Pentagon Announces New Strategy for Cyberwarfare

shutterstock_keyboard

SAN FRANCISCO — The Pentagon on Thursday took a major step designed to instill a measure of fear in potential cyberadversaries, releasing a new strategy that for the first time explicitly discusses the circumstances under which cyberweapons could be used against an attacker, and naming the countries it says present the greatest threat: China, Russia, Iran and North Korea.

The policy, announced in a speech at Stanford University by Defense Secretary Ashton B. Carter, represents the fourth time in four months that the Obama administration has named suspected hackers or announced new strategies designed to raise the cost of cyberattacks.

A previous strategy, released in 2011, was less detailed and only alluded to the new arsenal of cyberweapons that the Pentagon was deploying. That strategy talked vaguely about adversaries, naming none.

But President Obama’s decision to publicly name North Korea’s leaders for ordering the largest destructive attack on an American target, the announcement of new sanctions against state-sponsored and criminal hackers, and the indictment of five members of the People’s Liberation Army for attacking American corporate targets all reflect a sea change in administration policy.

American officials have fumed for years that cyberattacks were largely cost-free. Now, much as Presidents Truman and Eisenhower struggled to define circumstances that could prompt a nuclear response from the United States, Mr. Obama and his aides are beginning to lay out conditions under which the nation would employ cyberattacks — either in retaliation for a strike, as an offensive weapon for conflict or in covert action. They have made no mention of the central role the United States played in the large cyberstrike against Iran’s nuclear program.

In his speech at Stanford, Mr. Carter revealed that — like the White House and the State Department — the Pentagon found itself the victim of a cyberintrusion months ago.

“The sensors that guard DoD’s unclassified networks detected Russian hackers accessing one of our networks,” he said, saying the attack exploited “an old vulnerability in one of our legacy networks that hadn’t been patched.” He said that a “crack team of incident responders” had “quickly..

Read more