Cyber responses will be ‘linked to adversary actions,’ involve industry, White House says

Future U.S. government responses in cyberspace will be “linked to adversary actions” and will involve coordination between the private sector and smaller governments, a top White House official said Thursday.

The dynamic, which will be codified in a forthcoming national cyber strategy, is meant to make clear that foreign adversaries’ actions that target U.S. networks have consequences, according to Alexandra Seymour, who serves as the principal deputy assistant national cyber director for policy in the Office of the National Cyber Director.

“To do this, we will need to coordinate closely with state and local governments and the private sector, including critical infrastructure owners and operators, who are often at the front lines of our cyberdefense,” Seymour said at CyberScoop’s CyberTalks event in Washington, D.C.

Her remarks align with a broader desire in the Trump administration to take a more gloves-off approach to countering foreign rivals when they target U.S. computer networks. Recent Chinese intrusions into telecom systems and other critical infrastructure have motivated current and former officials to call for a more offensive approach to cyberspace matters over the last year.

Seymour’s comments also align with details from reports last year indicating the private sector would have a degree of involvement in offensive cyber matters. It’s not entirely clear how coordination with industry would work. Private-sector participation in government-backed offensive cyberattacks is hotly debated because of the potential for escalation and blurred lines between state-sponsored and private activity.

U.S. intelligence and hacking giants like the NSA, CIA and Cyber Command already have legal authority to launch offensive cyber operations that target foreign rivals, and they have done so more overtly in recent months.

The national cyber strategy will be released “soon,” Seymour said, without providing an exact day. The release date for the strategy has been a mystery among industry officials for weeks now. It was originally expected in January.

The Office of the National Cyber Director has been developing the short strategy for months now. The six-pillar framework would focus on taking steps to preempt foreign adversaries’ hacking capabilities, reform cybersecurity regulations to reduce compliance burdens, modernize federal networks, secure critical infrastructure, encourage superiority in emerging technologies and build a business-driven cyber talent pipeline.