Intelligence leaders outline challenges associated with responding to foreign cyberthreats during Senate hearing
Rogers agreed that improvement is needed.
“We have a lot more work to do to put the right deterrence and response framework in place on cyber,” Rogers said. “This is somewhat of a new domain of operations and—in some cases—warfare. In my personal opinion, the next administration would be well served to focus very early on those questions of continuing to develop an overarching policy, a comprehensive approach and an increasingly robust and defined deterrence framework.”
Clapper echoed this sentiment, noting that dealing with cyberthreats is very different from addressing traditional military threats, such as nuclear weapons with awesome power that was been demonstrated in tests and actual deployments.
“In the case of nuclear deterrence, there are instruments that you can see, touch, feel, measure,” Clapper said. “That is what creates both the physical substance of deterrence, as well as the psychology. The problem with the cyber domain is that it doesn’t have those physical dimensions that you can see, feel and touch, as we do with nuclear deterrence.”
Sen. Thom Tillis (R-N.C.) echoed this sentiment, noting that it is critical that federal lawmakers and policymakers quickly become educated about the unique characteristics of threats in the cyber realm.
“We’re in an environment now where we see a threat, and we build a weapons system—it’s on the water, it’s in the air, it’s on the ground—and we kind of counter that threat, and we come up with war plans to use that capability,” Tillis said. “In cyberspace, major weapons systems get create in 24-hour cycles. You have no earthly idea whether or not you have a defensive capability against them.
“So, if you all of sudden think, ‘Let’s go declare war in cyberspace,’ be careful what you ask for. Because, collectively, there are 30 nations right now that have some level of cyber capability. There are four or five of them that are near-peer to the United States. There are two or three that are very threatening and, in some cases, [have] probably superior capabilities to us, in terms of presences—maybe not as sophisticated, but in a cyber context, more lethal.”