Category Archives: offensive cyber

PPD-20 successor has yielded ‘operational success,’ Federal CISO says

Posted on by

A revamped policy framework for offensive U.S. cyber operations is much quicker than its predecessor and has yielded “operational success,” a top White House cybersecurity official said Tuesday. Last August, President Donald Trump rescinded the Obama-era policy, known as Presidential Policy Directive 20, which governed U.S. hacking operations, and replaced it with the new framework. Critics said PPD-20’s intricate interagency process unnecessarily delayed offensive operations, while advocates called it an important mechanism for accounting for all of the potential repercussions of a cyberattack. The new structure “gives more authority to the people who need to actually make those decisions” about offensive operations, Grant Schneider, the federal information security officer, said at an event hosted by the nonprofit Intelligence and National Security Alliance. U.S. officials are focused on ensuring that the Pentagon “has the tools available to leverage offensive cyber capabilities,” he added. The remarks from Schneider, the National Security Council’s top defensive-focused […]

The post PPD-20 successor has yielded ‘operational success,’ Federal CISO says appeared first on CyberScoop.

Continue reading PPD-20 successor has yielded ‘operational success,’ Federal CISO says

Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector

Posted on by

The U.S. government’s new and reportedly more muscular approach to conducting offensive cyber-operations must carefully consider the potential blowback of such actions to the private sector, a former senior Department of Homeland Security official has warned. “DHS needs to be part of the discussion around the cost-benefit analysis to bring the private sector point of view because we know the private sector often bears the brunt of the retaliation that comes in the wake of more aggressive activity,” Suzanne Spaulding said Wednesday at the Atlantic Council. Asked what public indication there would that those concerns are being addressed, Spaulding, who served as a DHS undersecretary under President Barack Obama, said the answer lies in the private sector. Private companies will have a sense of “whether their equities were adequately considered” before a U.S. government decision to conduct offensive operations, Spaulding said during a panel discussion. “And my guess is they’ll […]

The post Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector appeared first on Cyberscoop.

Continue reading Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector

White House announces federal cyber strategy, vows to go on offensive

Posted on by

The White House announced a new national cybersecurity strategy Thursday in an effort raise federal network defenses and more aggressively deter foreign adversaries from threatening U.S. interests. “We’re going to do a lot of things offensively and I think our adversaries need to know that,” White House national security adviser John Bolton told reporters. Defensive measures are central to the document, but Bolton’s call with reporters emphasized offense. “We will identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to national interests, while preserving the United States’ overmatch in and through cyberspace,” Bolton said. The strategy is a template through which federal agencies can carry out their own cybersecurity mandates, according to Bolton. “I’m satisfied that this allows us the comprehensive look at strategy across the entire government,” he said. “Each agency knows its lane and is pursuing it vigorously. That’s true in the unclassified world; it’s […]

The post White House announces federal cyber strategy, vows to go on offensive appeared first on Cyberscoop.

Continue reading White House announces federal cyber strategy, vows to go on offensive

PPD-20 elimination opens arguments over how U.S. should conduct offensive hacking operations

Posted on by

President Donald Trump has rescinded a key policy directive that governs the approval process for cyberattacks conducted by the U.S. government, potentially opening the door to more offensive operations, an administration official familiar with the matter confirmed to CyberScoop. Presidential Policy Directive 20, which then-President Barack Obama signed in 2012, had installed an intricate inter-agency legal and policy process for green-lighting cyberattacks. Critics of the process said it unnecessarily delayed offensive operations, while advocates called it an important mechanism for accounting for all of the potential repercussions of a cyberattack. Trump’s reversal of the memorandum is in keeping with his administration’s efforts to enable military commanders to more freely conduct cyber operations against adversaries such as nation-states and terrorists. While critics warn of the pitfalls of loosening restrictions on hacking operations, the policy shift answers a call from lawmakers for the government to be more willing to go on the […]

The post PPD-20 elimination opens arguments over how U.S. should conduct offensive hacking operations appeared first on Cyberscoop.

Continue reading PPD-20 elimination opens arguments over how U.S. should conduct offensive hacking operations

McCaul: U.S. should go on the cyber offensive if Russia hacks midterms

Posted on by

The United States should respond with offensive cyber operations if the Russian government tries to meddle in the 2018 U.S. midterm elections like it did in the 2016 presidential election, according to an influential Republican lawmaker. “Personally, if [the Russians] attempt to do that again in the 2018 midterms, I think there should be an offensive response to it,” Texas Rep. Michael McCaul, chairman of the House Homeland Security Committee, told reporters Wednesday. In January 2017, the U.S. intelligence community concluded that Russian government-linked hackers meddled in the 2016 presidential election as part of a broad Kremlin-backed effort to help elect U.S. President Donald Trump. Over the last several months, senior U.S. intelligence officials have repeatedly warned of the possibility of renewed Russian information operations ahead of midterm elections this fall. While nothing on the scale of the 2016 meddling has been detected yet for the 2018 cycle, a public […]

The post McCaul: U.S. should go on the cyber offensive if Russia hacks midterms appeared first on Cyberscoop.

