General says attacks by foreign hackers are 'clarion call'
WASHINGTON (AP) — The U.S. Cyber Command conducted more than two dozen operations aimed at preventing interference in last November's presidential election, the general who leads the Pentagon's cyber force said Thursday.
Gen. Paul Nakasone, in prepared remarks to the Senate Armed Services Committee, did not describe the nature of the operations but said they were designed “to get ahead of foreign threats before they interfered with or influenced our elections in 2020.” He said the operations reflected a “more active approach to our adversaries."
Nakasone's appearance before the committee comes as the U.S. deals with major cyber intrusions, including a breach by Russian hackers that exploited supply chain vulnerabilities to access federal government agencies and private companies.
Nakasone said Cyber Command and the National Security Agency are helping plan the Biden administration's response to the SolarWinds intrusion and that “policymakers are considering a range of options, including costs that might be imposed by other elements of our government."
Separately, the U.S. is responding to a breach that affected thousands users of Microsoft's email server software.
Asked by the committee chairman, Sen. Jack Reed, D-R.I., whether the intrusions represented a “new terrain,” Nakasone said foreign hackers were conducting attacks of “a scope, a scale a level of sophistication that we haven't seen previously.”
“It is the clarion call for us to look at this differently,” he said.
Nakasone said one challenge is that foreign state hackers have taken advantage of legal constraints that prevent U.S. intelligence agencies such as the NSA, whose surveillance is focused abroad, from monitoring domestic infrastructure for cyber threats. Hackers are increasingly using U.S.-based virtual private networks, or VPNs, to evade detection by the U.S. government.
As a result, he said, “It’s not the fact that we can't connect the dots, we can’t see all of the dots.”
Nakasone said the U.S. is trying to improve information-sharing with the private sector and remove disincentives from companies from disclosing details with the government on threats they see.
Private companies are typically reluctant to share information on hacks and attempted hacks with the FBI and other government agencies, mostly out of fear of the negative business fallout if it were to become public. In many cases, companies don’t even report the incidents to the government.
On Wednesday, Sen. Mark Warner, D-Va., lamented in a webinar about being unable to get support in Congress for legislation to make it mandatory for companies to disclose cyber breaches. The chairman of the Senate Intelligence Committee singled out the telecommunications sector — a big target in the SolarWinds hack — as being especially resistant.
Associated Press writer Frank Bajak contributed to this report.
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP