The United States is prepared to go on the offensive in cyberspace to ensure adversaries know there is a price to pay for hacks, network intrusions and other types of attacks.
President Donald Trump signed a new National Cyber Strategy on Thursday, calling for a more aggressive response to the growing online threat posed by other countries, terrorist groups and criminal organizations.
“My administration will use all available means to keep America safe from cyber threats,” Trump said in a statement, calling the new strategy an “important step.”
Other key officials called the new strategy an important and badly needed change.
“We’re not just on defense,” National Security Adviser John Bolton told reporters. “We’re going to do a lot of things offensively, and I think our adversaries need to know that.”
“Our hands are not tied as they were in the Obama administration,” he added.
Strategy effective immediately
The strategy, which takes effect immediately, is being billed by the Trump administration as the first “fully articulated” cyberstrategy in 15 years, providing direction to various departments and agencies on how best to protect their data as well as the private data of millions of Americans.
The internet has brought prosperity and productivity to American lives and those across the world, Bolton said.
“We must do more to ensure it is secure and remains an engine of American growth,” he added.
He said the ultimate goal is “to create the structures of deterrence that will demonstrate to adversaries that the cost of their engaging in operations against us is higher than they want to bear.”
The new strategy comes less than two months before the U.S. midterm elections Nov. 6, and as key security and intelligence officials have amplified their warnings that Russia and other adversaries, such as China, Iran and North Korea, may seek to use cyber means to interfere.
“I remain deeply concerned about threats from several countries,” Director of National Intelligence Dan Coats said during a security conference outside Washington earlier this month, warning the threats are even more pervasive.
“Influence efforts online are increasingly being used around the globe,” Coats said. “The weaponization of cybertools and the relative lack of global guardrails significantly increases the risk.”
Promoting responsible behavior
The new U.S. cyberstrategy seeks to allay some of those concerns by promoting responsible behavior in cyberspace, urging nations to adhere to a set of norms, both through international law and voluntary standards.
It also calls for specific measures to harden U.S. government networks from attacks, like the June 2015 intrusion into the U.S. Office of Personnel Management (OPM), which compromised the records of about 4.2 million current and former government employees, an attack attributed to China.
And the strategy calls for the U.S. to continue to name and shame bad cyber actors, calling them out publicly for attacks when possible, along with the use of economic sanctions and diplomatic pressure.
“Not every response to a cyberattack would be in the cyber world,” Bolton said, calling offensive cyber tools “part of the range of instruments of national power that we have.”
Obama directive reversed
As for what offensive cyber measures might look like, Bolton would not say. But White House officials contend they have already made it easier for the military to hack back by reversing a directive from the Obama administration known as PPD-20, which created what they describe as a lengthy approval process for any offensive operation.
Military officials have said that newfound flexibility is being put to use.
“We are engaged every single day against our adversaries,” U.S. Cyber Command Commander General Paul Nakasone said at a security conference earlier this month.
“It may not be readily apparent because we are doing this very closely held,” Nakasone said, adding, “the forces that are working are well-trained, extremely capable and ready to do what’s necessary.”
The Trump administration has come under criticism at times for its approach to cybersecurity, raising concerns earlier this year when it eliminated the National Security Council’s cybersecurity coordinator.
A recent report from the Government Accountability Office also said that the administration’s efforts lacked “a more clearly defined, coordinated and comprehensive approach,” a charge repeated by some members of Congress.
But Bolton said the new strategy should ease such concerns.
“I’m satisfied that this allows us the comprehensive look at strategy across the entire government,” Bolton said. “Each agency knows its lane and is pursuing it vigorously.”
The new strategy also places a heavy emphasis on working with allies.
“There will be consultations, there have been already, with friends and allies because many of us are vulnerable to the same hostile actions,” Bolton said. “It’s very important that we work through our alliance structures where we can do that.”
White House Bureau Chief Steve Herman contributed to this article.