Cyber Command lawyer calls for military operations against hackers

The top lawyer for U.S. Cyber Command is calling for the United States to push back against transnational criminal hackers with military cyber operations.

Marine Lt. Col. Kurt Sanger, general counsel at the command, wrote in a recent article published to Lawfare.com that ransomware attacks and other threats such as SolarWinds and Colonial Pipeline hacks highlight “the broad and severe impacts criminals can inflict through cyberspace.”

The disruptions caused by the events “have demonstrated that what initially may be categorized as crime may be better thought of as a national security threat,” and the United States must use its own cyber strength if the threats are to be defeated, Sanger argued.

“Under ideal conditions, law enforcement organizations would address any type of criminal activity; however, in cyberspace, ideal conditions rarely prevail,” Sanger wrote with co-author Navy Cmdr. Peter Pascucci, a judge advocate.

“Transnational crimes, of varying scale and sophistication, can surpass the capacity of U.S. federal law enforcement to take immediate action. … operational opportunities often must be seized immediately by whatever entity is best positioned to do so.”

The article includes a disclaimer that “theses opinions are the authors’ own and do not necessarily reflect official positions of the Department of Defense or any other U.S. Government organization.”

It is notable, however, that Sanger — who has advised commanders on cyberspace operations and national security issues since 2014 — is arguing for pushback against hackers through military cyber means.

U.S. administrations for years have hesitated in using their own cyber weapons to respond to hacking by other countries or criminals due to America’s vulnerabilities in cyberspace and its susceptibility to potential retaliatory hacking.

Sanger and Pascucci were responding to an April article by former White House cyber adviser Jason Healey, who wrote on Lawfare.com that military cyber operations against hackers should only be considered if it met a multi-part test finding the threat to be imminent, very dangerous, large in scope and linked to major nation-state adversaries.  

“If implemented, Healey’s five-part test would significantly disadvantage the United States and take major assets out of the president’s hands,” the author’s wrote. “The self-restraint imposed by this test is ill fit given the nature of cybercrime, the nature of cyberspace targets, and the threats cybercrime poses to the nation and its interests.”

They also note that the self-restraint Healey argues for may be “exactly what U.S. adversaries hope for when committing lawfare and engaging in gray zone operations,” meaning the use of proxy criminals and other ways to hack adversaries without triggering a response.  

A spokesperson for Cyber Command told NBC News, which first highlighted the article, that “U.S. Cyber Command’s roles are to enable our partners…with the best insights available and act when ordered to disrupt, degrade, or otherwise impose consequences on our adversaries. The command provides options…but does not set policy.”