A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
The U.S. Cyber Command’s top official insisted Wednesday that efforts to deter Chinese and Russian cyberattacks are working despite mounting hacks from those adversaries that have hammered American businesses and targeted critical infrastructure in recent years.
Americans, an official acknowledged in testimony on Capitol Hill, see constant alerts of China and Russia’s hackers burrowing into infrastructure and breaking into people’s emails for leverage in potential crises or wars.
But Air Force Gen. Timothy Haugh said what people do not see, and he cannot publicly disclose, are the several ways in which the U.S. Cyber Command he leads has deterred China and Russia’s digital operations.
“I do believe that both the PRC and Russia understand our capabilities and I’d like to be able to walk through with you, in the closed session, some examples of that,” Gen. Haugh told senators on Wednesday.
Lawmakers at a Senate Armed Services Committee budget oversight hearing expressed concern that the U.S. cyber defenses are failing to counter sophisticated cyber adversaries. U.S. officials told Congress earlier this year that China was hacking into key infrastructure computer networks and “lurking” to wreak havoc at a later date.
Software giant Microsoft, meanwhile, said it had discovered Russian hackers peering through its executives’ emails to learn what cybersecurity defenders knew about their tactics.
Sen. Angus King told Gen. Haugh on Wednesday he has concerns that U.S. officials have no effective deterrence strategy in cyberspace, which the Maine independent said should include an offensive capability that would make America’s enemies think twice about attacking.
“We tend to patch, defend, sanction after the fact, but we really don’t have a deterrence strategy,” Mr. King, who caucuses with Democrats, said at the hearing.
Gen. Haugh, who said he could talk more frankly about the Cyber Command’s operations in a classified setting, said the Pentagon wants its digital warriors to practice what he called “integrated deterrence” — working with private industry and foreign allies to swell their collective digital defenses while working to develop capabilities other countries cannot match.
The push for integrated deterrence in cyberspace is part of the Pentagon’s planned Cyber Command 2.0, the development of the next generation of America’s cyber defenders.
Gen. Haugh told cyber lawyers at a department conference on Tuesday that preparing for Cyber Command 2.0 means studying how it generates forces, structures its headquarters and manages its architecture.
Cyber Command has been tasked with evaluating its past, present, and “whether or not we should consider a cyber service,” Gen. Haugh said at the conference. He told the cyber lawyers that the department has brought in an outside think tank to look at the question and the options and to brainstorm solutions.
The possible creation of a Cyber Force as an independent military service captured attention in Washington last month when the Foundation for Defense of Democracies, a nonpartisan think tank, called for the establishment of such a force to stand alongside the Army, Navy, Marine Corps, Air Force and Space Force.
While the Pentagon works on planning its digital future, Cyber Command is also making changes now to more quickly respond to foreign cyberattacks.
Gen. Haugh told the cyber lawyers on Tuesday that Cyber Command has been given the green light to place officers with every federal agency that has oversight of a segment of critical infrastructure, which includes such things as water systems, power grids and transportation networks.
The cyber command officers’ placement, he said, will allow the people detecting foreign threats to more quickly share information with federal officials who have the authority to respond to domestic attacks.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.