The US military is taking a more aggressive stance against foreign government hackers who are targeting the US and is being granted more authority to launch preventative cyberstrikes, according to a summary of the Department of Defense’s new Cyber Strategy.
The Pentagon is referring to the new stance as “defend forward,” and the strategy will allow the US military “to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.”
The new military strategy, signed by Defense Secretary James Mattis, also emphasizes an intention to “build a more lethal force” of first-strike hackers.
The “defend forward” initiative wasn’t included in the 2015 strategy and further enables the United States to carry out offensive hacking operations to defend against cyberattacks on critical US infrastructure, such as election systems and the energy grid.
In effect, it gives the US military more authority to act on its own – even against computer networks based in friendly countries.
Normally, one nation’s hackers will establish a computer network in a second country before launching an attack on a third country. For example, Russia might use computers in Germany to attack the United States.
Until recently, if the US National Security Agency observed Russian hackers building a computer network in a Western European country, the president’s National Security Council would need to weigh in before any action is taken.
Now, the NSA won’t have to give its seal of approval, according to Jason Healey, a senior research scholar at Columbia University and former George W. Bush White House cyber official.
This new strategy provides a roadmap for the military to wipe out the enemy computer network in a friendly country, said Healey.
“It’s extremely risky to be doing this,” Healey told CNN on Tuesday. “If you loosen the rules of engagement, sometimes you’re going to mess that up.”
There is a growing threat from government-sponsored cyberattacks that disrupt civilian life. There is a major focus on Russian efforts to disrupt the 2018 midterms and there is a concern they may target US infrastructure. In 2015, Moscow was formally accused of hacking Ukraine’s electric grid in an unprecedented cyberattack that led to widespread power outages.
In 2016 and 2017, North Korea stole $81 million from Bangladesh’s central bank and carried out a worldwide attack on Microsoft computers through a ransomware attack known as “WannaCry 2.0.”
However, under the new strategy, US offensive cyberattacks will not target civilian infrastructure, because the US must abide by a UN agreement that prohibits “damaging civilian critical infrastructure during peacetime.”
This is the Trump administration’s second move to give the US military more autonomy over cyberattacks. It follows the National Security Council’s recent replacement of an Obama-era directive with one that gives US Cyber Command – the military’s hackers – more freedom to conduct counteroffensive hacking.