We recently had the opportunity to interview the Director for Intelligence (J2) for the Joint Chiefs of Staff, RADM Paul Becker, USN.
RADM Becker has served in this position since September 2013. The Joint Staff J2 is a position requiring a constant awareness of the day-to-day threats to the nation. Becker had the perfect background for this position, having served in a similar capacity at the United States Pacific Command, the combatant commander with the largest area of responsibility in the U.S. military. He has also served in operational positions leading large intelligence activities forward in Afghanistan and in many other hot spots around the globe.
Our questions of RADM Becker centered around the cyber threat from the high-end actors. Our dialog is captured below:
Gourley: There is a school of thought that says in cyber security the adversary does not matter. Since identifying who is attacking is hard, the most important thing is to just defend against everyone and patch everything. Is this consistent with your view?
Becker: I would never advise to leave systems unpatched. History is pretty clear that not paying attention to your own systems is setting yourself up for failure. But studying the potential adversaries in cyberspace can help you prepare in other, more strategic ways. Studying adversaries and what they want can inform key decisions before and during attacks.
Gourley: Every potential adversary out there has savvy computer scientists and advanced technologies and research organizations that help them develop advanced attacks. Are those the kind of things you mean we should be studying?
Becker: When it comes to threats, we too often focus on adversaries’ “What” and “How” … “What [are they doing]?” and “How [are they doing it]? … That applies in conventional kinetic or territorial scenarios, and it’s my experience the “What are they doing” and “How are they doing it” dominate discussions in cyber scenarios as well.
I’d like to focus on the Why … “Why [are they’re doing it]? … Which delves into understanding adversaries’ grand strategies, and why they employ cyber actions, particularly against our business sector.
Gourley: Who are the high-end cyber adversaries we should be learning more about?
Becker: I’ll list four: China, Russia, Iran, North Korea. The Chinese in particular are cleaning us out in the aerospace world by exploiting well-known vulnerabilities … and those vulnerabilities are eroding our aerospace dominance. It’s not that we lack the ability to engineer the best designs in the world. It’s that too many of those key components are stolen via IP theft before they are even brought to market, thereby damaging our national advantage. Meanwhile, according to the DNI’s congressional testimony earlier this year, Russia remains the most sophisticated threat across the cyber board, while Iran and North Korea are less capable but more unpredictable and aggressive.
Gourley: You mentioned China, but can you give any insights into why their approach to the Internet differs so much from the U.S. approach?
Becker: The U.S. vision for cyberspace and the Chinese vision differ significantly. It is an important dichotomy to understand.
In the US-published International Strategy for Cyberspace, cyberspace is seen as a seamless landscape of global networks that is interoperable, open, secure, reliable and based on norms of behavior (respect for private property, personal privacy, protection from crime). Most importantly, it grows and develops though worldwide multi-stakeholder governance instead of through top-down control. On the other hand, China views cyberspace sovereignty as an extension of their national sovereignty (that’s why they have a “Great Cyber Wall”). In their vision of cyberspace – and the Chinese have a Cyber Strategy as well – the Internet is controlled through state-centric governance, with authority resting with the United Nations, where decisions about the Internet will be made with each country having one vote. The Chinese vision for cyberspace shapes the internet in a way that first and foremost ensures survival of the ruling Chinese Communist Party (CCP) through two pillars; 1) economic growth, and 2) internal stability … 1) ECONOMIC GROWTH – keeping the economic machine moving forward is the prime directive … the ends justify the means … it includes industrial espionage which in turn helps modernize the PRC military and prevent U.S. intervention in Asia, and 2) INTERNAL STABILITY … which includes propaganda and targeting domestic sources of political unrest (read: firewalls to prevent infiltration of foreign influence, intrusive monitoring of the population, and hacking of foreign people’s emails and websites to help enable their hunt for internal dissent).
Gourley: It is pretty clear the U.S. and most other nations are NOT going to adopt the Chinese vision for the Internet. But what are the odds that China will adopt our vision?
