San Diego Union-Tribune (Sunday)
CYBER COMMAND GENERAL: HACKS BY FOREIGN ENTITIES ARE ‘CLARION CALL’
The U.S. Cyber Command conducted more than two dozen operations aimed at thwarting interference in last November’s presidential election, the general who leads the Pentagon’s cyber force said Thursday.
Gen. Paul Nakasone did not describe the nature of the operations in testimony to the Senate Armed Services Committee but said they were designed “to get ahead of foreign threats before they interfered with or influenced our elections in 2020.”
A U.S. intelligence assessment released this month said that neither Russia nor any other nation manipulated votes or conducted cyberattacks that affected the outcome of the vote.
Nakasone’s appearance before the committee came as the U.S. deals with major cyber intrusions, including a breach by elite Russian hackers that exploited supply chain vulnerabilities to break into the networks of federal government agencies and private companies.
Nakasone said in his prepared remarks that Cyber Command and the National Security Agency are helping plan the Biden administration’s response to the Solarwinds intrusion and that “policymakers are considering a range of options, including costs that might be imposed by other elements of our government.”
Separately, the U.S. is working with the private sector to respond to a separate hack that exposed tens of thousands of servers running Microsoft’s Exchange email program to intrusion.
Asked by the committee chairman, Sen. Jack Reed, DR.I., whether the intrusions represented a “new terrain,” Nakasone said both the Solarwinds and Microsoft hacks revealed “a scope, a scale, a level of sophistication that we hadn’t seen previously.”
“It is the clarion call for us to look at this differently — how do we ensure we have as a nation both the resiliency and the ability to act against these type of adversaries,“he said.
Nakasone said one challenge is that foreign state hackers have taken advantage of legal constraints that prevent U.S. intelligence agencies such as the NSA, whose surveillance is focused abroad, from monitoring domestic infrastructure for cyber threats. Hackers are increasingly using U.s.-based virtual private networks, or VPNS, to evade detection by the U.S. government.
As a result, he said, the problem is not that intelligence agencies can’t connect all the dots but rather “we can’t see all of the dots.”
“We have an inability to see everything,” he added. “We as U.S. Cyber Command or the National Security Agency may see what is occurring outside of the United States, but when it comes into the United States, our adversaries are moving very quickly. They understand the laws and the policies that we have within our nation, and so they’re utilizing our own infrastructure, our own Internet service providers, to create these intrusions.”