US military given the power to hack back/defend forward

Hacking back – what’s also called offensive hacking, or what the Defense Department is calling “defending forward” in its new cyber strategy, or what we can think of as plain old “attacking” but without the need for the military to get an OK from the president’s National Security Council – is back.

The new version of cyber strategy, first reported by CNN on Tuesday, says that the Department of Defense (DoD) will “defend forward” to confront threats before they reach US networks: in other words, the military has gained the power to launch “preventative” cyberattacks, be they to protect election systems or the energy grid.

Our primary role in this homeland defense mission is to defend forward by leveraging our focus outward to stop threats before they reach their targets.

“The United States cannot afford inaction,” the summary reads. As it is, the US is in a “long-term strategic competition” with China and Russia, it says, which have both launched persistent cyber campaigns that pose “long-term” risk to the country, its allies and its partners.

References to state-sponsored hacks

The strategy references China-sponsored hacking and Russian tinkering with US elections and US discourse.

North Korea also rated a mention. Earlier this month, the US unsealed a criminal complaint that charged a North Korea regime-backed programmer with multiple devastating cyberattacks, including the global WannaCry 2.0 ransomware in 2017, the 2014 attack on Sony Pictures, and the $81m cyber heist in 2016 that drained Bangladesh’s central bank.

From the new strategy, which is the DoD’s first formal cyber strategy document in three years:

China is eroding U.S. Military overmatch and the Nation’s economic vitality by persistently exfiltrating sensitive information from U.S. public and private sector institutions. Russia has used cyber-enabled information operations to influence our population and challenge our democratic processes. Other actors, such as North Korea and Iran, have similarly employed malicious cyber activities to harm U.S. citizens and threaten U.S.

The new strategy gives the military the power to unleash attacks within countries that are allies, as it goes after hackers who use such countries’ networks as a launching pad for attacks against the US, CNN notes.

A risky move?

The new strategy gives the military the power to act far more independently than it has until recently. Previously, if the National Security Agency (NSA) observed Russian hackers building a network in a Western European country, the president’s National Security Council would have to sign off on action before it was taken.

Jason Healey, a senior research scholar at Columbia University and former George W. Bush White House cyber official, told CNN that this won’t be necessary from hereon in.

It’s a risky move, Healey said:

It’s extremely risky to be doing this. If you loosen the rules of engagement, sometimes you’re going to mess that up.

The new strategy still prevents the US from attacking civilian infrastructure in other countries, citing a United Nations agreement “against damaging civilian critical infrastructure during peacetime.”

From the strategy:

The Department will work alongside its interagency and international partners to promote international commitments regarding behavior in cyberspace as well as to develop and implement cyber confidence building measures (CBM). When cyber activities threaten U.S. Interests, we will contest them and we will be prepared to act, in conjunction with partners, to defend U.S. interests.

This is only the most recent of the Trump administration’s moves to give the military a longer leash when it comes to cyberwarfare. Last month, Washington rolled back an Obama-era directive that outlined how to launch cyberattacks on foreign soil.