Becker: Our two nations’ visions for cyberspace are not congruent and not likely to become so. This is an important point to understand if we want to develop an optimal strategy to address challenges in the U.S. – PRC cyber relationship. We in the U.S. must first understand why China acts the way it does, and that calls for an understanding of Chinese motives and agendas embedded in their strategy. Authoritative Chinese speeches and writings consistently present the PRC as an underdog to the U.S. in cyberspace and in advanced aerospace platforms and weaponry … they consider us a “hegemon” in this sector; they see themselves as David to our Goliath. And therefore Chinese military theorists regard cyber warfare as an “assassin’s mace” weapon, a weapon that allows a weaker power to destroy a stronger one. Back to one of the CCP pillars; widespread Chinese hacking is not merely an attempt to gain economic or military advantage … It is considered essential to survival for the CCP. In order to achieve the strategic ends of the Chinese Grand Strategy for Rejuvenation, which includes a return to a centuries old position of preeminence in Asia – and with greater influence worldwide – the Ends (preeminence) justify the means (cyber actions against our aerospace sector). At this point the Chinese have no reason to change a strategy that is working in their favor. The Chinese comprehensive cyber strategy is just that; a comprehensive whole of government effort that includes military network reconnaissance, external diplomacy, internal security and international commerce. The Chinese hack because they feel they need to, and they’ve not incurred any costs for doing so that deter their activities, and therefore the U.S. can expect PRC hacking to continue and probably increase in the future.
Gourley: This last point is something that strikes me as important to dwell on a bit. You assess that PRC hacking will continue and probably increase in the future. So, it is not going to stop anytime soon, not matter how much the U.S. wants it to. So, any suggestions on what we do about those types of threat?
Becker: This brings us back to the opening point of the interview. Whether we are talking about China or Russia or North Korea or ISIS, we need to seek awareness of the adversary in ways that doesn’t just talk about capability, but motives. In the case of the PRC, U.S. policymakers and corporate leaders should be familiar with China’s Grand Strategy, and understand how their vision and strategy for cyberspace fits into that when adopting policies and practices aimed at mitigating the threat of cyberespionage or cyberattacks. The U.S. (including industry) should tailor counter-hacking solutions that impose costs on thieves. It’s my sense the current U.S. policy of seeking to counter widespread and damaging Chinese cyberattacks through promoting adherence to international norms and rules for behavior in cyberspace will not achieve great effects. I hope Chinese cyber behavior proves self-defeating. Economic transactions are ultimately about mutual benefit, and nobody should continue doing business with a partner who continually rips them off.
Gourley: What actions do you believe your assessments might motivate in industry?
Becker: You opened your questions on the topic of maintaining systems and that is absolutely important. Better defenses are imperative. But it is also important to put in place, better Information Sharing with those who can help: That is to say if you are in industry and being attacked and you know it, you need to be incentivized to ask for help. No one can beat an adversary like Russia or China alone. Tell the local law enforcement or the FBI that you’re being attacked. And call in professionals from industry who know how to rapidly assess and react to breach. Studying the high-end threat should also lead you to think through how to protect your most important data. Prioritizing protection around your crown jewels will enable you to mount a better defense and perhaps contain damage while you are signaling for help.
Gourley: What actions are being done by government that we should track?
Becker: Earlier this month, the Administration took definitive action by promulgating an Executive Order imposing sanctions against those who seek to undermine or hamper U.S. security through cyberattacks. I applaud that. And just last month, the Secretary of Defense announced the Pentagon’s updated Cyber Strategy. This is a good beginning and must be a critical part of a deterrence plan that wields all instruments of statecraft including political, diplomatic, economic, law enforcement and military capabilities.
Finally, I’d also emphasize practices that impose costs on thieves should be given extra attention and that includes “naming and shaming” hackers (such as Mandiant has done). I’lll leave you with some thoughts espoused by a cyber-savvy colleague, USAF Lieutenant Colonel Enrique Oti, currently a Fellow at Stanford University’s Hoover Institute; if we really want to deter a Chinese business from hacking our aerospace industry we have to personally raise the cost on the Chinese CEOs to such an unacceptable level that they won’t want to hack the U.S. again. Some examples of how to do this include; de-list offending companies from U.S. stock exchanges, seizing assets, freeze bank accounts, close U.S. subsidiaries, indict senior executives, ban travel to U.S. for company employees their families and remove their children from U.S. universities to name a few.
Steps like these will indicate we’re serious about cyber deterrence. To quote an oft-used Chinese proverb, sometimes you need to “kill the chicken – to scare the monkey.”
Gourley: Thank you Admiral Becker for your time and insights.
Becker: You are welcome. Thanks for spreading the word.
