US Has Devastating Cyber Weapons

The White House took a first step this week to fulfill President Donald Trump’s campaign pledge to launch “crippling, crippling” cyber-attacks on adversaries to protect US computer systems, unveiling a new strategy that will allow the United States to take the offensive in cyberspace. 

But experts warn that the new cyber strategy risks exposing the United States to blowback and turning the Internet into a Wild West of hacking operations. 

In rolling out the administration’s new “National Cyber Strategy,” National Security Advisor John Bolton said that Trump had removed restrictions on the use of offensive cyber-operations and replaced them with a more permissive legal regime that gives the Defense Department and other agencies greater authority to penetrate foreign networks to deter hacks on US systems.

“Our hands are not tied as they were in the Obama administration,” Bolton said. Bolton described the new authority as part of an effort to “create powerful deterrence structures that persuade the adversary not to strike in the first place.” 

Decision-making for launching some attacks will be moved down the chain of command; previously, offensive cyber-operations generally required the approval of the president. Those envisioned in the new policy will include both offensive and defensive actions, only some of which may be made public, Bolton said. 

In a separate strategy document released recently, the Defense Department said it would “defend forward” US networks by disrupting “malicious cyber activity at its source.” The new policy comes amid intense scrutiny of the Trump administration’s efforts to deter foreign interference in the upcoming midterm elections. 

In 2016, Russian hackers affiliated with military and intelligence agencies hacked computers belonging to the Democratic Party, released stolen emails, and carried out a propaganda campaign to favor Trump’s chances. Trump, as a candidate, poured skepticism on Russian responsibility but argued the United States should “be better than anybody else” at “the cyber.”

But exactly how the Trump administration will use the newly unleashed offensive cyber-capability remains unclear, as the policy’s details remain classified. A spokesperson for the National Security Council declined to say at what point a US cyberattack would require presidential approval.

Bolstering the country’s ability to operate offensively in cyberspace makes sense, as long as these capabilities aren’t used in isolation, said Michael Daniel, the top cybersecurity advisor in the Obama administration.

“More frequent use of offensive cyber-capabilities only make sense as part of a broader, coordinated foreign-policy strategy involving multiple elements of national power,” Daniel said Michael Daniel.

“If the US government does decide to significantly increase its offensive cyber-actions, it should think those operations through carefully and clearly embed them in a larger strategy for dealing with the particular target,” added Daniel, who now runs the Cyber Threat Alliance, an industry group.

One big concern with offensive cyber-weapons is that they can cause collateral damage far beyond the original, intended target. 

In 2017, Russian operatives unleashed the NotPetya ransomware on the Ukrainian financial system, but the virulent worm spread around the world and caused billions of dollars in damage, shut down hospitals, and caused massive disruptions to global shipping and commerce.

Foreign Policy:

You Might Also Read: 

Trump Relaxes US Cyber Attack Rules:

Hackers Are Fighting A Surrogate Cold War:

 

« UK Builds 2,000-Strong Offensive Cyber Force
Major Facebook Breach: 50m Users Compromised »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

ArmorCode

ArmorCode

ArmorCode's intelligent application security platform gives us unified visibility into AppSec postures and automates complex DevSecOps workflows.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

Secrutiny

Secrutiny

Scrutiny's core services include Cyber Maturity, Cyber Risk Analyser, Cyber Controls, Incident Response, SOC, Cyber Recovery and Assurance Testing.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.

XONA

XONA

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.