WASHINGTON—The senior cybersecurity official on the National Security Council said Tuesday the U.S. needs to embrace more offensive cyber capabilities as a tool to deter the nation’s adversaries from malicious threat activity.
Alexei Bulazel, senior director, cyber at the NSC and special assistant to the president, said the Trump administration is fully comfortable with using offensive measures as part of its cyber strategy.
“We are unapologetically unafraid to do offensive cyber,” Bulazel said Tuesday at the Billington Cybersecurity Summit in Washington, D.C.
He cautioned that offensive hacking should not be unleashed in isolation, but should be part of a larger set of measures designed to protect the country. The basic blocking and tackling to protect critical assets needs to continue as well.
Bulazel said federal authorities are trying to shift their focus away from being passive victims of malicious cyber to deal with “villains” that are harboring or acting in concert with groups trying to harm the U.S.
He said the government needs to continue its close collaboration with the private sector, as much of the technology innovation comes from that sector and there is a need to cooperate on threat intelligence and other issues.
The push for offensive cybersecurity responses is not an entirely new idea among policymakers. As countries like China have become increasingly aggressive in their targeting of U.S. critical infrastructure, there have been growing calls for the U.S. to impose more direct costs on rival nations that have used cyber as a proxy.
Bulazel expressed major concerns about the technology being used in critical infrastructure. The level of security built into these tools has been a growing issue for several years, as hackers linked to China and other countries have been able to exploit vulnerabilities and in some cases reverse engineer these products to find weaknesses in their systems.
He said if the technology used in critical systems was inherently more secure, many of the emergency security responses required in these sectors would not be necessary.
Source link
