John Bolton: Trump cyber policy broadening ability to conduct offensive campaigns

National Security Adviser John R. Bolton touted policies Tuesday allowing the U.S. government more leeway to conduct cyberattacks against foreign targets, adding that the Trump administration is prepared to launch campaigns to deter hackers from compromising U.S. companies and institutions.

Mr. Bolton made the remarks during a meeting with chief financial officers while discussing efforts by the Trump administration to safeguard U.S. computer systems from state-sponsored attacks like the ones suffered by Sony Pictures Entertainment in 2014 and the U.S. electoral process in 2016. The meeting was hosted by The Wall Street Journal.

Signed by President Trump in August 2018, a presidential memorandum known as NSPM 13 “fundamentally changed” the way the U.S. makes decisions about offensive cyber operations and widened the government’s capabilities across the board with respect to engaging in more offensive activities, Mr. Bolton said.

“We’re doing a lot of preparatory work to create the structures of internal authorities to allow our cyber-capable entities to go forward and developing the strategy as we go,” Mr. Bolton said at the event. “We thought the response in cyberspace against electoral meddling was the highest priority last year and so that’s where we focused on, but we’re now opening the aperture, broadening the areas we’re prepared to act in.”

Mr. Bolton praised the policy change as “creating structures of deterrence” by making adversaries aware of the potential risks associated with attacking U.S. targets.

He added that the memorandum was “pretty successful” during the 2018 U.S. midterm elections but said he was precluded from discussing specifics due to its classified nature.

“I’ll just speak hypothetically,” Mr. Bolton said. “Let’s say there’s an entity out there that’s trying to interfere in American elections. An offensive campaign means preventing them from doing that. Destroying their capabilities. Doing something else. And it doesn’t have to be completely symmetrical. In other words, to respond to efforts in cyberspace to disrupt elections, our response doesn’t have to be only in cyberspace. So we’re looking at really the full range of things that we can do.”

Russian state-sponsored hackers attacked U.S. systems during the 2016 presidential race won by Mr. Trump, according to federal law enforcement and intelligence agencies.

Multiple outlets previously reported that the U.S. Cyber Command carried out an offensive operation aimed at preventing a similar outcome during last year’s midterm elections.

Blamed for compromising victims including the Democratic National Committee and state election systems, the campaign against the U.S. electoral process came less than two years after Sony was hacked in a data breach that the movie studio subsequently attributed with causing $15 million in damages. The FBI has since blamed that hack on the North Korean government, making the DNC and Sony hacks two of the largest alleged state-sponsored cyberattacks suffered in recent years by U.S. victims.

Russian and North Korea denied responsibility for the DNC and Sony hacks, respectively.