The Complex

Cyber deterrence is working, Hagel tells senators

Expect the Pentagon to continue to flesh out a policy of cyber deterrence if Chuck Hagel becomes the next defense secretary.

Buried toward the end of the 112 pages of answers to questions that Hagel gave the Senate Armed Services Committee in advance of his confirmation hearing tomorrow are some insights into his views on cyber security.

Among his thoughts on the matter is that deterrence is working for the United States, so far anyway.

"At this time, it appears that the United States has successfully deterred major cyber attacks," reads Hagel's response to SASC's questions. "I expect that deterring and, if necessary, defeating such attacks will be a continued key challenge. If confirmed, I intend to ensure that the Department provides strong support to our national efforts in this area."

That last sentence is pretty telling. National efforts to defend against cyber attack mean that the rest of the U.S. government and private industry will need to play a role in deterring against cyber attacks, according to Hagel.

Here's what he said when asked specifically about DOD's role in protecting the U.S. from cyber attacks:

"My understanding is that the Department of Homeland Security has the lead for domestic cyber security," writes Hagel. "The Defense Department provides technical assistance to DHS when requested. The [DOD's] role is to provide military forces needed to deter the adversary and, if necessary, act to protect the security of the country. This includes planning against potential threats to our critical infrastructure, gathering foreign threat intelligence, and protecting classified [government] networks." [Emphasis ours.]

It sounds like Hagel envisions DOD using its expertise in cyber warfare to help protect other government networks and certain private industries from cyber attack; spy on foreign cyber actors; and be ready to go on the offensive should anyone start a cyber fight with the U.S.

Still, when asked explicitly about using offensive cyber operations to defend "the homeland" (after more than a decade that's still a creepy-sounding term, isn't it?) Hagel says:

"My current view is that defending the homeland from cyber attacks should involve the full range of tools at the disposal of the United States, including diplomacy and law enforcement as well as any authorized military operations."

As for looming decisions that need to be made about expanding U.S. cyber command, elevating it to a combatant command, and paying for increased cyber forces at a time of declining defense budgets, Hagel punted, saying he will "consult closely" with the White House, Congress, and DOD officials before doing anything.

Click here to read more about Hagel's plans for cyber.

Getty Images

National Security

How Hagel will be different than Gates

Killer Apps found it interesting that cyber security featured prominently in last week's confirmation hearing of Sen. John Kerry, with the next secretary of state calling cyber threats the nuclear weapons of the 21st century. He even went so far as to agree with Sen. Dick Durbin's (D-Ill.) labeling of cyber security as the world's "greatest threat."

My how things have changed. During Condoleezza's Rice's 2005 confirmation hearing there was nary a mention of cyber, hackers, or even the Internet. The trickle of cyber awareness at confirmation hearings for secretaries of state and defense began in 2006, when Robert Gates acknowledged that Chinese computer hacking was a threat -- but he admitted that he wasn't too well versed in it. Fair enough: the Iraq War was raging and COIN was the theme of the day. It wasn't until 2009, with Secretary of State Hillary Clinton's confirmation hearing, that the word "cyber" was brought up.

There is almost certain to be cyber talk at Chuck Hagel's confirmation hearing tomorrow. Hagelians in the Obama administration reached out to Killer Apps earlier this month to argue that the nominee gets cyber. Stay tuned: this afternoon we'll bring you a look at how Hagel answered advance questions on cyber that the Armed Services Committee sent him.

In the meantime, here's a look at what nominees have said over the last decade. Use it as a rough, unscientific measurement to the growing cyber awareness among the U.S. government's national security leaders.

 

Condoleezza Rice's testimony to the Senate Foreign Relations Committee, Jan. 18, 2005:

No mention of "cyber," "Internet," or "hacker."

