The Future of War? War without Borders in the Cyber Realm

Geschäftsträger Kent Logsdon

Transatlantic Cyber Dialogue — AICGS/Hanns-Seidel-Stiftung
Berlin, March 15, 2018
CDA Kent Logsdon

Thank you, Dr. Janes, for inviting me to participate this evening.

At the U.S. Mission in Germany, we have worked closely on numerous occasions with the Hans Seidel Stiftung and the American Institute for Contemporary German Studies. We appreciate the exceptional work you do to support a strong transatlantic partnership, a partnership based on shared values, shared interests, shared responsibilities, and shared burdens. International security and prosperity depend on nations working together.

I am pleased to be able to talk tonight about transatlantic cooperation in one of the most significant and challenging areas of the modern world: cyberspace. Technology now connects nearly every facet of our society and the critical services that sustain our way of life. But as our dependence on technology grows, so too do the risks of cyber threats.

Last week, Admiral Michael Rogers, Commander of the United States Cyber Command, testified before the U.S. Senate on the growing threats we face every day from “adversaries acting with precision and boldness, and often with stealth.” Our Cyber Command, he said, continues to learn how malicious cyber actors work and to gain insights into the motivations, capabilities, and intentions of those who sponsor such activities, whether they be states, criminal enterprises, or violent extremists.

Repressive and revisionist powers use cyberspace, social media, and other means to advance campaigns of disinformation, subversion, and espionage. They want to diminish confidence in the shared values and interests that we, as transatlantic partners, hold dear. They seek to undermine our free market system; and as we have seen in the U.S. and in other counties, to interfere in our democratic processes.

Let’s start with some examples.

ISIS, al Qaeda and other terrorist groups maintain a robust online presence. They use the Internet to inspire followers, market terrorism, and garner financial and material support. Transatlantic partners are fighting this by working closely together with law enforcement, intelligence and the military. It is essential that together we find and destroy the key elements of their online infrastructure and media operations.

State-sponsored malicious cyber actors – and the states behind them – are of increasing concern. These states integrate cyber operations into their traditional military plans and capabilities. Several have mounted sustained campaigns to scout and access our key enabling technologies. In our opinion, the states of greatest concern are Russia and China. China aggressively pursues its economic and diplomatic interests rejecting, ignoring, or trying to rewrite norms that it perceives do not trend in its favor. In 2015, the United States and China agreed that neither country would conduct or knowingly support cyber-enabled theft of intellectual property for commercial gain. However, there is evidence suggesting that hackers based in China used cyber espionage to exploit business secrets and intellectual property of American businesses, universities, and defense industries. Last fall, the Justice Department unsealed indictments against three Chinese nationals, alleging they stole over 400GB of data from several U.S. companies.

Let’s talk about Russia. We have seen how Russia has employed malicious tactics against the U.S. and Europe to drive us apart, weaken confidence, and undermine the successes that we have achieved together since the end of the Cold War.” As U.S. National Security Advisor, General H. R. McMaster, said at the Munich Security Conference, the evidence of efforts by Russians to interfere in the 2016 U.S. election “is incontrovertible.” Russia has also used disinformation to harm Germany. The 2015 hack of the Bundestag was a brazen attempt at interference in German political life, and we have strong concerns about reports of the recent cyber-attack on a German government network, which clearly had malicious intent. In fact, today Treasury Secretary Steven T. Mnuchin announced targeted sanctions “as part of a broader effort to address the ongoing nefarious attacks emanating from Russia.” By these actions, we impose a serious cost on those involved in destabilizing activities within the United States, by severing their access to our financial system.

Our Congress has heard testimony from leading social-media companies explaining that their business records had logged an even wider pattern of Russian cyber meddling before our election – one that matched malicious cyber activities seen by several other nations. The Kremlin has used hackers to steal personal communications that Russian operatives then parceled out in targeted leaks. Fake social media personas have been created; news items on all sides of controversial issues have been launched – all in the hope of stirring discord in the West. The idea is to make Western electorates distrust all news outlets and, ultimately, one another. This threatens the foundations of democracy. It also makes it difficult to craft common measures for countering Russia’s aggressive actions abroad and its repression at home.

In the case of Ukraine, Defense Secretary Mattis has emphasized that Russia is not adhering to the letter or the spirit of its treaty commitments, most egregiously by attempting to change international borders by force. This behavior in geographic space matches Russian cyberspace behavior. NotPetya, the most costly cyberattack in history, was launched by the Russian military last June. This cyberattack quickly spread well beyond Ukraine, causing billions of dollars in damage to businesses across Europe and the United States.

Iran and North Korea also have growing capabilities and have employed aggressive methods to carry out malicious cyberspace activities.

The last year has witnessed an alarming spate of increasingly sophisticated cyber-attacks. Many occur below the threshold of the use of force and outside of the context of armed conflict, but cumulatively they accrue strategic gains to our adversaries.

Just as people expect government to defend the physical world, they also expect government to protect the cyber realm. Governments must have the means to hold criminals and non-state state and state rogue actors in the cyber world accountable. They must be able to discover, attribute, and disrupt their actions. Governments must also create a resilient and robust digital infrastructure. These dual requirements are at the basis of a new policy in the U.S. known as the “Vulnerability Equity Process.” It evolved out of a series of discussions among U.S. government agencies and the private sector, about how we can best protect and defend our cyber interests. The key tenets of this policy are transparency, accountability and most important, informed dialogue.

Last month, White House Cyber Coordinator Rob Joyce, in his remarks at the Munich Security Conference, spoke specifically about the responsibility all countries have to address cyber vulnerabilities in a responsible way. When cyber weapons are developed and implemented without consideration of the damage they can cause or the liability they bring, that impacts us all. The number of recent cyber incidents, in the past year alone, demonstrates the need for enhanced cooperation and a discussion of norms.

What is the correct response to these cyber incidents? Well, there are a number of answers to that question.

First, the United States is not afraid to call out countries and hold governments accountable. We have done that in identifying Russia as responsible for the deliberate NotPetya malware attack against Ukraine.

Second, the United States will use the tools of diplomacy and statesmanship. This includes sanctions as a response to cyber incidents.

We will also use law enforcement. In 2014 the United States indicted Chinese military hackers. Recently, thirteen Russians were criminally charged for interfering in the 2016 US election.

At times, our response will include cyber tools. One of the best tools we have to understand and get to the attribution of cyberattacks is our ability to hack back at the hackers.

Finally, we need to fight efforts by authoritarian states that use so-called “cyber-security” arguments to lock down the Internet and repress their citizens.

And so finally, let me conclude where I began – with the need for increased cooperation. There are a number of ways we are using diplomacy to try to develop and implement the norms we need for a secure and prosperous cyber world. And our efforts are stronger if we are united in our approach. That’s why the time you are investing here at this conference today, and in our broader ongoing transatlantic dialogue, is so important.

Thank you.