Cyber defence: We'll hack back at attackers, says US

The Pentagon says that the US military must take on attacks before they reach its networks.
Written by Steve Ranger, Global News Director

The military must be prepared to disrupt hacking attacks before they reach US computer networks, according to a new strategic vision from the Pentagon.

The Department of Defense (DoD) has updated its cyber strategy for the first time since 2015, advocating a more aggressive approach than the previous document.

Perhaps most controversially, under the new strategy the US should be ready to "defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict".

SEE: Can Russian hackers be stopped? Here's why it might take 20 years

The DoD said this meant "confronting threats before they reach US networks". This is a bold but potentially risky strategy, as it's often hard to attribute attacks -- especially when they are launched from computer systems that have themselves been compromised, in order to mask the attackers' true identity and location. And threatening to take action against hackers may also increase the chances of other states taking similar action against probing attacks.

The DoD said its objectives for cyberspace include "deterring, pre-empting, or defeating malicious cyber activity targeting US critical infrastructure that is likely to cause a significant cyber incident." The Pentagon said it wanted to create a "more lethal" force for both war-fighting and countering malicious cyber actors.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

The US has long warned that several countries -- particularly Russia, China, North Korea and Iran -- have used cyber attacks to steal secrets or meddle in its politics, and the new cyber strategy is part of the US government's attempt to deter these attacks.

"China is eroding US military overmatch and the nation's economic vitality by persistently exfiltrating sensitive information from US public and private sector institutions. Russia has used cyber-enabled information operations to influence our population and challenge our democratic processes. Other actors, such as North Korea and Iran, have similarly employed malicious cyber activities to harm U.S. citizens and threaten U.S. interests," the cyber strategy said.

Of course, the US also uses the internet to spy on its rivals, as the new strategy notes: "We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict."

But the US has struggled to find the right response to the ongoing attacks on its networks, particularly as many take place in a legal grey area below the level of an attack that would provoke a traditional armed response.

Attacks like the election meddling by Russia have been effective, but the US has not found an effective deterrent. It has tried naming-and-shaming the attackers, sanctions and even indictments of hackers, all to little avail. Threatening to target cyber threats before they are launched is yet another escalation of US cyber deterrence in the aftermath of Russia's meddling in the run-up to the 2016 Presidential election.


Editorial standards