Google says it is starting a cyber βdisruption unit,β a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.
But the contours of that larger shift are still unclear, and whether or to what extent itβs even possible. While thereβs some momentum in policymaking and industry circles to put a greater emphasis on more aggressive strategies and tactics to respond to cyberattacks, there are also major barriers.
Sandra Joyce, vice president of Google Threat Intelligence Group, said at a conference Tuesday that more details of the disruption unit would be forthcoming in future months, but the company was looking for βlegal and ethical disruptionβ options as part of the unitβs work.
βWhat weβre doing in the Google Threat Intelligence Group is intelligence-led proactive identification of opportunities where we can actually take down some type of campaign or operation,β she said at the Center for Cybersecurity Policy and Law event, where she called for partners in the project. βWe have to get from a reactive position to a proactive one β¦ if weβre going to make a difference right now.β
The boundaries in the cyber domain between actions considered βcyber offenseβ and those meant to deter cyberattacks are often unclear. The tradeoff between βactive defenseβ vs. βhacking backβ is a common dividing line. On the less aggressive end, βactive defenseβ can include tactics like setting up honeypots designed to lure and trick attackers. At the more extreme end, βhacking backβ would typically involve actions that attempt toΒ deliberately destroy an attackerβs systems or networks.Β Disruption operations might fall between the two, like Microsoft taking down botnet infrastructure in court or the Justice Department seizing stolen cryptocurrency from hackers.
Trump administration officials and some in Congress have been advocating for the U.S. government to go on offense in cyberspace, saying that foreign hackers and criminals arenβt suffering sufficient consequences. Much-criticized legislation to authorize private sector βhacking backβ has long stalled in Congress, but some have recently pushed a version of the idea where the president would give βletters of marqueβ like those for early-U.S. sea privateers to companies authorizing them to legally conduct offensive cyber operations currently forbidden under U.S. law.
The private sector has some catching up to do if thereβs to be a worthy field of firms able to focus on offense, experts say.
John Keefe, a former National Security Council official from 2022 to 2024 and National Security Agency official before that, said there had been government talks about a βnarrowβ letters of marque approach βwith the private sector companies that we thought had the capabilities.β The concept was centered on ransomware, Russia and rules of the road for those companies to operate. βIt wasnβt going to be the Wild West,β said Keefe, now founder of Ex Astris Scientia, speaking like others in this story at Tuesdayβs conference.
The companies with an emphasis on offense largely have only one customer β and thatβs governments, said Joe McCaffrey, chief information security officer at defense tech company Anduril Industries. βItβs a really tough business to be in,β he said. βIf you develop an exploit, you get to sell to one person legally, and then it gets burned, and youβre back again.β
By their nature, offensive cyber operations in the federal government are already very time- and manpower-intensive, said Brandon Wales, a former top official at the Cybersecurity and Infrastructure Security Agency and now vice president of cybersecurity at SentinelOne. Private sector companies could make their mark by innovating ways to speed up and expand the number of those operations, he said.
Overall, among the options of companies that could do more offensive work, the βindustry doesnβt exist yet, but I think itβs coming,β said Andrew McClure, managing director at Forgepoint Capital.
Certainly Congress would have to clarify what companies are able to do legally as well, Wales said.
But thatβs just the industry side. Thereβs plenty more to weigh when stepping up offense.
βHowever we start, we need to make sure that we are having the ability to measure impact,β said Megan Stifel, chief strategy officer for the Institute for Security and Technology. βIs this working? How do we know?β
If there was a consensus at the conference itβs that the United States β be it the government or private sector β needs to do more to deter adversaries in cyberspace by going after them more in cyberspace.
One knock on that idea has been that the United States can least afford to get into a cyber shooting match, since itβs more reliant on tech than other nations and an escalation would hurt the U.S. the most by presenting more vulnerable targets for enemies. But Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, said that idea was wrong for a couple reasons, among them that other nations have become just as reliant on tech, too.
And βthe very idea that in this current bleak state of affairs, engaging in cyber offense is escalatory, I propose to you, is laughable,β he said. βAfter all, what are our adversaries going to escalate to in response? Ransom more of our hospitals, penetrate more of our water and electric utilities, steal even more of our IP and financial assets?β
Alperovitch continued: βNot only is engaging in thoughtful and careful cyber offense not escalatory, but not doing so is.β
The post Google previews cyber βdisruption unitβ as U.S. government, industry weigh going heavier on offense appeared first on CyberScoop.
Login