 

Robert Gates' testimony to the Senate Armed Services Committee, Dec. 5, 2006:

While the term cyber wasn't specifically mentioned, Sen. James Inhofe (R-Okla.) asked Gates for his take on Chinese hackers breaking into the U.S military and defense contractor networks between 2003 and 2006 as part of the Titan Rain attacks. Gates, admitting to being under informed about Titan Rain's details (understandably), framed these attacks as more of an intelligence and counterintelligence perspective rather than as one element in an entirely new combat domain -- akin to sea, air, space and land. That would change by the end of his tenure:

Inhofe: "But I am concerned about China, and I'd like to hear what your thoughts are. Just in the last month the Chinese hackers, as you, I'm sure, have read, have shut down the e-mail and official computer work at the Naval War College. This is referred to by this commission as the Titan Rain..."

Gates: "Yes, sir. I have not read the reports. I would be more than willing to do so. I've been aware, just from reading in the newspapers, it's been a number of years since I received any classified intelligence on what the Chinese were up to.

But it's been my impression that they've had a very aggressive intelligence-gathering effort against the United States.

Some of these other things that you've mentioned, this is the first time I've heard about that. And clearly, if confirmed, this would be something that I would want to get well-informed on."

 

Hillary Clinton testimony to the Senate Foreign Relations Committee, Jan. 13, 2009:

Only two years later, things had radically changed. Then Sen. Clinton mentioned "cyber" in a list of weapons of mass destruction that posed "the gravest threat" to the United States should they fall into the hands of terrorists. And she said would reorganize the state department to handle "these new threats."

Clinton: "The gravest threat that America faces is the danger that weapons of mass destruction will fall into the hands of terrorists. We must curb the spread and use of these weapons -- nuclear, biological, chemical, or cyber -- and prevent the development and use of dangerous new weapons."

She went on to say:

"You add to [traditional WMD] the growing threat of cyber terrorism, which has the potential of disrupting the networks we rely on for all kinds of things, like traffic signals and electric grids and the like, which would be incredibly disruptive and dangerous -- I mean, this is the number one threat we face, there's no doubt in my mind. So we're going to start calling it such. We're going to reorganize the department to be better prepared to deal with nonproliferation, arms control and these new threats."

 

Leon Panetta's testimony to the Senate Armed Services Committee, June 9, 2011:

Finally, we get to Defense Secretary Leon Panetta's June 2011 confirmation hearing where cyber security featured prominently. This was the first such hearing where the both senators and the nominee, who was then director of the CIA, seemed to have a fairly strong grasp of cyber security. Panetta hints at his desire to expand DOD's cyber fighting capabilities and its role in defending U.S. critical infrastructure from cyber attack -- something that has been one of the hallmarks of his relatively brief tenure as defense secretary. You also get the sense that Panetta understands that cyber is much bigger than buying the best software and hackers -- that dealing successfully with cyber threats may mean establishing international codes of conduct dealing with cyber war, espionage and crime.

Sen. Jack Reed (D-RI.): "There is a whole a whole new dimension [of conflict, in addition to land, air, sea], cyber. I don't think we know enough yet to be fully prepared, fully conversant, but can you comment briefly on the strategy that you will try to develop?

Panetta: "There is no question that the whole arena of cyber attacks, developing technologies in the information area represent potential battlefronts for the future. I have often said that there is a strong likelihood that the next Pearl Harbor that we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems.

This is a real possibility in today's world. And as a result, I think we have to aggressively be able to counter that. It is going to take both defensive measures as well as aggressive measures to deal with it. But most importantly, there has to be a comprehensive approach in Government to make sure that those attacks don't take place.

My goal would be to work very closely with [NSA] and with others to develop not only the capability, but also the law that I think we need to have in order to determine how we approach this challenge in the future."

And later:

Sen. Kirsten Gillibrand (D-NY): "Can you share with us any of your vision, design, goals with regard to how we create a greater platform for cyber security and cyber defense?"

Panetta: "This is an area of great concern for me because I think what I have witnessed at the CIA and elsewhere is that we are now the target of increasing attacks that go after our systems, and it is extremely important for us to do everything we can to confront that threat.

He went on to say: "What I would like to do is to develop an even more effective force to be able to confront cyber terrorism, and I would like to work with you on the effort to try to develop those kinds of relationship not only here, but abroad, so that other countries can work with us in this effort. We talk about nuclear. We talk about conventional warfare. We don't spend enough time talking about the threat of cyber war."

Dana Stuster contributed to this report.

Getty Images