Cyber Command chief stands by comments on 'offensive' operations against Russia

U.S. Cyber Command and National Security Agency chief Gen. Paul Nakasone stood by his comments last month about the U.S military conducting offensive cyber operations against Russia in its defense of Ukraine.

In June, Nakasone told the U.K.'s Sky News that the U.S. "conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations."

Nakasone, during a panel discussion Tuesday with FBI Director Christopher Wray at the International Conference on Cyber Security, said his June statement stands in terms of the sorts of operations U.S. Cyber Command is conducting in response to the Russian invasion.

"We do three things at U.S. Cyber Command: We defend the Department of Defense’s networks, data and weapons systems. We defend the nation’s cyberspace with a series of interagency partners. And we provide support to joint force commanders like U.S. European Command. So we deny, degrade and disrupt. Being able to detect, defend, disrupt and deter, these are all things that we do in the course of our operations," he said.

"My comments stand in that in terms of what we’re doing, [which] obviously includes a variety of those things to deny, degrade and disrupt. I think this is exactly what we should expect out of U.S. Cyber Command and how we move forward."

Nakasone's comments last month, made in Tallinn, Estonia, appeared to contradict the White House policy that the U.S. not engage in any direct conflict with Russia while assisting Ukraine. They also caused concern among security experts wondering how Russia would respond.

Russia's Foreign Ministry threatened the U.S. in response, warning that they should not "provoke Russia into retaliatory measures."

"A rebuff will certainly follow, it will be firm and resolute. However, the outcome of this mess could be catastrophic, because there will be no winners in a direct cyber clash of states," the Russian Foreign Ministry said.

Russian Foreign Ministry cautions the United States against provoking Russia's "retaliatory measures" in cyberspace, the rebuff would be "firm and resolute." The outcome could be catastrophic: "there will be no winners in a direct cyber clash of states"https://t.co/e6YdgigBT4 pic.twitter.com/ParK5gs63a

— Oleg Shakirov (@shakirov2036) June 6, 2022

White House press secretary Karine Jean-Pierre later denied that the offensive operations described by Nakasone conflict with White House policy.

At the conference on Tuesday, Nakasone explained that U.S. Cyber Command has engaged in 50 different "hunt forward" operations across 16 different countries over the past three years. He described the operations as instances where countries invite U.S. Cyber Command in and have them effectively test their systems against theoretical attacks.

"This is a growth industry for us. We have a number of different countries that are interested in working with us on it," he said.

"We are also positioning ourselves to understand our adversaries better so we have a series of operations we’re conducting now as we approach the Fall."

Ransomware attacks on the decline?

Nakasone also backed previous claims from NSA Cybersecurity Directorate chief Rob Joyce that there has been a decrease in ransomware attacks since Russia's invasion of Ukraine.

Joyce said in May that U.S. sanctions and the increased defensive posture of organizations was contributing to the decline, something some private industry ransomware experts have disputed.

At the conference Tuesday, Nakasone reiterated that U.S. Cyber Command is seeing a decrease in ransomware attacks.

"I would echo Rob Joyce’s comments. We’re seeing Russians much more focused on activities related to Ukraine," he said, adding that they have seen increases in the use of wiper malware.

Wray, meanwhile, told the audience that the FBI continues to see a range of ransomware attacks with varying motives targeting almost all of the critical infrastructure sectors in the U.S.

"Ransomware itself is evolving. It used to be that a bad actor was only a cybercriminal and was only trying to lock up your system for money. Now, two things have changed. Sometimes the ransomware actor isn't a cybercriminal, its a nation-state with a different motive in mind," he explained.

He noted that these groups may never provide victims who pay ransoms with decryption keys because their motives may be more destructive than pecuniary, citing the NotPetya attacks that caused $10 billion worth of damage worldwide.

"This is a manifestation of a trend we're seeing across the cyber landscape which is called a 'blended threat' where nation states work with cybercriminals. Nation-state actors now also moonlight and make money on the side as cybercriminals. And nation-states now use cybercriminal tools like ransomware to look like their cybercriminals and not nation-states. All this is happening more and more."