The military must be prepared to disrupt hacking attacks before they reach US computer networks, according to a new strategic vision from the Pentagon.
The Department of Defense (DoD) has updated its cyber strategy for the first time since 2015, advocating a more aggressive approach than the previous document.
Perhaps most controversially, under the new strategy the US should be ready to "defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict".
The DoD said this meant "confronting threats before they reach US networks". This is a bold but potentially risky strategy, as it's often hard to attribute attacks -- especially when they are launched from computer systems that have themselves been compromised, in order to mask the attackers' true identity and location. And threatening to take action against hackers may also increase the chances of other states taking similar action against probing attacks.
The DoD said its objectives for cyberspace include "deterring, pre-empting, or defeating malicious cyber activity targeting US critical infrastructure that is likely to cause a significant cyber incident." The Pentagon said it wanted to create a "more lethal" force for both war-fighting and countering malicious cyber actors.
The US has long warned that several countries -- particularly Russia, China, North Korea and Iran -- have used cyber attacks to steal secrets or meddle in its politics, and the new cyber strategy is part of the US government's attempt to deter these attacks.
"China is eroding US military overmatch and the nation's economic vitality by persistently exfiltrating sensitive information from US public and private sector institutions. Russia has used cyber-enabled information operations to influence our population and challenge our democratic processes. Other actors, such as North Korea and Iran, have similarly employed malicious cyber activities to harm U.S. citizens and threaten U.S. interests," the cyber strategy said.
Of course, the US also uses the internet to spy on its rivals, as the new strategy notes: "We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict."
But the US has struggled to find the right response to the ongoing attacks on its networks, particularly as many take place in a legal grey area below the level of an attack that would provoke a traditional armed response.
Attacks like the election meddling by Russia have been effective, but the US has not found an effective deterrent. It has tried naming-and-shaming the attackers, sanctions and even indictments of hackers, all to little avail. Threatening to target cyber threats before they are launched is yet another escalation of US cyber deterrence in the aftermath of Russia's meddling in the run-up to the 2016 Presidential election.
MORE ON CYBERSECURITY
- Russian election meddling continues, says US: So why can't it be stopped?
- Can Russian hackers be stopped? Here's why it might take 20 years
- Governments and nation states are now officially training for cyberwarfare: An inside look
- The new art of war: How trolls, hackers and spies are rewriting the rules of conflict
- Inside the secret digital arms race: Facing the threat of a global cyberwar
- The undercover war on your internet secrets: How online surveillance cracked our trust in the web
- Ukraine fears a coordinated hacking attack from Russia (CNET)
- The impossible task of counting up the world's cyber armies
- Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you
- In the grey area between espionage and cyberwar
- You weren't hacked, Google tells Gmail users who received spam from themselves(TechRepublic)
- NSA chief: This is what a worst-case cyberattack scenario looks like
- Why the CIA's iOS, Android and Windows hack stockpile puts zero-day hoards in the spotlight