Dunford: U.S. has work to do in cyber deterrence

The U.S. military still has a lot of work to do to improve its ability to deter adversaries in cyberspace, according to the country's top general.

"We...need to develop a framework within which to deter cyberthreats, and obviously attributing threats and managing escalation and hardening ourselves against cyberattacks are all areas that require more work," said Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, during a March 29 appearance at the Center for Strategic and International Studies in Washington.

The Obama administration sent a cyber deterrence policy to lawmakers last December after long-standing criticism from Capitol Hill that the administration lacked a strategy. All instruments of power, including military and economic means, should be used to "create uncertainty in adversaries' minds about the effectiveness of any malicious cyber activities," the plan states.

In response to questions after his remarks, Dunford said he was not referencing the administration's broad deterrence strategy but instead talking about "operationalizing" cyber deterrence. Beefing up resiliency and improving the government's ability to attribute activity in cyberspace to its source are part of that effort, he added.

A deterrence framework is one thing, but "operationalizing that and actually having the tools to implement that, those are all different things," Dunford said.

Although U.S officials have generally said the government's ability to identify hackers or other actors in cyberspace has improved, the progress comes with a caveat, said Adm. Michael Rogers, commander of U.S. Cyber Command. Nation-states could increasingly turn to surrogate actors to cloak their operations in cyberspace, he has predicted.

The Joint Chiefs' unclassified email network suffered a debilitating hack beginning in July 2015 that shut down the network for about two weeks. Dunford has said the hack, which news reports have attributed to Russian spear phishers, showed that the Defense Department had made insufficient investments in cyberspace.

In response to an array of cyberthreats to defense systems and out of a desire to boost the military's own hacking capabilities, Dunford and Defense Secretary Ash Carter have asked Congress for about $6.7 billion to spend on cybersecurity in fiscal 2017. That is $900 million more than DOD spent in fiscal 2016.