Chief of Naval Operations Adm. Mike Gilday believes the best way to counter Chinese gray zone cyber operations is to “be in the way” as the Navy is by operating forward in the Indo-Pacific region.
“I see the Chinese in the physical [domain], in the maritime,” a global commons, the CNO said Saturday at the Reagan National Defense Forum. Gilday, the former commander of U.S. 10th Fleet, which is the Navy’s cyber operational arm, said he sees “cyberspace as another global commons [where the Chinese} are flagrantly disregarding international norms.”
“We have to be out there” in cyberspace in the same manner physical presence.
Picking up on the idea of “getting in the way,” U.S. Cyber Command chief and National Security Agency director Army Gen. Paul Nakasone added that “presence matters; we’ll [CYBERCOM] be there” even with small special operations teams. “This is not the future; it’s now.”
“2018 was a pivotal year for us” in locking in a doctrine of defending forward, he said. “This is a domain that our adversaries could move into quickly,” and that requires round-the-clock vigilance.
“We call that persistent engagement” and that means being on offense as well as defense.
Alex Karp, the chief executive officer of Palantir Technologies, added that despite America’s commanding lead in cyber software, “we have worthy adversaries.”
“We play fair” in developing these technologies, Karp said. And he found strength in the private sector being “willing to admit when we’re wrong” and build from there, something other nations don’t routinely do.
Rep. Mike Gallagher (R-Wis.), who sits on the House Armed Services Committee, said the “single best thing” Congress and the executive branch has done in cyber was “to loosen the rules of engagement.” He said that policy change gives the flexibility necessary to Nakasone “to do what … [he] needs to do to defend” the United States.
He added this was particularly necessary because 80 percent of the nation’s critical infrastructure – from water and electrical systems to pipelines and financial transactions – are in the private sector. All this infrastructure would be at risk from cyber attack if Taiwan became the flashpoint for conflict between the U.S. and China.
“We should do nothing to slow down decision-making” in CYBERCOM’s ability to act, Gallagher said.
Nakasone and Gilday said several times during the forum session that “deterrence is about imposing costs” on an adversary. The CNO described effective cyber deterrence as requiring a “punishment pillar.”
“We’re trying to deter decision-makers [in China, Russia, North Korea and Iran] from doing something stupid,” he added.
In addition, Nakasone suggested there’s value in identifying cyber bad actors. “Let’s publish the top 25 malware” software products the Chinese have deployed. “That is [also] getting in the way.”
To confuse an adversary when they are hit, Gilday said “you don’t have to take credit for everything.” He wanted to leave doubt in an adversary’s mind over whether the cyber intrusion came from the U.S., one of its allies or partners, or even a rogue actor.
“Don’t bet against America. This is about capabilities,” he added. Gilday wanted U.S. cyber capabilities to be as “devilish and fiendish as we can be.”
During the session, Karp returned often to Silicon Valley’s reluctance to do business with the Defense Department but its willingness to do business with China. He said that split thinking made little sense to him. “We’ve been battling the Valley” over this issue for several years. He repeated questions he raised last year in a CNBC interview: “why are you doing something with an adversary that you’re not doing” with the U.S. government?
Karp said, “we’re already on the unpopular side” with that stance in the software business community.
The Manhattan Project, with its uniting of government, academic and industry expertise, should be the model for future cyber security efforts, Karp said.
Assessing other nations’ software, he added: “there really is no other number one than America.”