The chief of U.S. Cyber Command reiterated that the United States will step up its active cyber defense postures in order to deter attacks on U.S. critical information infrastructure.
During his speech at George Washington University, Navy Admiral Michael Rogers, who also heads the U.S. National Security Agency (NSA), emphasized that hackers will “pay a price” that “will far outweigh the benefit” should they target the United States.
Specifically talking about the cyberattacks on Sony Pictures (see: “US Sony Hack Response: A Message to China?”), Rogers explained his rationale behind “naming and shaming” North Korea — the alleged perpetrator — over the hack.
The whole world was aware that Sony Corporation had suffered an offensive act that destroyed data as well as destroyed hardware. What concerned me was, given the fact that this is a matter of public record, if we don’t publicly acknowledge it, if we don’t attribute it, and if we don’t talk about what we’re going to do in response to the activity … I don’t want anyone watching thinking we have not tripped a red line, that this is in the realm of the acceptable.
Delineating this red line is an integral part of any cyber deterrence strategy, yet is extremely difficult for policymakers to figure out the figurative red line in cyberspace that would trigger severe, active defense measures by nation states such as strategic retaliatory strikes.
However, Rogers emphasized that the United States will use a whole spectrum of means at its disposal to dissuade a malicious actor for launching attacks including economic sanctions, as was the case in the Sony hack:
Because an opponent comes at us in the cyber domain doesn’t mean we have to respond in the cyber domain. We think it’s important that potential adversaries out there know that this is part of our strategy. The whole goal is, you do not want to engage in escalatory behavior (…) it’s situational. What you would recommend in one scenario is not what you would recommend in another.
Rogers’ remarks correspond with the Pentagon new cyber strategy (see: “What the Pentagon’s New Cyber Strategy Mean for China”), which does note that “the U.S. military may conduct cyber operations to counter an imminent or on-going attack against the U.S. homeland or U.S. interests in cyberspace.”
However, the strategy stresses that “the United States will seek to exhaust all network defense and law enforcement options to mitigate any potential cyber risk to the U.S. homeland or U.S. interests before conducting a cyberspace operation.”