Continue reading McCaul: U.S. should go on the cyber offensive if Russia hacks midterms

NDAA pushes U.S. Cyber Command to be more aggressive

Posted on by

By the Senate Armed Service Committee’s estimation, the United States has held back in cyberspace. The committee is angling to change that with the latest National Defense Authorization Act, proposing to free up the military on the front lines of cyber conflict, create a new strategic cyber entity and respond to Russian aggressions in-kind. The bill’s authors wrote that lawmakers have long-standing concerns about the lack of an effective U.S. strategy to deter and counter cyber threats. To counter foreign state actors bent on stealing, striking, spying or disrupting in cyberspace, the bill suggests boosting resilience, increasing attribution capabilities, emphasizing defense and enhancing the country’s ability to respond to attacks. “We’re letting episodes define strategy. It should be the other way around, where we clearly articulate our cyber deterrence strategy and rules of engagement,” said Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security. By offering […]

The post NDAA pushes U.S. Cyber Command to be more aggressive appeared first on Cyberscoop.

Continue reading NDAA pushes U.S. Cyber Command to be more aggressive

Hacktivists, Tech Giants Protest Georgia’s ‘Hack-Back’ Bill

Posted on by

Google, Microsoft, security researchers and hacking groups have lined up to protest the bill, which would criminalize unauthorized computer access. Continue reading Hacktivists, Tech Giants Protest Georgia’s ‘Hack-Back’ Bill

Army must empower next generation to succeed in cyber, senior official says

Posted on by

For the armed forces to succeed in cyberspace, the military must avoid “groupthink” by exploring new approaches and empowering junior service members, a senior U.S. Army official says. To quickly develop the Army’s cyber capabilities requires that leadership consider unique options while also adjusting for a different culture brought in by recruits who are inherently digitally savvy, according to Col. Chris Wade, director of the Army’s Task Force Cyber Strong. The program is designed to quickly develop and improve the military’s ability to defend against and launch cyberattacks. “What we want to avoid in the Army is that ‘groupthink,’” Wade said Thursday at the Red Hat Government Symposium presented by FedScoop. “That’s challenging for us as leaders … we got to embrace what’s going on .. giving power to the lowest levels so that guys can think through problems and rapidly react.” Wade, who serves in the Army’s Office of the Deputy Chief […]

The post Army must empower next generation to succeed in cyber, senior official says appeared first on Cyberscoop.

Continue reading Army must empower next generation to succeed in cyber, senior official says

Former officials buck White House adviser’s comments about government hacking

Posted on by

A top White House official says the U.S. government cannot rely on offensive cyber operations to deter foreign hackers from attacking American computer networks. Thomas Bossert, an assistant to the president for homeland security and counterterrorism, told an audience of former intelligence and defense officials Wednesday in Washington, D.C., that hacking into foreign computer networks should not be considered a means to deterring enemies from breaching American organizations. “There’s very little reason to believe that an offensive cyberattack is going to have any deterrent effect on a cyber adversary,” Bossert said. “In fact, it will likely encourage them to hurry up and become better hackers and develop better defenses. So I don’t just think this is a misnomer, but it’s something that we need to move past and say out loud.” Bossert suggested the U.S. government should instead leverage “national power” to stop future cyberattacks. “I think what we will […]

The post Former officials buck White House adviser’s comments about government hacking appeared first on Cyberscoop.

Continue reading Former officials buck White House adviser’s comments about government hacking

Cyber experts tell Congress that if companies can’t hack back, maybe the feds should

Posted on by

Corporate cybersecurity experts told senators that the U.S. government should launch offensive cyber-missions against hackers who attack and steal information from American companies. During a Senate Homeland Security and Governmental Affairs hearing Wednesday, Chairman Ron Johnson, R-Wis., asked a panel of prominent private sector cybersecurity executives how the U.S. government could better collaborate with American companies to combat malicious digital activity. The four-person panel, which consisted of individuals that work for Symantec, Monsanto, the Marine Corps University and a prominent U.S. law firm, unanimously agreed and told lawmakers that the U.S. government must do more to curb malicious cyber-activity. The follow-up question, however, of how exactly the country should advance such a broad effort, was met with widely different answers. “I would say where the government can help corporate America most is to do the thing corporate America cannot do for itself,” said Kevin Keeney, director of cyber incident response for the […]

The post Cyber experts tell Congress that if companies can’t hack back, maybe the feds should appeared first on Cyberscoop.

Continue reading Cyber experts tell Congress that if companies can’t hack back, maybe the feds should