WASHINGTON — Cyberattacks from Russia, China, North Korea and Iran are increasingly sophisticated and, until recently, were done with little concern for the consequences, the top Pentagon cyber leaders told a congressional committee on Wednesday.
Army Gen. Paul Nakasone, head of U.S. Cyber Command, laid out the escalating threats, following a Navy review released this week that described significant breaches of naval systems and concluded that the service is losing the cyber war.
Speaking during a subcommittee hearing, Nakasone said the U.S. is now prepared to use cyber operations more aggressively to strike back, as the nation faces growing cyberattacks and threats of interference in the 2020 presidential elections.
He said the military learned a lot working with other government agencies to thwart Russian interference in the 2018 midterm elections, and the focus now has turned to the next election cycle.
A 57-page internal Navy review provided to the Wall Street Journal paints a dire picture regarding the cyber war already being waged.
The Navy report underscored long-known cyber threats from Russia and China that have plagued the U.S. government and its contractors for more than a decade. It said there were "several significant" breaches of classified Navy systems and that "massive amounts" of national security data have been stolen. The report laid out a number of recommendations to reduce cyber vulnerabilities across the Navy and make cybersecurity a higher priority.
Data has been stolen from key defense contractors and their suppliers, the report said, adding that "critical supply chains have been compromised in ways and to an extent yet to be fully understood." The report, ordered by Navy Secretary Richard Spencer, concluded that while the Navy is prepared to win at conventional warfare, that's not the case for the current cyber war.
The U.S. government has complained for years about data breaches by China to steal high-tech information and other trade secrets. The federal government, for example, charged two alleged Chinese hackers in December with breaching computer networks as far back as 2006 and suggested they could be linked to the theft of personal information from more than 100,000 Navy personnel.
China has denied the widespread hacking accusations, but the issue is one of several that tied up ongoing negotiations on a U.S.-China trade agreement.
In addition, the U.S. was caught off guard by widespread Russian interference in the 2016 election, including the use of social media to influence voters and sow dissent among the electorate.
Defense Department weapons programs are vulnerable to cyberattacks, and the Pentagon has been slow to protect the systems that are increasingly reliant on computer networks and software, a federal report said Tuesday.
Members of Congress peppered Nakasone and Kenneth Rapuano, the assistant defense secretary for homeland defense, with questions about what the military is doing to respond to cyber breaches and deter countries like Russia and China.
Rapuano acknowledged that for years the U.S. did not sufficiently respond to cyberattacks by other nations, particularly as the breaches did not rise to the level of a conventional military response. He said deterrence is about imposing consequences and, "historically we have not done that."
He said that strategy is changing but officials also have a deliberate approval process for offensive cyber operations, including some that require presidential approval.
He also said that the Pentagon will soon issue a memo outlining how National Guard will be able use department networks and systems in the states to help foil cyberattacks on the homeland.
The proposed budget released on Tuesday calls for a 10 percent increase in Pentagon spending on cyber operations, for a total of $9.6 billion.