The National Security Council’s senior cybersecurity director expects the U.S. to push the envelope on offensive hacking, but said those endeavors shouldn’t detract from efforts to establish more robust defensive cybersecurity measures.
Speaking Tuesday at the Billington Cyber Summit, Alexei Bulazel’s remarks are the summation of recent public appearances he’s made since taking his role in NSC. He’s made clear endorsements of taking more assertive stances in cyberspace against adversaries like China, which have targeted and infiltrated troves of critical infrastructure around the country.
But offensive cyber should be a “yes, and” approach, he said on stage.
Offensive measures are “an important tool of the toolbox that we’ll be unafraid to use,” he said. “But that’s not to say we don’t need to do normal blocking-and-tackling cyber defense. It’s very much a ‘Yes, and we’re going to do all the defense at a world class level.’”
The National Security Agency, U.S. Cyber Command and other entities are legally authorized to conduct clandestine intrusions into adversary networks, though lawmakers from both parties contend that the nation’s tactics haven’t been sufficiently assertive to scare away enemy hackers.
But defensive measures that can help scan, detect and mitigate vulnerabilities shouldn’t be forgotten, Bulazel stressed. He said artificial intelligence tools can help accelerate these dynamics, and called back to a recent DOD-led competition focused on using AI tools to patch code vulnerabilities.
Those winners were announced last month. On average, the competitors’ models patched flaws in just 45 minutes, according to the Defense Advanced Research Projects Agency’s analysis of their performance.
Bulazel also said Sean Plankey, Trump’s nominee to head the Cybersecurity and Infrastructure Security Agency within DHS, will be a “great guy” to lead on defensive work. CISA is tasked with defending against cyber and physical threats to U.S. critical infrastructure and federal networks.
