How cyber's forward defense could backfire

In recent months, the Pentagon has begun taking a more aggressive posture in its approach to cyber conflicts, seeking to slow attacks by taking the fight to enemy networks. But experts worry that approach could escalate cyber conflicts in ways the U.S. may not be prepared to absorb.

How we got here: Cyber Command, the Department of Defense's unified command for cyberwarfare, was conceived under President George W. Bush. It has been elevated in the chain of command under President Trump, who gave it increased autonomy as part of a Defense-wide effort to give the military more agility.

Why it matters: Under the new approach, there is "a very real danger of escalation," said Lisa Monaco, a former assistant to the president for homeland security and counterterrorism, via email.

• Monaco notes that there are no international standards for what types of cyber actions constitute warfare , but other countries will tend to see what the U.S. does as acceptable.
• There is no way to insure that another country will interpret actions the U.S. takes on its network as defensive.

The topic of the newly unleashed Cyber Command re-emerged Monday in a book excerpt in the New York Times by its cybersecurity reporter David Sanger.

What we're missing: "This is far from a cure-all to our cyber problems," said Michael Morell, former deputy director of the CIA. He sees two big hang-ups:

• First, hackers often route attacks through other people's servers, meaning disabling an attack from Russia might mean damaging a server in England — an act of war against England, not Russia.
• "Second, using our capabilities to attack the attackers is often not that effective because of the ease with which adversaries can move from one server to another," said Morell.

The best defense is a good defense: The best deterrent to a cyberattack, said Peter Singer, strategist at the New America Foundation, is "demonstrating that attacks won't work" — which can be as simple as hardening systems.

• "If you believe that [offensive] kind of activity is necessary, then you must increase your defenses as well because other countries and groups will start carrying out these actions against the U.S.," said Michael Daniel, former President Obama's cybersecurity coordinator.
• The White House has, in recent months, eliminated the cybersecurity coordinator position, which may limit the effectiveness of federal agencies' efforts to protect the nation from attacks.