The president’s nominee to be the next leader of Cyber Command and the National Security Agency told lawmakers Thursday a defined, whole-of-government strategy is needed to deter Russian interference after previous U.S. responses to cyber attacks have been insufficient in deterring adversaries.
Lt. Gen. Paul Nakasone, commander of Army Cyber Command, testified at his first confirmation hearing in front of the Senate Armed Services Committee (SASC), where he acknowledged that executive leadership needs to direct a plan for responding to Russian election meddling and, once confirmed, he’ll present options for thwarting cyber attacks at their source to the president and secretary of defense.
“I would say right now, [adversaries] do not think that much will happen to them. They don’t fear us,” Nakasone said during his hearing. “If confirmed, and as the policy was worked, I would certainly provide input as an operational commander.”
Nakasone’s comments come two days after Adm. Mike Rogers, the current head of Cyber Command and NSA, testified to SASC members that president has not granted him the authority to carry out offensive operations to disrupt future Russian cyber attacks (Defense Daily, Feb. 27).
Rogers has announced he will retire later this spring.
Intelligence community reports have previously confirmed Russian attempts at implementing disinformation campaigns to influence the 2016 U.S. presidential election, and the Department of Homeland Security has confirmed that at least 21 states faced hacking attempts of their voting infrastructure.
Lawmakers pressed Nakasone on how he would approach putting a strategy together to ensure that the U.S. has an adequate response to potential Russian interference in the 2018 midterm elections.
“It’s been common knowledge that our adversaries who use cyber attacks against us clearly see that the benefits of doing these kind of attacks outweigh the cost. Meaning there’s pretty broad consensus that we really haven’t retaliated hardly at all. We seem to be the cyber punching bag of the world.” said Sen. Dan Sullivan (R-Alaska). “We need guidance in terms of a broad cyber strategy, and if confirmed we’re going to be relying on you a lot for that.”
Nakasone said he would push for a whole-of-government approach aimed at imposing costs on adversaries and focused on ensuring mission success to deliver persistent cyber mission objectives. This includes ensuring Cyber Command’s Cyber Mission Forces have full capabilities to carry out network defense and offensive cyber strategies.
A defined national cyber strategy or doctrine is necessary to create a framework for responding to varying degrees of cyber attacks, according to Nakasone.
“I’ve also seen cyber threats to our nation grow exponentially, and adapt just as rapidly. From adversaries conducting exploitations of our networks, to the harnessing of social media platforms for false messaging, to targeting our elections, to destructive attacks. The department and our nation face significant challenges in this ever-changing domain,” Nakasone said in his opening remarks. “If confirmed to lead U.S. Cyber Command and NSA, I will ensure our military commanders and national decision makers can call upon an aggressive and globally-dominant cyber force with the capability and capacity to defend us at home and apply pressure to our adversaries abroad.”
Nakasone reiterated that he will provide a series of cyber response options to the secretary of defense and the president, but it’s ultimately up to executive leadership to direct Cyber Command to carry out new operations.
Sen. Ben Sasse (R-Neb.) urged his colleagues to seek action from the executive branch for cyber retaliation in response to Russian election interference, so Nakasone and Cyber Command can make full use of their capabilities to thwart future attacks.
“I want to go back to your exchange with Sen. Sullivan. We are four years into regular cyber attacks against the United States to which we publicly admit we don’t respond in any way that’s sufficient to change behavior. Your exchange with Sen. Sullivan is the most important thing that will happen on Capitol Hill today,” Sasse said to Nakasone. “We are not responding in anyway that is adequate to the challenge we face.”
With the DHS overseeing election infrastructure, Nakasone wants to improve the information sharing capacity among departments and the private sector to address known cyber vulnerabilities.
“I’m struck that what we must do with structure is improve the cross-talk, the coordination, the sharing that goes on. If you consider today that 90 percent of our networks are within the private sector, then that private sector is likely to be the first indicator of some type of intrusion or attack,” Nakasone said.
Once confirmed, Nakasone would be the first commander to lead U.S. Cyber Command after the unit was elevated to a unified combatant command in August to organize its warfighting capabilities.
Lawmakers asked Nakasone his thoughts on the potential splitting of the dual-hat leadership role between NSA and Cyber Command, but he said he had no opinion yet and would wait until he held the position to analyze the potential move.
Nakasone said he will make a recommendation to the secretary of defense on the split within his first 90 days.
The Senate Intelligence Committee is set to schedule a second confirmation hearing soon on Nakasone’s NSA responsibilities.