The United States Cyber Command has quietly taken a significantly more aggressive approach to defending against cyberattacks, a shift in strategy by the Pentagon that could heighten the risk of conflict with adversaries that sponsor menacing hacking groups, The New York Times reported on Sunday.
The change from a largely defensive posture came in the spring, as the Pentagon ordered nearly daily raids on foreign networks in an attempt to disable cyberweapons before they can be used against the U.S., according to strategy documents, as well as military and intelligence officials.
The change in approach came as a result of both the greater authority given to military commanders overall by President Donald Trump and the recognition that the U.S. has not been defending itself adequately against the increasing number of attacks.
This is especially so since U.S. intelligence agencies have for several years identified cyberthreats as the No. 1 risk facing the country, greater even than terrorism.
However, it is unclear how carefully the administration has taken into consideration the various risks involved if the plan is acted on in classified operations, particularly how to avoid an unforeseen escalation against nuclear-armed nations as it wields its growing cyberarsenal.
The risks of escalation, which could lead to retaliatory strikes against American banks, dams, financial markets or communications networks, are considerable, according to officials.
Another factor that has to be taken into consideration is that such aggressive actions against an adversary often requires secretly operating in the networks of an ally, which frequently made the Obama administration think carefully about doing so.
But under the Trump administration, the traditional structure of White House oversight of cyberactivities is being taken apart, as new national security adviser John Bolton eliminated the position of White House cybercoordinator, who had overseen the complex mix of cyberactivities run by the government.
This new aggressive approach comes as a special authority is helping Cyber Command to streamline and expedite its recruitment and hiring processes in order to add the necessary personnel, according to the Department of Defense.
The objective of the overall strategy, according to the new "vision statement" quietly issued by the command, is to "contest dangerous adversary activity before it impairs our national power," the Times reported.
Pushing American defenses "as close as possible to the origin of adversary activity extends our reach to expose adversaries' weaknesses, learn their intentions and capabilities, and counter attacks close to their origins," the document says. "Continuous engagement imposes tactical friction and strategic costs on our adversaries, compelling them to shift resources to defense and reduce attacks."