General says 2 dozen operations fought attacks by foreign hackers
WASHINGTON >> The U.S. Cyber Command conducted more than two dozen operations aimed at preventing interference in last November’s presidential election, the general who leads the Pentagon’s cyber force said Thursday.
Gen. Paul Nakasone, in prepared remarks to the Senate Armed Services Committee, did not describe the nature of the operations, but said they were designed “to get ahead of foreign threats before they interfered with or influenced our elections in 2020.” He said the operations reflected a “more active approach to our adversaries.”
The U.S. intelligence assessment released last week said that neither Russia nor any other nation manipulated votes or conducted cyberattacks that affected the outcome of the vote.
Nakasone’s appearance before the committee came as the U.S. deals with major cyber intrusions, including a breach by Russian hackers that exploited supply-chain vulnerabilities to access federal government agencies and private companies.
Nakasone said Cyber Command and the National Security Agency are helping plan the Biden administration’s response to the SolarWinds intrusion, and that “policymakers are considering a range of options, including costs that might be imposed by other elements of our government.”
Separately, the U.S. is responding to the breach that affected thousands users of Microsoft’s email server software.
Asked by the committee chairman, Sen. Jack Reed, D-R.I., whether the intrusions
represented a “new terrain,” Nakasone said foreign hackers were conducting attacks of “a scope, a scale a level of sophistication that we haven’t seen previously.”
“It is the clarion call for us to look at this differently,” he said.
Nakasone said one challenge is that foreign state hackers have taken advantage of legal constraints that prevent U.S. intelligence agencies such as the NSA, whose surveillance is focused abroad, from monitoring domestic infrastructure for cyber threats. Hackers are increasingly using U.S.-based virtual private networks, or VPNs, to evade detection by the U.S.
government.
As a result, he said, “It’s not the fact that we can’t connect the dots, we can’t see all of the dots.”
Nakasone said the U.S. is trying to improve information-sharing with the private sector, and remove disincentives from companies from disclosing details with the government on threats they see.
Private companies are typically reluctant to share information on hacks and attempted hacks with the FBI and other government agencies, mostly out of fear of the negative business fallout if it were to become public. In many cases, companies don’t report the incidents to the government.
On Wednesday, Sen. Mark Warner, D-Va., lamented in a webinar about being unable to get support in Congress for legislation to make it mandatory for companies to disclose cyber breaches. The chairman of the Senate Intelligence Committee singled out the telecommunications sector, a big target in the SolarWinds hack, as being especially resistant.
Foreign hackers are conducting attacks of “a scope, a scale a level of sophistication that we haven’t seen previously.” Gen. Paul Nakasone