US Has Devastating Cyber Weapons

Uploaded on 2018-09-28 in INTELLIGENCE--USA, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, NEWS-News Analysis

The White House took a first step this week to fulfill President Donald Trump’s campaign pledge to launch “crippling, crippling” cyber-attacks on adversaries to protect US computer systems, unveiling a new strategy that will allow the United States to take the offensive in cyberspace. 

But experts warn that the new cyber strategy risks exposing the United States to blowback and turning the Internet into a Wild West of hacking operations. 

In rolling out the administration’s new “National Cyber Strategy,” National Security Advisor John Bolton said that Trump had removed restrictions on the use of offensive cyber-operations and replaced them with a more permissive legal regime that gives the Defense Department and other agencies greater authority to penetrate foreign networks to deter hacks on US systems.

“Our hands are not tied as they were in the Obama administration,” Bolton said. Bolton described the new authority as part of an effort to “create powerful deterrence structures that persuade the adversary not to strike in the first place.” 

Decision-making for launching some attacks will be moved down the chain of command; previously, offensive cyber-operations generally required the approval of the president. Those envisioned in the new policy will include both offensive and defensive actions, only some of which may be made public, Bolton said. 

In a separate strategy document released recently, the Defense Department said it would “defend forward” US networks by disrupting “malicious cyber activity at its source.” The new policy comes amid intense scrutiny of the Trump administration’s efforts to deter foreign interference in the upcoming midterm elections. 

In 2016, Russian hackers affiliated with military and intelligence agencies hacked computers belonging to the Democratic Party, released stolen emails, and carried out a propaganda campaign to favor Trump’s chances. Trump, as a candidate, poured skepticism on Russian responsibility but argued the United States should “be better than anybody else” at “the cyber.”

But exactly how the Trump administration will use the newly unleashed offensive cyber-capability remains unclear, as the policy’s details remain classified. A spokesperson for the National Security Council declined to say at what point a US cyberattack would require presidential approval.

Bolstering the country’s ability to operate offensively in cyberspace makes sense, as long as these capabilities aren’t used in isolation, said Michael Daniel, the top cybersecurity advisor in the Obama administration.

“More frequent use of offensive cyber-capabilities only make sense as part of a broader, coordinated foreign-policy strategy involving multiple elements of national power,” Daniel said Michael Daniel.

“If the US government does decide to significantly increase its offensive cyber-actions, it should think those operations through carefully and clearly embed them in a larger strategy for dealing with the particular target,” added Daniel, who now runs the Cyber Threat Alliance, an industry group.

One big concern with offensive cyber-weapons is that they can cause collateral damage far beyond the original, intended target. 

In 2017, Russian operatives unleashed the NotPetya ransomware on the Ukrainian financial system, but the virulent worm spread around the world and caused billions of dollars in damage, shut down hospitals, and caused massive disruptions to global shipping and commerce.

Foreign Policy:

You Might Also Read: 

Trump Relaxes US Cyber Attack Rules:

Hackers Are Fighting A Surrogate Cold War:

 

« UK Builds 2,000-Strong Offensive Cyber Force
Major Facebook Breach: 50m Users Compromised »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

Cyber Data-Risk Managers

Cyber Data-Risk Managers

Cyber Data-Risk Managers Pty Ltd is an insurance broker based in Melbourne, Australia specializing in Cyber insurance / Data breach insurance.

Prim'X Technologies

Prim'X Technologies

Prim'X Technologies provides information protection solutions to prevent unauthorised access to sensitive data.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

Golden Frog

Golden Frog

Golden Frog is a Virtual Private Network services provider offering secure encrypted access to the internet.

Interos

Interos

Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through a breakthrough AI SaaS platform.

Kintek Group

Kintek Group

Kintek Group provides cybersecurity and managed services to protect organizations from threats that exist inside and outside their networks.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

IEC Cyber Ltd

IEC Cyber Ltd

IEC Cyber provides Cyber security consulting services for OT systems, with emphasis on process systems aligned to IEC 61508 and IEC 61511. We are a preferred consulting firm for IEC 62443 services.