Top cybersecurity official: U.S. should employ "range of tools" against active adversaries
Editor's note: This "Intelligence Matters" interview was taped on June 19, before recent cyber-related events in Iran took place.
As cyberattacks against targets in the United States grow more pervasive, frequent and sophisticated, the U.S. government should leverage a diverse array of retaliatory and response measures, according to Chris Krebs, the top cybersecurity official at the Department of Homeland Security (DHS).
"When we understand that there is an active adversary — whether it's a criminal group, a proxy group, a nation state — the U.S. government needs to act using a range of tools both overt and covert, offensive legal sanctions, diplomatic," Krebs said. "We have a broad range of tools."
Krebs, who leads the recently elevated Cybersecurity and Infrastructure Security Agency (CISA) at DHS, spoke with "Intelligence Matters" host and CBS News senior national security contributor Michael Morell about the country's response options in what has become an increasingly broad threat landscape. As more critical systems in the U.S. become internet-connected and more foreign cyber actors refine their intelligence-gathering and offensive techniques, Krebs said, private industries and the government have no choice but to work more closely together.
(The interview with Krebs was taped before news emerged that U.S. Cyber Command had taken retaliatory strikes against Iranian targets and before CISA issued a warning to U.S. entities about a recent rise in malicious cyber activity by Iranian regime actors and proxies.)
"If we learned anything, I think, through 2016 and the Russian interference with our elections, it's: no single organization, no single state, no locality can go at this problem alone," Krebs said.
"When you're facing a concerted effort from the Russian military, the GRU, the SVR, the FSB, it's going to take a team effort to push back and harden the underlying infrastructure, harden our people, our citizenry, and then strike back when we have to," he told Morell.
In his role atop CISA, Krebs is charged with leading cybersecurity defensive efforts across the U.S. government and helping private sector organizations that own or operate critical infrastructure access information about potential threats.
"Over the intervening 15, 16 years since 2003 when [DHS] was stood up, the threat landscape has shifted dramatically," he said. "We have peer and near-peer adversaries. Great power competition is a thing again."
China and Russia are among the most capable and aggressive adversaries the U.S. faces, Krebs told Morell, though their long-term strategies have differences.
The Chinese government appears to be jockeying for economic position and seeking to make the U.S. into something of a "client state," Krebs explained.
"They're not trying to disrupt us, necessarily. They're trying to manipulate us," he said. "And they're getting there by intellectual property theft, acquiring U.S. companies, requiring U.S. companies to come into the Chinese market to join in [joint ventures] and tech transfer."
"And they're as effective as they've ever been," Krebs told Morell. "They're improving their tradecraft. And rather than going that whack-a-mole, onesie-twosie approach, they're going to the points of aggregation. And they're just sweeping up a whole bunch of information while they're doing it," he said, citing a December 2018 indictment of Chinese government-linked actors who targeted cloud service providers.
Russia, by contrast, is playing a more destabilizing role, he said.
"I look at Russia as trying to disrupt the system, particularly from an elections and undermining-democracy perspective," Krebs said. "They're trying to knock us off our global position as a leader of the free world ... And that's really what it comes down to."
"Russia's not trying to win the game. They're trying [to cause] everyone else to lose," he said.
As CISA works to shore up state and local election systems ahead of the 2020 election, Krebs said, his team is active in all 50 states and engaging with nearly 2,000 local election jurisdictions. CISA has also offered briefings on basic cybersecurity measures to all the presidential candidates who have entered the race.
He expressed hope that CISA's warnings and advice were breaking through.
"I mean, gosh, if you didn't learn from 2016, the you're not listening," he said. "And shame on us if we're not ready this time around."
For much more from Michael Morell's conversation with Chris Krebs, you can read the transcript here and subscribe to "Intelligence Matters" here.