Written by Sean Lyngaas

The United States will do more to disrupt the malicious cyber-activity that foreign adversaries are aggressively using to advance their interests, a National Security Agency official said Thursday.

“We have to impose costs in a visible way to start deterrence,” said Rob Joyce, senior cybersecurity adviser at NSA. “We have to go out and try to make those operations less successful and harder to do.”

Speaking to an industry association in Hanover, Maryland, Joyce cited the 2017 WannaCry and NotPetya malware outbreaks — and Russia’s use of information operations in the 2016 U.S. election — as examples of nation-states moving from “exploitation to disruption” to impose their will in cyberspace. Washington has blamed North Korea and Russia, respectively, for the devastating WannaCry and NotPetya attacks, which cost billions of dollars in economic damage.

Some foreign governments have less legal constraints on their activities in cyberspace than the U.S., Joyce told a local chapter of the Armed Forces Communications and Electronics Association (AFCEA).

“So they’re launching unconstrained operations against us,” said Joyce, the former White House cybersecurity coordinator. “And often, the responses come, if ever, after those costs are already realized.”

In a bid to more easily hit back against adversaries, the Trump administration has loosened policy rules on the U.S. military’s use of offensive cyber operations. Additionally, the Pentagon last September released a strategy that emphasized the need to “defend forward,” or engage adversaries before they strike U.S. computer networks.

The shift in approach outlined in the Pentagon strategy is key to repelling foreign hackers, according to Joyce.

“[W]e’ve said the time has come that we have to alter the field and not just stand back and wait for [our] opponents to probe us,” he said.

The more proactive stance in cyberspace includes scouring Department of Defense networks for malicious software tools and working with industry to remediate, publicize, and degrade the tools’ efficacy, according to Joyce.

He supplemented his call to tighten network defenses with a warning that it is getting easier for adversaries to leverage advanced hacking tools.

The amount of expertise needed to conduct cyberattacks is decreasing “as sophisticated internet tools become easier to use,” Joyce told the audience of industry executives and defense contractors. “So you have a small group of people who do the innovation, who understand the vulnerabilities and the capabilities that they can unleash.”

In cyberspace, superiority is ‘fleeting’

The head of the NSA and U.S. Cyber Command, Gen. Paul Nakasone, told lawmakers last month that the command was successful in deterring foreign adversaries from interfering in the 2018 midterm elections. Reports said a U.S. offensive disrupted Russia’s infamous social-media troll farm, the Internet Research Agency, on Election Day in November.

Asked how U.S. cyber forces would build on those efforts for the 2020 election, Joyce said the work was already underway.

“We’re pretty proud of delivering a midterm election that was free of malfeasance and interference, and we’re already working pretty hard on the 2020 [election],” Joyce said, adding that the NSA would partner with the Cyber Command, the Department of Homeland Security, and the FBI, among other agencies.

“I fully expect tradecraft to evolve in the adversary space, and we’ve got to do the same,” he said. “So that’s the focus for 2020.”

The continually-contested nature of cyberspace, and its status as an arena of geopolitical competition, was a theme in Joyce’s remarks.

Key to successfully navigating the domain, Joyce said, is understanding that “at any given time, if you can claim some cyberspace superiority, that’s probably fleeting, due to the nature of the technology, the networks, [and] everybody’s understanding of what you’re doing and where you’re going.”