Jeh Johnson Says U.S. Cyber Offensive Capabilities Act as Deterrent Amid Ransomware Attacks

Former Secretary of the Department of Homeland Security Jeh Johnson said the U.S. government should use its offensive cyber capabilities "that are second to none" as a means of deterring future attacks, in a video presented by the Atlantic Council, a Washington D.C. think tank.

These comments were part of the many suggestions offered by Johnson as a means of responding to the growing threat of cyber warfare against the nation's critical infrastructure, including its energy, transportation, and financial sectors.

With the average amount of recorded ransomware transactions per month in 2021 totaling over $102 million, according to Forbes, cyberattacks continue to wreak havoc on the U.S. economy. In this year alone, America has seen major attacks on its critical infrastructure like the hits on the Colonial Pipeline and JBS Foods.

Johnson's comments indicate that the former director believes the country could put itself in a better position to avoid becoming a victim to these attacks by launching its own offensive efforts against the digital sphere's bad actors.

Former Homeland Security Secretary Jeh Johnson Testifies
Former Homeland Security Secretary Jeh Johnson offered a number of suggestions on how to combat future cyber attacks. Here, he testifies before the House Intelligence Committee in an open hearing in the U.S. Capitol Visitors Center on June 21, 2017, in Washington, D.C. Photo by Chip Somodevilla/Getty Images

"The United States has offensive cyber capabilities that are second to none. They should serve as both a defense and as a deterrent," Johnson said. "I am a recipient of the Ronald Reagan Peace Through Strength Award. Like President Reagan, I believe that peace and security is achieved through strength."

Johnson called cyberspace "the new 21st-century war zone," and said that attacks carried out through cyber measures must be viewed as attacks against the nation itself and should warrant a national response. Given the interconnectedness of the U.S. economy, he warned that one attack—on the energy sector, for example—could have wide-reaching consequences across the nation.

In addition to combatting these attacks through stepping up its offensive operations, Johnson suggested that the government must "bolster" its mandatory reporting measures. Rather than allow companies the option to shield knowledge of attacks, Johnson hopes that the country will eventually implement "[a] real-time view of [the] battlefield" that would allow the Cyber Command to monitor for attacks.

Johnson also called on Congress to come together and create "minimum standards for cybersecurity in critical infrastructure." This, he suggested, would push companies that have neglected to address the issue to step up their defensive operations.

"Most of our nation's critical infrastructure is in the hands of the private sector," Johnson said. "Working with the private sector, the government ought to be able to develop basic, practical and implementable standards. The good news is that many large and sophisticated companies within critical infrastructure are far along in the cybersecurity of their own assets. Others are not, including many new entrants to sectors of critical infrastructure."