course, the NSA has its own history of planting malware abroad, notes author James Bamford, who's written about the agency for decades.

JAMES BAMFORD: The Russians plant malware and look for openings in various infrastructure in the United States. It's exactly the same thing we do in other countries. It's not necessarily an act of aggression; it's just normal espionage.

MYRE: Whatever you call it, Nakasone says it's here to stay.

(SOUNDBITE OF ARCHIVED RECORDING)

NAKASONE: I think this is a new normal. It can't be episodic. You have to be involved every day. You have to be aware of what your adversary is doing.

MYRE: Planning, he says, is already underway to protect the 2020 election.

Greg Myre, NPR News, Washington.

(SOUNDBITE OF EVOCATIV'S "CASTAWAY") Transcript provided by NPR, Copyright NPR.