WASHINGTON — How to defend the United States from cyber attacks has become a much tougher problem as countries like Russia become increasingly skilled at using information as a weapon, intelligence experts warn.
“Who knows what’s coming?” said retired Air Force Gen. Michael Hayden, former director of the Central Intelligence Agency and the National Security Agency.
The U.S. intelligence community has been blindsided in the past and it may happen again as adversaries hatch new ways to fight in cyberspace, Hayden said Oct. 3 at the Washington Post Cybersecurity Summit.
Government agencies have a tendency to drink their own kool-aid, which leaves them vulnerable to sneak attacks, Hayden cautioned. “There is a tendency to underplay discontinuities, to think that tomorrow is going to look a lot like today. We are not so good at looking around corners.”
A “tyranny of expertise” is one reason why intelligence experts failed to predict the Arab Spring, for instance, Hayden suggested. Critics also have pointed out the intelligence community did not anticipate the emergence of Russia as a military aggressor, or North Korea’s advances in nuclear weapons and ballistic missiles.
More imagination and outreach beyond agencies’ traditional domains will be needed to prepare for future cyber conflicts, Hayden said.
The Trump administration soon will complete the final draft of a broad “cyber deterrence strategy” that will recognized that no single agency or country can do this alone. The White House believes this requires a “portfolio approach,” said White House Cybersecurity Coordinator Rob Joyce.
The strategy will emphasize international alliances and collaboration between government agencies, said Joyce, who is one of the administration’s foremost authorities on cybersecurity, having spent 27 years at the NSA.
Of note to space enthusiasts, Joyce every Christmas runs a computerized light display synchronized to music that he claims is visible from the International Space Station.
The United States and allies, said Joyce, “have to work hard on the norms and expectations” of how cyberwars will be fought in the future.
“Governments are seeing the asymmetric value of this operation,” he said. “When you connect the physical, the kinetic, the information, the intelligence sides all together, that is when things get really impactful.”
Within the U.S. government, the Department of Homeland Security, the Pentagon and the intelligence community all play central roles in defending the nation from cyberattacks, he noted. Part of the deterrence strategy is to ensure there are legal and monetary costs to perpetrating attacks. Diplomacy and sanctions also are part of the mix.
Joyce said he is confident that Trump’s cyber strategy will be embraced by Washington even in these times of deep division and dysfunction.
“The great thing about cyber is that it’s an apolitical issue,” he said. “Democrats and Republicans alike understand the risk, want to help, are passionate about driving down the risk we face in cyber.”
The White House cyber strategy will look broadly at how the nation will protect so-called “critical infrastructure” — communications, air transport, maritime trade, financial services.
For the space industry, the implications are significant and wide ranging. The U.K. think tank Chatham House noted in a report last year that space has become the final frontier of cybersecurity. Increasingly many essential services depend on the space infrastructure, including satellites, ground stations and data links at national and international levels.
“Satellites and other space assets, just like other parts of the digitized critical infrastructure, are vulnerable to cyberattack,” said the report. “Cyber vulnerabilities in space therefore pose serious risks for ground-based critical infrastructure, and insecurities in the space environment will hinder economic development and increase the risks to society.”