Gen. Paul Nakasone, head of Cyber Command and the US National Security Agency, stood by his comments last month about the US military conducting offensive cyber operations against Russia in his defense of Ukraine.
In June, Nakasone told Sky News in the UK that the US “has been carrying out a series of operations across the spectrum; offensive, defensive, [and] information operations.
Nakasone, during a panel discussion on Tuesday with FBI Director Christopher Wray at the International Conference on Cybersecurity, said his June statement was consistent with the type of operations the US Cyber Command is carrying out in response to the Russian invasion.
“We do three things at US Cyber Command: we defend Department of Defense networks, data, and weapons systems. We defend the country’s cyberspace with a series of interagency partners. And we provide support to joint force commanders like US European Command. So we deny, we degrade and we disturb. Being able to detect, defend, disrupt and deter are all things we do in our operations,” he said.
“My comments relate to what we do, [which] obviously includes a variety of those things to deny, degrade and disrupt. I think this is exactly what we should expect from US Cyber Command and how we are moving forward.
Nakasone’s comments last month, made in Tallinn, Estonia, appeared to contradict White House policy that the United States would not engage in any direct conflict with Russia while helping Ukraine. They also raised concerns among security experts who wondered how Russia would react.
The Russian Foreign Ministry threatened the United States in response, warning it should not “incite Russia to retaliate”.
“A rebuff will certainly follow, it will be firm and resolute. However, the outcome of this mess could be catastrophic, as there will be no winners in a direct state-to-state cyber clash,” the Russian Foreign Ministry said.
White House press secretary Karine Jean-Pierre later denied that the offensive operations described by Nakasone were against White House policy.
At Tuesday’s conference, Nakasone explained that the US Cyber Command had engaged in 50 different “forward hunting” operations in 16 different countries over the past three years. He described the operations as examples where countries invite US Cyber Command and have them effectively test their systems against theoretical attacks.
“It’s a growth industry for us. We have a number of different countries that are interested in working with us on this,” he said.
“We’re also positioning ourselves to better understand our adversaries, so we have a series of operations that we’re running now as The Fall approaches.”
Ransomware attacks on the decline?
Nakasone also supported previous claims by NSA Cybersecurity Chief Rob Joyce that there has been a decrease in ransomware attacks since Russia invaded Ukraine.
Joyce said in May that US sanctions and organizations’ heightened defensive stance were contributing to the decline, which some private sector ransomware experts disputed.
During Tuesday’s conference, Nakasone reiterated that the US Cyber Command is seeing a decrease in ransomware attacks.
“I would echo Rob Joyce’s comments. We see the Russians much more focused on Ukraine-related activities,” he said, adding that they have seen an increase in the use of erasing malware.
Wray, meanwhile, told the audience that the FBI continues to see a series of ransomware attacks with varying motives targeting nearly every critical infrastructure sector in the United States.
“The ransomware itself is evolving. Previously, a bad actor was just a cybercriminal and only tried to lock down your system for money. Now two things have changed. Sometimes the ransomware actor isn’t a cybercriminal, it’s a nation-state with a different motive in mind,” he explained.
He noted that these groups may never provide ransom-paying victims with decryption keys because their motives may be more destructive than monetary, citing the NotPetya attacks that caused $10 billion in damage worldwide.
“This is a manifestation of a trend we see in the cyber landscape that is referred to as a ‘combined threat’ where nation states are working with cybercriminals. Now, nation-state actors also moonlight and make money as cybercriminals. And nation states are now using cybercriminal tools like ransomware to look like their cybercriminals and not nation states. All of this is happening more and more.