Army Gen. Paul Nakasone, who heads both the National Security Agency and the U.S. Cyber Command, usually doesn't say much in public. But recently, he's been on what amounts to a public relations blitz. The message he's pushing is that the U.S. will be more aggressive in confronting and combating rivals in cyberspace.
"I have all the authorities that I need right now to conduct the full spectrum of operations, that's defensive operations all the way to offensive operations. And when I don't have those authorities, I will certainly ask for them," said Nakasone, wearing short sleeves and no tie at the recent RSA Conference, a high-tech gathering in San Francisco.
He's even offering a few select details, a rarity for the super-secretive NSA and Cyber Command.
"For the first time, we sent our cyberwarriors abroad," Nakasone said earlier this month in Capitol Hill testimony about countering Russian attempts to meddle in last fall's midterm elections. "We sent defensive teams forward in November to three different European countries. That's acting outside of our borders that impose[s] costs against our adversaries."
How to respond?
Over the past decade, the U.S. has been wrestling with the question of how to deal with cyberattacks. What's the proper response when China steals high-tech secrets from a U.S. company? Or when North Korea hacks into Sony Pictures because that country doesn't like a satirical movie about its leader Kim Jong Un?
Often the answer was to do little or nothing. But at his confirmation hearing last year, Nakasone made clear he wanted to take a harder line.
At that hearing, Alaska Republican Sen. Dan Sullivan asked Nakasone: "What do you think our adversaries think right now? If you do a cyberattack on America, what's going to happen to them?"
Nakasone replied: "So basically, I would say, right now, they do not think that much will happen to them."
"They don't fear us?" Sullivan said.
"They don't fear us," Nakasone replied.
President Trump has given Nakasone more authority to act, but this approach raises two big concerns:
First, will other countries stop attacking the U.S?
Probably not.
Second, will this ignite a cycle of retaliation and escalation?
No one really knows.
"If you create awareness, it makes the attackers' job harder"
The NSA and U.S. Cyber Command work side by side at the same sprawling campus in Ft. Meade, Md. Distinguishing between them can be tricky, but here's the shorthand: The NSA, established in 1952, monitors foreign communications, while Cyber Command, created just a decade ago, is designed to take action in the digital realm.
P.W. Singer, a cyber expert at the New America think tank and author of Like War, says it's uncharacteristic for either agency to be offering a peek behind the curtain.
"So you're seeing a change from keeping everything classified — not talking about anything — to trying to share a little bit more information," said Singer. "The reason is a belief that if you create awareness, it makes the attackers' job harder."
The U.S. now routinely names and shames hackers.
"A lot of countries can hack," said Thomas Rid, a professor at Johns Hopkins University's School of Advanced International Studies who studies cyberwarfare. But, he added, few countries can figure out who did the hacking.
The U.S. is one of those that can.
Special Counsel Robert Mueller's team has indicted 25 Russians for election interference — by name and with details that could only be obtained by hacking their computers.
"So finding out who hacked you, finding the evidence, and then assessing the evidence in a professional way, the attribution capabilities, these are hard to develop," Rid said.
The NSA took another unusual step recently, making one of its own software programs freely available to the public. It's called Ghidra and it reverse-engineers malware that's been detected in a computer system. Now anyone can download Ghidra to analyze malware and figure out how best to combat it.
U.S. actions
Of course, the U.S. has its own history of surveilling rivals, planting malware and even waging offensive attacks. The best known attack attributed to the U.S. (along with Israel) is the Stuxnet virus that made Iranian centrifuges malfunction in 2010. In a nuclear program, centrifuges are key to the uranium enrichment process.
"The Russians plant malware and look for openings in various infrastructure in the United States," said author James Bamford, who has written about the NSA for decades. "It's exactly the same thing we do in other countries. It's not necessarily an act of aggression. It's just normal espionage."
Whatever you call it, Nakasone says it's here to stay.
"I think this is a new normal," he said at the RSA Conference. The U.S. response, he added, "can't be episodic. You have to be involved every day. You have to be aware of what your adversary's doing."
Planning, he said, is already underway to protect the 2020 elections.
Greg Myre is a national security correspondent. Follow him @gregmyre1.