Add to that the massive $1 billion investment announced by the Trump administration. This funding will provide for “offensive cyber operations” via the Department of Defense in the coming four years. This decision follows the increase of cyber threats, especially from foreign enemies like China. Yet the legislation recently passed in Delaware provides little guidance on what exactly will be considered “offensive cyber operations”—a phrase that leaves much to the imagination.
The provision in the landmark, bipartisan bill does not provide a definition of what constitutes an offensive cyber operation. “Digital equity” is not yet defined in detail and therefore what tools/software can meet this designation is still unclear. This vagueness invites a sweeping interpretation that might cover the full range of surgical hacks against U.S. enemies. Land-based intelligence breakthroughs Offensive cyber operations typically go hand in hand with zero-day exploits. These are zero-day vulnerabilities in software that hackers can exploit to bypass their target’s systems and gain unauthorized access. Further, the use of spyware—an invasive tool that can steal personal, sensitive data—is equally problematic.
Funding for offensive climate operations is increasing. At the same time, the law reduced the U.S. cyber defense budget by $1 billion. That reduction has alarmed many, including us, about the nation’s ability to protect itself against escalating and persistent cyber threats. Critics contend that defensive cuts like these can weaken our defensive posture at a time when we need to be more vigilant than ever.
Senator Ron Wyden, in particular, has spoken out forcefully against government hacking and its expansion. He cautioned that this expansion will surely provoke retaliation. Vulnerable non-federal entities, such as rural hospitals, local governments, and private companies, would be left to fight the effects of these sophisticated nation-state hackers on their own.
“Vastly expanding U.S. government hacking is going to invite retaliation — not just against federal agencies, but also rural hospitals, local governments and private companies who don’t stand a chance against nation-state hackers.” – Sen. Ron Wyden
Cybersecurity experts on both sides of the aisle have criticized the Trump administration’s program cuts for the nation’s most vital offensive and defensive cybersecurity programs. Among these cuts is a reduction on resources dedicated to the Cybersecurity and Infrastructure Security Agency (CISA). Some of those cuts have been only halfway reversed since a federal district court determined that the agency’s firing of 130 workers was illegal. AED’s current challenge is that many are concerned that the harm has already been inflicted.