The administration wants to punish hackers in a way that "modifies behavior," Tom Bossert said.
White House Homeland Security Adviser Tom Bossert suggested the U.S. government may dole out “real world” punishment to nation-states that hack federal systems or violate agreed upon cybersecurity norms.
The White House is exploring ways to deter cyber adversaries as called for by President Donald Trump’s May executive order, Bossert said at the Intelligence and National Security Summit Wednesday.
“I think what we'll do on the deterrence side is end up figuring out a means and method outside cybersecurity to apply elements of national power to punish bad behavior commensurate with offense,” Bossert said. “We want to punish in a way that is real world, not cyber.”
Bossert did not specify what responses the government might take if faced with a serious cyber threat, such as enacting sanctions or potential military action.
However, Bossert said “there is very little reason to believe” U.S.-led offensive cyber strikes are “going to have any deterrent effect on a cyber adversary.” Bossert cited North Korea and Venezuela as countries unlikely to be persuaded by aggressive cyber action. Venezuela is significantly less reliant on digital infrastructure than the U.S. is and North Korea barely relies on the internet at all, meaning the U.S. is a much juicier cyber target.
On the contrary, Bossert suggested such a cyber offensive would only encourage adversaries to “develop better defenses” and employ better hackers.
“We want to punish in a way that modifies behavior,” Bossert said.
The strategy, which will be outlined in White House reports Trump’s executive order mandated, shares similarities with policy introduced by the Obama administration in 2016 following revelations that Russia meddled in the presidential election. Then-National Security Adviser Lisa Monaco said the Obama administration would “respond in a time and place and manner of our choosing” and would consider “a full range [of] tools, economic, diplomatic, criminal law enforcement, military” and others.
The Obama administration ultimately responded by expelling dozens of Russian diplomats from the U.S., who the administration said were spies. Obama and Vice President Joe Biden also suggested there might have been a covert counter cyber strike. Congress later imposed extensive additional sanctions on Russia related to the hacking over President Trump’s disapproval.
The Obama administration also responded to digital crimes with real-world consequences in other circumstances. The administration indicted hackers linked to China’s People’s Liberation Army for hacking U.S. companies in 2014 and indicted Iranian government-linked hackers for targeting banks and a New York State dam in 2016. The administration also sanctioned North Korea for hacking Sony Pictures Entertainment in early 2015.