The United States needs to up its game on cyber defense, said current NSA director and head of U.S. Cyber Command Admiral Michael S. Rogers in an appearance before the Armed Services Committee. More importantly, the U.S. can’t merely play defense; it must deter attacks by going on the offensive and striking back. More, from the NYT:
[…] Admiral Rogers said that erecting ever-higher digital fences would never be enough, and that “we have got to broaden our capabilities to provide policy makers and operational commanders with a broader range of options. Because in the end, a purely defensive reactive strategy will be both late” and would become “incredibly resource-intense.”
“So, I have been an advocate of, we also need to think about how can we increase our capacity on the offensive side here, to get to that point of deterrence.”
In interviews as he came into office last year, Admiral Rogers identified creating some form of deterrence as his highest priority. At the time, he said, Chinese and other attackers who steal data from American companies “pay no price.”
The game plan used by our adversaries, much like the one Russia keeps using in Ukraine, is to preserve plausible deniability. Our critical computer systems are difficult to defend due to their complexity and resultant opacity—which, incidentally, will only continue to increase as time goes on. And to make matters worse, proving beyond a reasonable doubt who is behind any specific attack is also maddeningly difficult. Case in point: China today shrugged off the FBI’s allegation that the PLA had hacked into a global internet registry that manages web addressed for 1.4 million businesses, calling the allegations “groundless.”It’s a brave new world we are entering here, one where the rules have yet to be been written and where the consequences have not yet fully been gamed out—and perhaps most importantly, one where the United States does not have a massive lead on its rivals. It’s time to get serious.