National Cyber Director Singles Out China as He Outlines New US Cyber Strategy
Udumbara
.
Caincross said it was time to shift the burden in cyberspace from Americans to bad actors, taking the opportunity to single out China, whose communist regime is known to have sponsored mass cyberespionage and cyberattack pre-positioning campaigns against Americans and allies.
“And by bad actors, I want to particularly point to China as the numero uno in that category,” he said at the policy event.
Cairncross said the Volt Typhoon campaign—in which Chinese state-sponsored hackers infiltrated critical infrastructure systems, pre-positioning themselves for disruption in the event of a conflict—is not something the United States would have tolerated if it had happened through non-digital means, and should not be tolerated now.
He said there was only “one reason” the Chinese regime would order such a campaign, and “it’s to impose a strategic dilemma on the United States, and the United States in no other sphere really allows that to happen.”
“And Salt Typhoon is one of the largest espionage campaigns in the history of espionage,” he said.
“It’s not something to be shrugged off, or the actions of some benign strategic competitor.
“This is activity that is meant to do us harm, and we should send a message that it’s unacceptable.”
A priority of his office will be to “really start to shape adversary behavior,” Cairncross said.
“We can’t be ambiguous,” he stated. “We have to be clear that behavior is unacceptable and there has to be a cost to shift their risk calculus in this space.”
At the summit, Cairncross said the Trump administration is ready to drive a new cyberstrategy that will “advance U.S. interests and thwart our adversaries in cyberspace.”
He stated that the United States needs to create an “enduring advantage” over authoritarian regimes like the Chinese regime, which he said has the ability to “integrate instruments of power more seamlessly than we can.”
Streamlining Cooperation
Another top priority of Cairncross’s office will be to pave the way for coordination between various partners, so that U.S. responses to these cyberintrusions are no longer a “tactical patchwork system,” he said.“The United States hasn’t had an overarching cyber policy, a strategy that’s set in coordination with, from offense all the way through to end user defense to state, local, and tribal governments working together in putting tactical operations and policies in place that support and feed into that strategy. And that is what we are going to do,” he said.
Cairncross expressed confidence in the leadership and interagency colleagues in cutting through “bureaucratic nonsense” to collaborate cohesively, and said he aims to reduce similar regulatory burdens for the private sector to allow them to move quickly in partnership as well.
“Our infrastructure is privately run, but it’s the government’s job to work to integrate that defense,” he stated.
“There is a tremendous opportunity here to align academia, the private sector, military to build a pipeline that develops talent and shares it; we ought to be building a patriotic cyber force.”
Cairncross expressed a personal interest in building up a patriotic talent pipeline, previewing ideas involving venture capital and schooling programs.
“This is something to do on behalf of your country, there’s a service component here, and there’s a broad range of [opportunities] in the federal government and private sector,” he said.
U.S. allies play a vital role in these partnerships as well, he said, “particularly Five Eyes,” referring to the alliance of the United States, Canada, Australia, the United Kingdom, and New Zealand.
“There’s a lot to be done,” he stated.
“There [are] many partners around the world who are looking for help as China attempts to export a surveillance state across planet Earth, country by country, continent by continent. We have to engage to help fight them.”
