Cybersecurity defense requires a good offense

Congress may need to help the Defense Department cut through the technical, legal and international screens that protect hackers.

The best defense against cyberattacks on U.S. military, civil and commercial networks is to go on the offensive, said Marine Gen. James Cartwright, commander of the Strategic Command (Stratcom), said March 21 in testimony to the House Armed Services Committee.

“History teaches us that a purely defensive posture poses significant risks,” Cartwright told the committee. He added that if “we apply the principle of warfare to the cyberdomain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests.”

Cartwright said U.S. adversaries in cyberspace include other countries, terrorists and criminals who operate behind what he described as technical, legal and international screens, and he said that “if we are to take the fight to our adversaries, we will need Congress’ help finding solutions to penetrate these screens.”

Stratcom is the lead command within the Defense Department and it is charged with planning and directing cyberspace defense. It also manages the U.S. nuclear deterrent forces.

The Stratcom commander told the committee that the United States is under widespread, daily attacks in cyberspace. He added that  the country lacks dominance in the cyberdomain and that it could become “increasingly vulnerable if we do not fundamentally change how we view this battle space.”

Cartwright said U.S. cyberspace adversaries have potentially different motives – financial, political or military – and “threaten the freedom to embrace the opportunity offered by a globally connected, flattened world.”

He added that the magnitude of cost in terms of dollars dedicated to cyberdefense measures, lost intellectual capital and fraud that results from cyberattacks cannot be overestimated, “making these attacks a matter of great national interest.”

Stratcom continues to make progress in developing information operations capabilities into core military capabilities, Cartwright said, providing joint force commanders with the capability to gain and maintain information advantage over U.S. cyberspace adversaries.

The Air Force, which recently established a Cyber Command, views cyberspace as a warfighting domain, said Lt. Gen. Robert Elder Jr., commander of the 8th Air Force and JFCC-Global Strike and Integration.

"This particular domain is contested," Elder said, speaking at the FOSE trade show in Washington, D.C., March 21. "In some cases it's a criminal, in some cases it's a nation-state."

Either way, the Air Force's goal, as with air and space, is cyberspace superiority, he said. To achieve that goal, the service plans to "integrate all of our instruments of national power," leveraging diplomatic, economics and military options, Elder said.

Elder did not detail plans for going on the offensive. But when asked about it, he said, "We will probably do some of that, by the way."

Cartwright did not identify nations behind cyberattacks against the United States, but last month, officials at the Naval Network Warfare Command said Chinese hackers are constantly waging cyberwarfare against DOD networks.

Stratcom is also concerned with attacks against space-based communications and navigation systems, such as the Global Positioning System, Cartwright said at the committee hearing. Intentional interference with space-based intelligence, navigation and communications satellites, while not routine, now occurs with some regularity, Cartwright said.

He said U.S. adversaries are contesting the country's ability to freely access space-based assets, such as GPS and other satellites, which are essential to U.S. strategic and tactical operations.

Although the United States has conventional and nuclear capability unmatched in the world, Cartwright told the committee that enemies are positioning themselves to “avoid our strengths and exploit our vulnerabilities,” which he said include space-based systems and networked information systems.