Former CIA leader urges U.S. to prepare for inevitable cyberattacks

A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.

Former CIA leader Andrew Hallman said it is time for America to recognize it will be attacked in cyberspace and the nation must be better prepared to respond.

Mr. Hallman, former CIA deputy director for digital innovation, told The Washington Times’ “Threat Status” podcast that the U.S. must establish deterrence in the absence of international customs for digital warfare.

“I think we just have to be used to the fact that we’re going to be attacked, some of our most sensitive systems will be attacked, and we have to have the resiliency, but then also we have to be defending forward,” Mr. Hallman said. “And not simply be in a defensive posture but to be taking the fight directly to our adversaries because the reality is, as you know and I think our listeners know, is we don’t have a stable deterrent situation here when it comes to cyber.”

To defend cyberspace, the Biden administration is implementing a zero-trust framework that treats all networks, users and systems as potential threats.

After the federal government determined that conventional defenses could no longer secure data and systems, the administration in 2022 developed a Federal Zero Trust Strategy emphasizing identity and access controls.

The Cybersecurity and Infrastructure Security Agency, which helped implement that strategy, was hacked earlier this year. The agency has not formally identified the cyberattackers, who targeted a vulnerable appliance previously exploited by China-linked hackers.

Asked about the CISA hack, which was revealed last month, Mr. Hallman said the breach spotlights America’s digital battlefield.

Mr. Hallman, now vice president at Peraton after more than 30 years in the U.S. intelligence community, said digital conflict puts the U.S. in a “gray zone of warfare.”

“We should probably expect more of this, and this again points to the imperative of having resiliency within our government,” he said. “Resilient government, and even [a] resilient private sector, is paramount.”

Rules for responding to cyberattacks, however, are not clearly defined.

Soon after taking charge of the National Security Agency and U.S. Cyber Command in 2018, Army Gen. Paul M. Nakasone told the Aspen Institute that an attack on critical infrastructure was “above the threshold level of war, and we would certainly respond.”

The U.S. subsequently faced a deluge of ransomware and cyberattacks aimed at critical infrastructure systems.

Shortly before retiring this year, Gen. Nakasone changed his tune. Asked about his 2018 remarks, he told House lawmakers in January that he “probably would have said it differently today.”

Mr. Hallman said he firmly believes in “defending forward,” which involves being “offensively postured as well as defensively.”

U.S. Cyber Command conducts “hunt forward operations” that deploy U.S. personnel to partner nations to observe and detect hackers on foreign networks. The operations are conducted at the foreign partner’s request, as Ukraine did from December 2021 through March 2022.

Adversaries have criticized U.S. cyber operations’ expanded geographic footprint.

The Chinese Communist Party’s China Daily publication said this year that the U.S. frequently attacks other countries in cyberspace.

Mr. Hallman told “Threat Status” that he does not think American operations are on par with those of its adversaries.

“There’s no moral equivalency here between us and our adversaries. I do believe we’re in the right on this,” he said. “And we’re put in this situation, I mean they, I firmly believe that they have compelled us to be combatants on this digital battlefield, and so we should be the best at what we can be.”