U.S. Govt. Hackers Ready to Hit Back If Russia Tries to Disrupt Election
American officials have long said publicly that Russia, China and other nations have probed and left hidden malware on parts of U.S critical infrastructure, “preparing the battlefield,” in military parlance, for cyber attacks that could turn out the lights or turn off the internet across major cities.
It’s been widely assumed that the U.S. has done the same thing to its adversaries. The documents reviewed by NBC News — along with remarks by a senior U.S. intelligence official — confirm that, in the case of Russia.
U.S. officials continue to express concern that Russia will use its cyber capabilities to try to disrupt next week’s presidential election. U.S. intelligence officials do not expect Russia to attack critical infrastructure — which many believe would be an act of war — but they do anticipate so-called cyber mischief, including the possible release of fake documents and the proliferation of bogus social media accounts designed to spread misinformation.
On Friday the hacker known as “Guccifer 2.0” — which U.S. officials say is a front for Russian intelligence — tweeted a threat to monitor the U.S. elections “from inside the system.”
As NBC News reported Thursday, the U.S. government is marshaling resources to combat the threat in a way that is without precedent for a presidential election.
The cyber weapons would only be deployed in the unlikely event the U.S. was attacked in a significant way, officials say.
***
U.S. military officials often say in general terms that the U.S. possesses the world’s most advanced cyber capabilities, but they will not discuss details of highly classified cyber weapons.
James Lewis, a cyber expert at the Center for Strategic and International Studies, says that U.S. hacks into the computer infrastructure of adversary nations such as China, Russia, Iran and North Korea — something he says he presumes has gone on for years — is akin to the kind of military scouting that is as old as human conflict.
“This is just the cyber version of that,” he said.
In 2014, National Security Agency chief Adm. Mike Rogers told Congress that U.S. adversaries are performing electronic “reconnaissance” on a regular basis so that they can be in a position to disrupt the industrial control systems that run everything from chemical facilities to water treatment plants.
“All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” he said at the time.
Rogers didn’t discuss the U.S.’s own penetration of adversary networks. But the hacking undertaken by the NSA, which regularly penetrates foreign networks to gather intelligence, is very similar to the hacking needed to plant precursors for cyber weapons, said Gary Brown, a retired colonel and former legal adviser to U.S. Cyber Command, the military’s digital war fighting arm.
“You’d gain access to a network, you’d establish your presence on the network and then you’re poised to do what you would like to do with the network,” he told NBC News. “Most of the time you might use that to collect information, but that same access could be used for more aggressive activities too.”
**
Brown and others have noted that the Obama administration has been extremely reluctant to take action in cyberspace, even in the face of what it says is a series of Russian hacks and leaks designed to manipulate the U.S. presidential election.
Administration officials did, however, deliver a back channel warning to Russian against any attempt to influence next week’s vote, officials told NBC News.
The senior U.S. intelligence official said that, if Russia initiated a significant cyber attack against critical infrastructure, the U.S. could take action to shut down some Russian systems — a sort of active defense.
Retired Adm. James Stavridis, who served as NATO commander of Europe, told NBC News’ Cynthia McFadden that the U.S. is well equipped to respond to any cyber attack.
“I think there’s three things we should do if we see a significant cyber-attack,” he said. “The first obviously is defending against it. The second is reveal: We should be publicizing what has happened so that any of this kind of cyber trickery can be unmasked. And thirdly, we should respond. Our response should be proportional.”
**
The U.S. use of cyber attacks in the military context — or for covert action — is not without precedent.
During the 2003 Iraq invasion, U.S spies penetrated Iraqi networks and sent tailored messages to Iraqi generals, urging them to surrender, and temporarily cut electronic power in Baghdad.
In 2009 and 2010, the U.S., working with Israel, is believed to have helped deploy what became known as Stuxnet, a cyber weapon designed to destroy Iranian nuclear centrifuges.
Today, U.S. Cyber Command is engaged in cyber operations against the Islamic State, including using social media to expose the location of militants and sending spoof orders to sow confusion, current and former officials tell NBC News.
One problem, officials say, is that the doctrine around cyber conflict — what is espionage, what is theft, what is war — is not well developed.
“Cyber war is undefined,” Brown said. “There are norms of behavior that we try to encourage, but people violate those.”
