The Trump administration on Thursday announced that the U.S. will now officially act to deter and respond to cyberattacks with offensive actions against foreign adversaries.
The U.S.’s new cyber strategy, signed by President Trump and now in effect, marks the federal government officially taking a more aggressive approach to cyber threats presented from across the globe.
{mosads}National security adviser John Bolton said that the actions are part of an overall deterrence strategy: Launching cyberattacks against actors in, or sponsored by, other nations, he said, will prevent those adversaries from attacking the U.S. in the first place.
Bolton also confirmed that Trump had signed a measure a few weeks ago rescinding an Obama-era directive on how cyberattacks against other countries are carried out. That directive required several agencies to weigh in on the decision to launch attacks against those in other countries.
The Wall Street Journal first reported on the new directive last month.
“We will respond offensively as well as defensively,” Bolton said, adding that “it’s important for people to understand that we’re not just on defense.”
He also suggested that work on offensive efforts has taken place in the weeks since Trump signed the directive rescinding the Obama-era laws.
And he added that not every response to a cyberattack would necessarily occur in cyberspace, opening the door for possible sanctions or military actions.
Bolton also appeared to hit the Obama administration over its approach to cyber in his remarks to reporters, saying that the U.S. is now “not just on defense, as we have been — primarily on defense — for a period of time.”
Bolton disputed the characterization of the U.S. as being “engaged in a cyber war.” He said he believed that America’s adversaries should be aware of the possibility of offensive action and he hoped it would deter future attacks.
The offensive moves are included in the U.S.’s new overall cyber strategy, which the administration has structured around four main pillars.
Those efforts include protecting federal networks and critical infrastructure, preventing intellectual property theft, exposing and attributing cyberattacks and threats, as well as ”promoting responsible behavior among nation states.”
The strategy also outlines the roles of various federal agencies in countering the threats. Bolton said that no one agency was given the lead on cyber, as the threats can differ for each department.
Homeland Security Secretary Kirstjen Nielsen said the new strategy will guide her department “in a number of areas, including securing federal networks and information systems, managing risk to the nation’s critical infrastructure, and combating cyber crime.”
“Cybersecurity is a shared responsibility, and the Department of Homeland Security will continue to stand with our partners, in government and industry, to raise our collective defense against cyber threats to our security, prosperity, and way of life,” Nielsen said in a statement.
The State Department lauded its own efforts on cyber in a release shortly after the unveiling of the strategy, saying it is “addressing malicious state-sponsored cyber activity that is inherently destabilizing and contrary to the national interests of the United States and its partners and allies.”
“We also work to ensure that there are consequences for disruptive cyber behavior that harms the United States and our partners, with recognition that all instruments of national and international policy are available to prevent, respond to, and deter malicious cyber activity against the United States,” the department said in the release.
This is the second notable move by the Trump administration this month on the cybersecurity front. Trump earlier signed an executive order authorizing sanctions on foreign actors who were found to have interfered in U.S. elections.
The new strategy was also unveiled just days after the Defense of Department released its own cyber strategy, which says the military will “defend forward” in instances of cyber threats.
The Trump administration has faced criticism for not doing enough to deter cyberattacks against the U.S., particularly those that took place during the 2016 election.
Still, administration officials have recently issued warnings of cyber threats from countries including Russia, Iran, North Korea and China. Facebook, Twitter and Google have also recently deleted accounts believed to be linked to a disinformation campaign backed by the Iranian government.
The Department of Justice earlier this month also unsealed a criminal complaint against a North Korean hacker, alleging that he and others carried out several global cyberattacks with the backing of the North Korean government.
Bolton said during the call with reporters that writing the strategy “takes some time to do,” noting that many federal departments were involved in developing the full guidance.
And he defended his decision to eliminate the cybersecurity coordinator position from the White House earlier this year, noting that there are two directors on cybersecurity on the National Security Council and referring to the now-defunct coordinator job as being redundant.
Updated at 5:26 p.m.