Experts Weigh In On How U.S. Should Respond To Massive Computer Hack
Should the us government respond to a computer hack that breached both government networks and private companies mo- cybersecurity experts think. Russia is responsible for the hack and npr's national security correspondent. Greg myra has been talking to some of them. Good morning greg. good morning noel. Perhaps most importantly is the over absolutely not it's still ongoing and we're continuing to learn details. We've heard now that the treasury department hack occurred in july and like other government departments. This was just uncovered in recent days. The email of top officials was hacked. Apparently not the account of treasury secretary. Steve mnuchin Also no evidence that classified systems were breached This information has come from democratic. Senator ron wyden who was briefed on the matter and we can expect this kind of information to sort of dribble out in the weeks and months ahead as government agencies and private companies go through their computer networks But clearly much of this is going to fall on the biden administration to make sure the hack Inside government computer networks is over that there's clear attribution on who did it and then to decide how to respond these major breaches have happened. Before does the government have a strategy to deal with them. No absolutely not again. There are no rules or red lines or clear consequences for adversaries who get caught now today. What we ended up seeing is lots of hand-wringing and ultimately some sort of limited responses right now with this current hack. We're seeing wrestling over. The definition some members of congress. Call this an act of war now. Cyber experts in the intelligence community. Do see it as a big deal but more along the lines of traditional espionage albeit on a massive scale i spoke about this with p w singer cyber expert at the new america think tank. This was not an act of war. This is more cold war style back and forth espionage stealing secrets. That's why you've seen the reaction from the intelligence community to be a mix of. Oh my god what just happened and gosh. We got a tip the hat to them. What a coup for them so. There is no clear way to respond greg. What are the range of options here. Traditional spying might generate public criticism Kicking out suspected spies perhaps some sanctions. But when this happened it really hasn't changed the behavior of russia any other adversaries they still seek hacking is a low cost high return proposition singer says the us can and needs to do much more and should create deterrence in in two ways gave a boxing analogy saying the us needs to punch back harder and also develop more resiliency to absorb the growing number of cyber blows. I make the parallel to my tyson. You don't hit him. He'll punch you back in the face versus muhammad ali rope a dope through resilience where you don't hit me because it just won't work out for you. What else do we know. So we know that the government and private companies were both hacked. What do we know about the private companies. We haven't heard that much from them. Have we know that's right. But we are hearing more of the hackers clearly targeted many tech companies in. This makes a lot of sense. They that hackers want these cutting edge cyber tools. These companies have so presumably. The hackers can use them themselves in the first organization to detect. This hack. two weeks ago was fire. I of prominent cyber security farm fire. Icao kevin mantius spoke with all things considered yesterday and he said these hackers were extremely sophisticated and once they got into the system. They cured out. An operation was specifically designed to attack fireeye. He realized very early on as they launched their own investigation that this was a level of tradecraft he'd never seen before and he said the scale of this hack really drives home the need for a strong national cyber policy. It's time this nation comes up with some doctrine on what we expect. Nations rules of engagement to be. And what will our policy or proportional response speed of folks. Violate the doctrine. Because right now there's absolutely esscalation in cyberspace it. It just seems astonishing that we don't yet have the doctrine in the year. Twenty twenty the. Us however does have a lot of cybersecurity might what is preventing us from using it more effectively. While you're still seeing a lot of things that are in the works Security cyber agency was just launched in twenty eighteen at focused on the elections this year and by all accounts did a did a did a good job right now. There's the military authorization bill on the president's desk waiting to be signed it has money for additional cyber upgrades in by all accounts. You're seeing a lot more cooperation between the government and private tech companies. But this country is losing huge sums of money Do to these cyber attacks and Couple of years ago the nsa director paul nakasone was at his confirmation hearing and he was asked if adversaries. Fear the us in cyberspace. He said the answers absolutely not. Npr's greg mary. Thanks so much. Greg my pleasure.