World

Trump Administration and the U.K. Get Serious About Russia, Iran and North Korea's ‘Reckless Cyberattacks’

As the threat of election interference and malicious cyberattacks grabs headlines and the public imagination, governments are looking for ways to get serious about cyberthreats, and the strategy appears to be an offensive one.

On September 20, the Trump administration released its National Cyber Strategy, which permits “offensive cyber operations.” Meanwhile, The Times of London reported that the U.K. has launched an offensive cyberforce to combat malicious state actors and terrorists. The endeavor will cost around $330 million and employ a cyberarmy of around 2,000 people.

Russian hackers are cause for concern in both countries, while the U.S. government has also warned about cyberattacks from countries like Iran, North Korea and China.

“Russia, Iran, and North Korea conducted reckless cyber attacks that harmed American and international businesses and our allies and partners without paying costs likely to deter future aggression. China engaged in cyber-enabled economic espionage and trillions of dollars of intellectual property theft,” the strategy document reads.

987427150-594x594 A man wears an Anonymous mask during a protest on June 29, 2018. Maciej Luczniewski/NurPhoto/Getty Images

The new strategy appears to focus on “preserving peace through strength,” or creating enough of a deterrence to prevent cyberattacks from malicious state and non-state actors.

Some analysts said the first priority should be combating Chinese cyberespionage and intellectual property theft.

"The real cyber battles are way beyond and way older than the newly acknowledged election vulnerabilities. While we look at tactical battles, we cannot lose sight of what I think is the even much more critical intellectual property protection war. China has been using cyber as the preferred espionage tool of choice, estimated to cost the U.S. economy at least half a trillion dollars a year," Robert Katz, executive director of the Cyber Science Institute, told Newsweek.

"Reaffirmation of the critical role of the private sector is right on. While those outside the beltway were quick to criticize the perceived delay in issuing this strategy, they must nevertheless be able to step up to this challenge," Katz continued. "They need to better engage the innovation and academic communities in Silicon Valley, New York, Miami, the District of Columbia and throughout the U.S. to similarly step up to the call to action. For example, most start-ups and many incubators and venture capitalists are literally falling over themselves to accept Chinese money while leading U.S. universities continue to educate more adversarial students than U.S. ones." 

The new cyber strategy “builds on President Trump’s Executive Order Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, signed in May 2017,” according to a White House Statement. It was also released just one month after Trump officially reversed Presidential Policy Directive 20, an Obama-era framework that agencies had to follow to launch an offensive cyberattack, claiming that it delayed action.

John Bolton, Trump’s national security adviser, has played an outsized role in promoting this offensive vision of U.S. cyberstrategy, according to reports. In May, he abolished the National Security Council’s cybersecurity coordinator role to allegedly eliminate overlap of responsibilities. Ever since, he’s promoted a number of directives that removed red tape that could delay the launch of cyber attacks.

The administration’s cyberstrategy was also released just one day after the Pentagon released a declassified summary of its own cyberstrategy with little fanfare. The strategy singles out Russia and China as the country’s greatest cyberthreats.

“Our focus will be on the States that can pose strategic threats to U.S. prosperity and security, particularly China and Russia. We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict,” the Pentagon’s summary reads. “We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.”