X

US will use cyberattacks to defend against threats -- report

The Defense Department is expected to announce a modification to the nation's strategy that will result in the use of cyberattacks as a defense tactic.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
3 min read

The US Defense Department is set to announce a new strategy to combat cyberthreats from other countries, according to a report.

US Defense Secretary Ash Carter on Thursday will outline the military's decision to start responding to foreign threats with cyberattacks, Reuters reported after seeing a copy of the strategy. The decision to go public and to use cyberwarfare tactics is designed to deter potential attacks, according to the document. The purpose is not to use cyberwarfare as the first salvo in any battle with another country, the document says, according to Reuters.

The news outlet said the document specifically cites Russia, China, Iran and North Korea.

The update to the US military strategy underscores the ever-increasing importance of cyberwarfare. Over the last several years, the US, China, Russia and others have criticized one other for allegedly hacking networks and computers to steal sensitive information. There is also a growing concern over foreign hackers breaking into a sensitive networks or servers and taking down critical infrastructure.

Over the last few years, countries have frequently accused one another of surreptitious hacks. China's state-run media has published several articles stating that the US government is actively hacking its networks to access and steal information. The US has responded, saying that China is actively targeting its own networks. Both sides have been loath to divulge the exact nature of their own actions.

In December, the FBI stated that North Korea's government was behind an attack on Sony Pictures that disclosed reams of confidential information and led the company to shut down its computer network, including its email, for weeks.

According to the FBI, the hackers were motivated by Sony's expected release of "The Interview," a comedy about a fictional assassination attempt on real-life North Korean leader Kim Jong-un. At the time, President Obama said the US would respond to the hack "proportionally...at a place and time we choose." The Internet in North Korea was subsequently hacked and taken offline for several hours, though the US government never confirmed that it was behind the attack.

Earlier this month, the US was left egg on its face after revealing that the Russian government had hacked into the White House's computer systems. The attack, which occurred last year, was initially cast as a breach that saw no sensitive data reach the hackers' computers. However, a report out this month suggested that sensitive information was stolen, including confidential details about the president's schedule. The US State Department was also hacked, forcing the government agency to shut down part of its network to thwart the hackers.

The update to military protocol will be the US government's second major response to cybersecurity issues this year. Earlier this month, President Obama signed an executive order that will allow his cabinet to issue sanctions on foreign hackers. Like the Defense Department's update, that tweak is aimed at stopping attacks before they happen by making would-be hackers think twice about their moves.

"Effective incident response requires the ability to increase the costs and reduce the economic benefits from malicious cyber activity," Lisa Monaco, assistant to the president for homeland security and counterterrorism, said in a statement at the time. "And this means, in addition to our existing tools, we need a capability to deter and impose costs on those responsible for significant harmful cyber activity where it really hurts -- at their bottom line."

That executive order was a response to the range of major hacks reported over the couple of years, including on retail giant Target -- in which hackers stole credit card data for more than 110 million customers -- as well as numerous others such as on department store Neiman Marcus, restaurant chain P.F. Chang's, crafts-supplies chain Michaels Stores, hardware chain Home Depot, office-supplies chain Staples and insurance provider Anthem

Speaking to Reuters, Carter echoed Monaco's sentiment, saying that the new strategy will be "useful" in informing the rest of the world that "we're going to protect ourselves."

The Defense Department did not immediately respond to a request for comment.