Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

US Warns of Sophisticated Cyberattacks From Russia, China

Cyberattacks from Russia, China, North Korea and Iran are increasingly sophisticated and, until recently, were done with little concern for the consequences, the top Pentagon cyber leaders told a congressional committee on Wednesday.

Cyberattacks from Russia, China, North Korea and Iran are increasingly sophisticated and, until recently, were done with little concern for the consequences, the top Pentagon cyber leaders told a congressional committee on Wednesday.

Army Gen. Paul Nakasone, head of U.S. Cyber Command, laid out the escalating threats, following a Navy review released this week that described significant breaches of naval systems and concluded that the service is losing the cyber war.

Speaking during a subcommittee hearing, Nakasone said the U.S. is now prepared to use cyber operations more aggressively to strike back, as the nation faces growing cyberattacks and threats of interference in the 2020 presidential elections.

He said the military learned a lot working with other government agencies to thwart Russian interference in the 2018 midterm elections, and the focus now has turned to the next election cycle.

The Navy report underscored long-known cyber threats from Russia and China that have plagued the U.S. government and its contractors for more than a decade. It said there were “several significant” breaches of classified Navy systems and that “massive amounts” of national security data have been stolen. The report laid out a number of recommendations to reduce cyber vulnerabilities across the Navy and make cybersecurity a higher priority.

Data has been stolen from key defense contractors and their suppliers, the report said, adding that “critical supply chains have been compromised in ways and to an extent yet to be fully understood.” The report, ordered by Navy Secretary Richard Spencer, concluded that while the Navy is prepared to win at conventional warfare, that’s not the case for the current cyber war.

The U.S. government has complained for years about data breaches by China to steal high-tech information and other trade secrets. The federal government, for example, charged two alleged Chinese hackers in December with breaching computer networks as far back as 2006 and suggested they could be linked to the theft of personal information from more than 100,000 Navy personnel.

China has denied the widespread hacking accusations, but the issue is one of several that tied up ongoing negotiations on a U.S.-China trade agreement.

Advertisement. Scroll to continue reading.

In addition, the U.S. was caught off guard by widespread Russian interference in the 2016 election, including the use of social media to influence voters and sow dissent among the electorate.

Members of Congress peppered Nakasone and Kenneth Rapuano, the assistant defense secretary for homeland defense, with questions about what the military is doing to respond to cyber breaches and deter countries like Russia and China.

Rapuano acknowledged that for years the U.S. did not sufficiently respond to cyberattacks by other nations, particularly as the breaches did not rise to the level of a conventional military response. He said deterrence is about imposing consequences and, “historically we have not done that.”

He said that strategy is changing but officials also have a deliberate approval process for offensive cyber operations, including some that require presidential approval.

He also said that the Pentagon will soon issue a memo outlining how National Guard will be able use department networks and systems in the states to help foil cyberattacks on the homeland.

The proposed budget released on Tuesday calls for a 10 percent increase in Pentagon spending on cyber operations, for a total of $9.6 billion.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.