Gen. Paul Nakasone, the commander of the U.S. military’s Cyber Command and the director of the National Security Agency, testified to the Senate Armed Services Committee last Thursday on the current state of Cyber Command and cybersecurity. His testimony provided some alarming news about the threats America faces.
Nakasone spoke of the increasing sophistication of hacks against the United States government and private sector companies from a range of adversaries. One of the best and most recent examples is the hack on SolarWinds, a top tier technology company that develops software for both government and private organizations.
The hack is believed to have been carried out by Russian hackers affiliated with the Russian military intelligence to spy on American companies and the U.S. government.
>>> VIRTUAL EVENT: SolarWinds and Cozy Bears: How Russian Hackers Compromised the U.S. Government and How We Can Reduce the Chances of It Happening Again
The hackers were able to enter SolarWinds’ network, which then allowed them to manipulate a software update. That manipulated software update was then sent to a huge number of Fortune 500 companies and government departments—including the departments of Homeland Security, Defense, and Justice—putting a large amount of government and private data at risk.
Nakasone summed up why this hack is so significant. He said, “What we’ve seen with the SolarWinds and other intrusions is an increasing level of sophistication, this is a scope, a scale, a level of sophistication we hadn’t seen previously.”
Hacks such as SolarWinds’ are also not one-off disasters, but will only continue to happen, and increase in scope and scale.
Nakasone is looking into both the resiliency of the United States cyberinfrastructure as well as ways to act against our adversaries, such as cyber operations, diplomacy, or sanctions. Though many of his answers lacked detail due to the secret nature cyber operations, he did highlight the threats facing America and Cyber Command.
What was most alarming is the stealth of cyberthreats once they enter the United States. “It’s not the fact that we can’t connect the dots,” Nakasone said, “we can’t see all of the dots.” This is partly due to the laws that rightly place limits on the military’s access to private networks.
Nakasone highlighted the fact that our cyber adversaries understand our policies and laws, and use them against us. For example, they exploit U.S. privacy laws to enter the infrastructure of the United States and execute hacks.
He said, “Our adversaries are moving very quickly, they understand the laws and the policies that we have within our nation, and so they are utilizing our own infrastructure, our own internet service providers to create these intrusions.”
The speed and effectiveness of our adversaries once they enter our networks, along with their skill at evading detection, is a dangerous combination, and poses a significant threat to our cybersecurity as a nation.
Because the military cannot operate domestically, it would then fall upon domestic law enforcement agencies—not Cyber Command—to respond to these hack attempts.
This is why it is important for the private sector to play a role in cybersecurity, and for the government to build more cooperative relationships with private sector partners. Making information sharing a two-way street would be a much-needed improvement toward stronger cybersecurity.
Nakasone noted that there is currently a gap in information sharing—and even legal barriers to information sharing—between the public and private sectors.
The government is often hesitant to share information with private sector partners due to classification concerns, but this is the type of information that should be distributed. It can be done in a way that still protects intelligence that should remain secret.
The information gap must be closed to better defend both the public and private sectors. Without the proper means to share information, it will be more difficult to defend ourselves in the future.
Nakasone highlighted important concerns that policymakers now need to address. Giving Cyber Command all of the tools it needs to fight America’s adversaries in cyberspace and building stronger public-private partnerships should be top priorities.
This piece originally appeared in The Daily Signal.