By Bill Gertz
The commander of the U.S. Cyber Command this week called for creating a Cold War-style balance of power in cyber space mirroring the U.S. nuclear deterrent strategy used against the Soviet Union.
During an appearance before Congress, Adm. Mike Rogers, who is also director of the National Security Agency, warned that cyber threats are becoming more sophisticated and lethal, and are being developed by both nations and groups of criminals and terrorists.
The comments by Rogers highlight the commander’s differences with the Obama administration’s declare “passive” strategy toward cyber attacks and the states and organizations behind them. Many U.S. corporations that have been victimized by cyber attacks have been pressing the White House to adopt more robust policies.
Rogers told the Senate Armed Services Committee that the U.S. government is at a “tipping point” over whether to continuing focusing on defenses against cyber attacks, or broaden activities into offensive counter attacks.
The Obama administration’s current purely defensive cyber strategy “will be both late to need and incredibly resource-intense,” he said.
“We also need to think about how can we increase our capacity on the offensive side here, to get to that point of deterrence.”
Cyber attacks are not only aiming to disrupt networks but the attackers, like China, Russia and Iran, “seek to establish a persistent presence on our networks,” Rogers said. “Quite simply, threats and vulnerabilities are changing and expanding at an accelerated and alarming pace in our mission set.”
Cyber warfare states with modest conventional military capabilities have shown considerable capacity to harass, disrupt, and distract their adversaries through digital means.”
The rapid evolution of technology and increased use of information systems makes cyber warfare a growing danger.
“If current trends hold, then we can expect more nations, and even state-less groups and individuals as well, to develop and employ their own tools and cyber warfare units to cause effects in targeted networks,” Rogers said. “The cyber strife that we see now in several regions will continue and deepen in sophistication and intensity. In light of our recent experience with the destructive attacks on Sony Pictures Entertainment, we expect state and unaffiliated cyber actors to become bolder and seek more capable means to affect us and our allies. Sadly, we foresee increased tensions in cyberspace.”
To deal with the threat, Rogers warned that cyber forces cannot hold their position but must move ahead with new capabilities.
He compared the current time in history to the early Cold War when the Soviet Union built up hydrogen bombs and superpower competition presented worrying signs of instability.
At that time, the United States recognized the need for nuclear forces deployed on the three legs of bombers, submarines and land-based missiles, along with command and control and intelligence systems and a declared nuclear deterrence policy.
Rogers noted that building nuclear forces did not cause a nuclear war or make the world less safe but instead made deterrence predictable, lowered tensions and led to arms control talks.
“While the analogy to cyberspace is not exact, it seems clear that our nation must continue to commit time, effort, and resources to understanding our historical situation and building cyber military capabilities, along with the whole-of-nation structures and partnerships they work among,” he said.
“Just as we fashioned a formidable nuclear capability that served us through the Cold War and beyond, I am confident in our ability to keep pace with adversaries who are determined to control ‘their’ corners of cyberspace, to exfiltrate our intellectual property, and to disrupt the functioning of our institutions.”
Adversaries in cyber space today are as determined, createive and persistent as Soviet leaders in the Cold War, he said, “and unfortunately we see few hints they will act more responsibly in cyberspace.”
Over the long term goal the United States must build a truly open, secure cyber space while preparing for crises and conflicts along the way.
“I can assure Congress, and the American people, that we are executing and will carry out a well-conceived and systematic plan for doing that,” Rogers said.
The four-star admiral compared U.S. cyber war capabilities to an aircraft carrier strike group.
The Pentagon’s 7 million networked devices and 15,000 networks collectively “represent a weapons system analogous to a carrier strike group or an aircraft strike package, through which we deliver effects,” he said.
“Like conventional weapons systems, our networks enable operations in other domains and distant locations, they demand constant upkeep and skillful handling, and they can be a target themselves for our adversaries.”
The command currently has around 1,100 people and is building up to a force of some 6,200 people who will be deployed with 133 Cyber Mission Teams by 2016.
Cyber attacks come in four main trends, including attacks like the North Korean hack of Sony Pictures Entertainment and the massive theft of data by cyber means by states and groups is continuing.
A third trend involves widely-used cyber attacks to disrupt networks — ranging from denial-of-service attacks and network traffic manipulation to the use of destructive malware.
“We see these used all over the world, particularly in most or all of the conflicts pitting two armed adversaries against one another,” Rogers said.
Lastly and most threatening, Rogers said states are building capabilities and gaining network access for conflict “with the idea of enhancing deterrence or as a beachhead for future cyber sabotage.”
A troubling indictor has been the discovering of malware inside industrial control systems of energy
sector organizations.
“We believe potential adversaries might be leaving cyber fingerprints on our critical infrastructure partly to convey a message that our homeland is at risk if tensions ever escalate toward military conflict,” Rogers said.
–March 21, 2015
The post Cyber Commander: United States needs a Cold War deterrence strategy for peace in cyberspace appeared first on Flash//CRITIC Cyber Threat News..