Nakasone discusses deterrence, dual-hat structure at confirmation hearing
- By Lauren Williams
- Mar 01, 2018
The U.S. has failed at deterring cyberattacks.
Lt. Gen. Paul Nakasone, the nominee to be the next director of the National Security Agency, told senators in a confirmation hearing March 1 that adversaries such as Russia and China hack the U.S. because they don’t fear the consequences.
“They do not think that much will happen to them…they do not fear us,” Nakasone said during the hearing when Sen. Dan Sullivan (R-Alaska) asked what would happen to adversaries after a cyberattack.
“As cyberspace develops, the longer that we have inactivity, the longer our adversaries are able to establish their own norms – and I think that is very, very important that we realize that,” Nakasone said.
Nakasone’s comments echoed those of current NSA Director Adm. Michael Rogers, who also heads U.S. Cyber Command, and who told legislators on Feb. 27 the White House hadn’t given him proper authority to disrupt Russian hacking operations at their base.
Nakasone, who currently leads Army Cyber Command, said the U.S. needed a cyberwarfare strategy and doctrine, which “are critical to be able to set the framework for not only how we operate but also as a message to our adversaries as well.”
If confirmed, Nakasone said, he would help shape cyberwarfare policy – along with Congress, the defense secretary and the White House -- but he emphasized that cyber should be only one part of a comprehensive, whole-of-government strategy.
“We should always think of cyberspace not necessarily as always being a cyber response,” Nakasone said. “What we have to do is continue to determine what is the best way forward here what best fits within our national strategy and then act on that.”
Nakasone’s bluntness with respect to U.S. adversaries such as North Korea, China and Russia drew a passionate response and endorsement from Sen. Benjamin Sasse (R-Neb.) who said Nakasone’s exchange with Sullivan was the most important thing to happen on Capitol Hill that day.
“We’re 31 years into cyberwar but we’re four years into regular attacks against the United States, to which we publicly admit we don’t respond or we don’t respond in any way that can change behavior,” he bellowed.
Later Sasse said, “This is ultimately not the responsibility of uniformed military, to bear the brunt of the hopefully rightful anger an ire of the American people. But their government is failing them. At the top at the executive and legislative level we are not responding in a way that is adequate.”
Sasse ended his questioning by saying Nakasone would “clearly be confirmed,” adding that the country would be “blessed to have him in this role.”
If confirmed, Nakasone would assume command of U.S. Cyber Command as part of the controversial dual-hat role. He didn’t offer an opinion but vowed to assess and report findings on the appropriateness of the merged roles to the defense secretary and Director of National Intelligence within 90 days of taking office.
“I think we begin with the question, what’s best for the nation,” Nakasone said. "And I think that’s critical for us to consider, is it best for the nation that the National Security Agency and U.S. Cyber Command stay together under one leader or is it time now that we think about a separate National Security Agency and a separate [cyber] combatant command.”
In prepared written responses to committee questions, Nakasone noted that the 2017 National Defense Authorization Act outlined six conditions for terminating the dual-hat arrangement. "If confirmed, I will evaluate these conditions and provide my assessment to the Secretary of Defense and the Chairman of the Joint Chiefs of Staff, who must certify these conditions are met to ensure that termination does not adversely impair either organizations’ mission," he wrote.
During his testimony, Nakasone added that one of his top priorities as head of Cyber Command and NSA would be to increase readiness through cross-functional teams.
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.