*****
UK Announces New Policy on Cyber Attacks: ‘We Will Strike Back in Kind’
In recognition of the risk cyber attacks pose, the government’s 2015 Strategic Defence and Security Review classified cyber as a Tier One threat to the UK – that’s the same level as terrorism, or international military conflict. …
AtlanticCouncil: [W]e must keep up with the scale and pace of the threat we face. So today I am launching the government’s National Cyber Security Strategy for the next 5 years. The new strategy is built on three core pillars: defend, deter and develop, underpinned by £1.9 billion of transformational investment.
First of all Defend. We will strengthen the defences of government, our critical national infrastructure sectors like energy and transport, and our wider economy. We will work in partnership with industry to apply technologies that reduce the impact of cyber-attacks, while driving up security standards across both public and private sectors. We will ensure that our most sensitive information and networks, on which our government and security depend, are protected.
In practice, that means government taking a more active cyber defence approach – supporting industry’s use of automated defence techniques to block, disrupt and neutralise malicious activity before it reaches the user. The public have much to gain from active cyber defence and, with the proper safeguards in place to protect privacy, these measures have the potential to be transformational in ensuring that UK internet users are secure by default.
We are already deploying active cyber defence in government and we know it works: we’ve already successfully reduced the ability of attackers to spoof government e-mails as a key example. Until 6 weeks ago we were seeing faking of some @gov.uk addresses, such as ‘taxrefund@gov.uk ’. Criminals have been using these fake addresses to defraud people, by impersonating government departments. 50,000 spoof emails using the taxrefund@gov.uk address were being sent a everyday – now, thanks to our interventions, there are none.
The second pillar is deterrence. We will deter those who seek to steal from us, threaten us or otherwise harm our interests in cyberspace. We’re strengthening our law enforcement capabilities to raise the cost and reduce the reward of cyber criminality – ensuring we can track, apprehend and prosecute those who commit cyber crimes. And we will continue to invest in our offensive cyber capabilities, because the ability to detect, trace and retaliate in kind is likely to be the best deterrent. A small number of hostile foreign actors have developed and deployed offensive cyber capabilities, including destructive ones. These capabilities threaten the security of the UK’s critical national infrastructure and our industrial control systems.
If we do not have the ability to respond in cyberspace to an attack which takes down our power networks leaving us in darkness, or hits our air traffic control system, grounding our planes, we would be left with the impossible choice of turning the other cheek and ignoring the devastating consequences, or resorting to a military response. That is a choice that we do not want to face – and a choice we do not want to leave as a legacy to our successors. That is why we need to develop a fully functioning and operational cyber counter-attack capability. There is no doubt in my mind that the precursor to any future state-on-state conflict would be a campaign of escalating cyber-attacks, to break down our defences and test our resolve before the first shot is fired. Kinetic attacks carry huge risk of retaliation and may breach international law.
But in cyber space those who want to harm us appear to think they can act both scalably and deniably. It is our duty to demonstrate that they cannot act with impunity. So we will not only defend ourselves in cyberspace; we will strike back in kind when we are attacked.
And thirdly development. We will develop the capabilities we need in our economy and society to keep pace with the threat in the future. To make sure we’ve got a pipeline talented of people with the cyber skills we need, we will increase investment in the next generation of students, experts and companies.
I can announce we’re creating our latest cyber security research institute – a virtual network of UK universities dedicated to technological research and supported by government funding. The new virtual institute will focus on hardware and will look to improve the security of smart phone, tablets and laptops through innovative use of novel technology. We’re building cyber security into our education systems and are committed to providing opportunities for young people to pursue a career in this dynamic and exciting sector. And we’re also making sure that every young person learns the cyber life-skills they need to use the internet safely, confidently and successfully.
These three pillars that I’ve outlined – deter, defend and develop – are all supported by our new National Cyber Security Centre, based in Victoria in central London.
For the first time the government will have a dedicated, outward-facing authority on cyber – making it much simpler for business to get advice on cyber security and to interact with government on cyber security issues. Allowing us to deploy the high level skills that government has, principally in GCHQ, to support the development of commercial applications to enhance cyber security.
The Centre subsumes CERT UK and will provide the next generation of cyber security incident management. This means that when businesses or government bodies, or academic organisations report a significant incident, the Centre will bring together the full range of technical skills from across government and beyond to respond immediately. They will link up with law enforcement, help mitigate the impact of the incident, seek to repair the damage and assist in the tracing and prosecution of those responsible.
Across all its strands, the National Cyber Security Strategy we’re publishing today represents a major step forward in the fight against cyber attack.
Excerpts from “Speech Launching the National Cyber Security Strategy,” by Chancellor of the Exchequer Philip Hammond, Nov. 1, 2016.
