Politics, Uncertainty Slowing Down U.S. Response to Cyber Threats

The shift in the last few years to cyberespionage and online attacks against the nation’s critical infrastructure have left the United States government lagging behind, and “a day late and a dollar short”, the former director of the National Security Agency said.

WASHINGTON–The shift in the last few years to cyberespionage and online attacks against the nation’s critical infrastructure have left the United States government lagging behind, and “a day late and a dollar short”, the former director of the National Security Agency said.

The ongoing campaigns from organized groups, military units and state-sponsored attackers to compromise critical networks and either steal sensitive information or disrupt operations have in some ways caught portions of the U.S. government if not by surprise, then unprepared. Michael Hayden, the retired former NSA director and CIA director, said that although the attacks themselves are nothing new, the kind of attackers on the scene have changed, as have their goals and they methods that are needed to discover and disrupt them.

“We’re a day late and a dollar short when it comes to the government doing what we’re accustomed to it doing to keep us safe,” Hayden said, speaking at the Kaspersky Lab Government Cybersecurity Forum here Tuesday. “We’ve had centuries down here in these other domains. We’re very new up here.”

Hayden, who presided over the NSA at a time when the sands were shifting beneath the agency’s feet as the nation’s adversaries moved from traditional espionage to long-term, sophisticated cyberespionage attacks, said that one of the main reasons that the U.S. intelligence community has had a hard time responding to this threat is the lack of guidance from the other parts of the government.

“Although I’m confident that we have the greatest concentration of cyber power a forty-five dollar cab ride from here [at the NSA], most the America’s talent and capacity has not yet entered the game,” Hayden said. “General Alexander may not tell you this, but he’s got world-class athletes not only aren’t in the game, they’re not even suited up and still sitting in the locker room. And the reason’ they’re not in the game is because he lacks the legal and policy guidance to do these things. The reason is that you and I haven’t decided as a country what we want our government to do to keep us safe in this domain.”

The definition of safety is changing by the minute, especially in light of attacks that have targeted energy companies, utilities and other organizations that control physical assets. Although such attacks against key targets have been ongoing for years now, Hayden pointed to the Stuxnet attack as a turning point not just in terms of technical sophistication, but also in terms of tactics. The very use of Stuxnet showed a different kind of thinking that had not been in evidence before, he said.

“We’re now beginning to see the future, and that’s occupying space in other networks, using your presence to create effects that aren’t confined to cyber, but are felt down within physical space,” he said. “Inarguably the poster child for this would be Stuxnet. Given my background as director of NSA, I view crashing a thousand centrifuges at Natanz as an unalloyed good. Someone, almost certainly a nation state, during a time of peace, viewing it as an act of self-defense or non-proliferation, used a weapon comprised of ones and zeroes and destroyed what another nation could only describe as critical infrastructure.

“Somebody crossed a rubicon. We have a legion on the wrong side of the river. This is very different in terms of scale, but this has the kind of flavor of August 1945. This is a new category of weapon, and in a sense, that kind of use sort of legitimates its use by other actors.”

Discussing the threat of cyberespionage, specifically from attackers in China infiltrating U.S. and other Western networks to steal intellectual property, Hayden said Chinese attackers, both military and otherwise, have a different mindset and different goals than Western intelligence agencies have. They all steal secrets, but not for the eventual enrichment of private companies, which is the key accusation aimed at China.

“That stealing your stuff thing, we did a lot of that [at the NSA]. Actually, I’d like to think we’re number one. But we stole stuff to keep you safe. We didn’t steal stuff to make you rich, which is really the nub of the issue with the Chinese. These attacks aren’t new. This has been going on for a long time.”

Hayden, who know works at The Chertoff Group, compared the current state of cyberespionage affairs with the climate on the high seas in the 19th century. He also hinted that the current discussion in the security and law enforcement communities about the concept of hacking back could lead to interesting solutions.

“The last time the government was late to need, in the 19th century, in the last great era of globalization, we issued letters of marque and reprisal,” Hayden said.

Suggested articles

Business Email Compromise

Universities Put Email Users at Cyber Risk

DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.


Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.