Do we need to use offensive cyber capabilities? - Cyber chief: Efforts to deter attacks against the U.S. are not working

SSG Norman Lihou — Fri, 20 Mar 2015 13:02:03 -0400

“We’re at a tipping point,” said Adm. Michael S. Rogers, who also directs the National Security Agency, at a hearing of the Senate Armed Services Committee. “We need to think about: How do we increase our capacity on the offensive side to get to that point of deterrence?”

Rogers noted that the command, which launched in 2010, has focused mostly on defense. But, he said, “in the end, a purely defensive, reactive strategy will be both late to need and incredibly resource-intense.”

His testimony picks up where his predecessor, retired Gen. Keith Alexander, left off. Alexander, who retired last year and started a cybersecurity firm, had long advocated a more robust offensive capability. But concerns over the years from the White House, the State Department and even some within the Pentagon that the use of cyberweapons could trigger unintended consequences and might harm diplomatic relations have slowed their deployment.

Read the entire article:
http://www.washingtonpost.com/world/national-security/head-of-cyber-command-us-may-need-to-boost-offensive-cyber-powers/2015/03/19/1ad79a34-ce4e-11e4-a2a7-9517a3a70506_story.html

Cyber chief: Efforts to deter attacks against the U.S. are not working

The nation needs to increase capacity “on the offensive side” to fend off attacks, the admiral said.

Response by MSgt Private RallyPoint Member made Mar 20 at 2015 6:14 PM

MSgt Private RallyPoint Member — Fri, 20 Mar 2015 18:14:48 -0400

It is not an issue of having cyber of offense weapons but of specified targeted use. The US can simply make countries disappear off the routing tables through use of ICANN, but there is huge collateral damage (civ, economic, diplomatic) when using these tactics. Normally a cyber attacker will route attack through multiple neutral country launch points or civilian unprotected servers and we have no means to attack them or strike back and get the bad guy. The other issue is what is more important, exploitation or kinetic action? Really it is a balancing act and strategic decision when it comes to use of cyber capabilities. Some abilities are cut in dry such as jamming within theatre but for long haul circuit offensive actions, it is a grey area and how do you determine effects.

Response by CW5 Private RallyPoint Member made Mar 20 at 2015 6:25 PM

CW5 Private RallyPoint Member — Fri, 20 Mar 2015 18:25:22 -0400

This article is spot on, in my opinion, SSG Norman Lihou. Playing defense in this "game" is too little too late. The attackers come, get what they want, leave, and we investigate what happened. That's a pitiful excuse for a cyber strategy. Something like closing the barn door after all the horses have run out.

Response by Lt Col Private RallyPoint Member made Feb 21 at 2016 8:29 PM

Lt Col Private RallyPoint Member — Sun, 21 Feb 2016 20:29:52 -0500

There is a fundamental issue of deterrence when it comes to cyber. In many academic circles, they compare cyber to nukes which just don't work. The devastation of nukes can be easily measured and the horrors can be easily imagined. Offensive Cyber works on the notion of secrecy. You can just say trust me, i can hack you. If the goal is the create international norms concerning nation state cyber warfare, this may work to a certain degree but it will be limited to nation states with a vast intelligence enterprise. It will have very little effect on criminal and non-state organizations where cyber attacks are consider crimes not acts of war.

In cyber virtually anyone with a computer and a network connection has the means to produce an offensive cyber effect. Deterrence by increasing the number of offensive cyber operators/weapons is not going to work on the 2.94B users of the internet.

The bigger issue on the defensive side for CYBERCOM will be authorities...they are only tasked with protecting the DODIN not all of the US Federal Government or the Critical Infrastructure that underpins the US and its economy.