It has been a stated US military policy for roughly 50 years to deal with nuclear-armed adversaries, but mutual deterrence as we’ve come to know it doesn’t exist on the cyber battlefield, the head of the National Security Agency suggested—publicly, at least.
Under questioning Tuesday from Sen. John McCain (R-Ariz.), Adm. Michael Rogers affirmed in one word the top line cyber attack capabilities of Moscow, but declined to disclose if the US has an effective counterpunch.
“Does Russia have the capability to inflict serious harm to our critical infrastructure,” McCain asked during proceedings before his Senate Armed Services Committee.
“Yes,” Adm. Rogers, who serves as both the commander of US cyber operations and the Director of the NSA, responded.
Later in the hearing, however, when asked to describe US retaliatory capabilities, Rogers dodged.
“Do we have capacity to inflict serous harm to Russia’ infrastructure?” Sen. Jeanne Shaheen (D-N.H.) asked, referring to US Cyber Command.
“In an unclassified hearing, I’d rather not get into that,” Rogers carefully answered.
Sen. Shaheen shot back: “I assume there’s some mutual deterrence that goes on when we’re talking about some state actors.”
“It’s a lot more complicated than a yes or a no,” the NSA Director stated.
The concept of “mutual deterrence” was first articulated as US policy by then-Defense Secretary Robert McNamara in 1967.
“The cornerstone of our strategic policy continues to be to deter nuclear attack upon the United States or its allies,” McNamara said in a speech in San Francisco. “We do this by maintaining a highly reliable ability to inflict unacceptable damage upon any single aggressor or combination of aggressors at any time during the course of a strategic nuclear exchange, even after absorbing a surprise first strike. This can be defined as our assured-destruction capability.”
The lack of an official public answer to the question posed to Adm. Rogers on Tuesday could stem from the lack of policy guidance from Congress on how US Cyber Command should respond to threats.
“We clearly still are focused more on an event-by-event, particular circumstance,” he told the panel of Senators. “In the long run,” Rogers added, “I think we all want to get to is something much more broadly defined and well-understood.”
McCain put the onus on his committee to draft “comprehensive” cyber warfare policy. “This committee will spend a great deal of its time on this issue,” he announced during the hearing Tuesday.
Although Rogers demurred when asked to discuss offensive cyber operations at foreign infrastructure, he volunteered to senators information that would have officially been deemed a state secret not more than three years ago. In trying to define how Chinese cyber espionage on US companies is evolving, Rogers tacitly admitted the NSA engages in similar behavior, although to different ends.
“We certainly acknowledge that states engage in the use of cyber as a tool to gain access and knowledge,” the NSA Director said. “The question or issue we’ve always had with the Chinese is while we understand we do that for nations to generate insight, using that then to generate economic advantages is not something that acceptable to the US.”
Such an admission of corporate snooping in an open hearing from a top intelligence official might have been unheard of prior to the 2013 disclosures of intelligence community whistleblower Edward Snowden. Journalists working with the Snowden cache have revealed, among other things, that the NSA and allies surveilled several foreign-owned energy and telecom firms, including China Telecom and Brazilian-owned Petrobras.
The Director of National Intelligence, James Clapper, had a similarly frank discussion last year with lawmakers who were anxious to retaliate against China, for allegedly hacking the US Office of Personnel Management. That cyber intrusion compromised the records of roughly 20 million current and former government workers
“With respect to that which is conducted for espionage purposes, I would just caution that we think—in the old saw about people living in glass houses—we should think before we throw rocks,” Clapper said in September during a House Intelligence Committee hearing.