The successful disruption by the U.S. military of Russian cyber activities prior to the 2018 mid-term congressional elections may be proving to be a deterrent against Russian President Vladimir Putin attempting sustained cyber-attacks against Wester targets amid Russia’s war against Ukraine, one of the U.S. Senate’s leading cyber experts said on Wednesday.
Sen. Angus King (I/D-Me.), who was co-chair of the Cyberspace Solarium Commission (CSC), said he can’t “prove” the rationale of Putin’s reluctance for cyber activities against the West but believes the Russian leader is “afraid” of one man.
“I believe that we would have seen more of a cyber intrusion into the West but for Putin is afraid of Nakasone,” King said at an event hosted by the Foundation for Defense of Democracies (FDD). He was referring to Army Gen. Paul Nakasone, who is both commander of U.S. Cyber Command and director of the National Security Agency.
“I think Putin is deterred, frankly, by the capabilities that we have,” King said. “And by what Nakasone and what NSA demonstrated in 2018, in the midterm elections.”
In 2018, Cyber Command took advantage of new offensive authorities granted by then President Trump and Congress to actively counter Russian cyber efforts to sow discord and distrust in U.S. congressional elections. Earlier in 2022, Cyber Command and the NSA stood up a joint Election Security Group to combine efforts to disrupt and deter foreign attempts to interfere with U.S. elections this November.
Rep. Mike Gallagher (R-Wis.), who co-chaired the CSC with King, said at the FDD event that Cyber Command’s “hunt forward teams” enhance the value of deterrence. He mentioned that as of August, these teams had conducted 3,500 operations in 18 countries.
Cyber deterrence ultimately needs to be linked to a more comprehensive deterrence strategy that would also “require actual guns, bombs, missiles and human beings,” Gallagher said.
Different U.S. administrations have discussed cyber deterrence but have yet to codify a strategy that defines it and outlines various responses. Chris Inglis, the Biden administration’s national cyber director, is crafting an overall cybersecurity strategy that King hopes will address deterrence.
Inglis was a commissioner on the CSC, which in its seminal report in March 2020 outlined an end state of layered cyber deterrence consisting of three main pillars, including working with allies and partners to shape international norms of behavior in cyberspace, prevent cyber attackers from enjoying any benefits of their exploits, and impose costs on attackers and intruders.
At the outset of Russia’s unprovoked attack against Ukraine on Feb. 24, cyber-attacks were launched against commercial satellite modems in Ukraine and Europe to deny service. Fixes were implemented in the following hours and days. The attack was later attributed to Russia.
King said that even though Russia included cyber-attacks as part of its invasion of Ukraine, the Ukrainians were “resistant and resilient,” proving that “you can defend yourself.” He added that Ukraine’s cyber defenses were aided by the NSA and others.