#nationalcybersecuritymonth | US officials are rethinking how to dissuade cyberattacks


In a coordinated show of force last month, the State Department and the Department of Defense joined more than 20 other nations in attributing and condemning a 2019 cyberattack on the country of Georgia to Russia’s military intelligence wing.

The move was part of a broader “name and shame” strategy aimed at slowing cyberattacks from foreign adversaries, part of a deterrence policy that also includes indictments and sanctions.

But during the one of the cybersecurity community’s biggest trade shows, just days after the State Department announcement, U.S. policymakers repeatedly acknowledged their strategies for discouraging state-backed cyberattacks aren’t working. And, in that vacuum, what’s re-emerging is a debate over what the federal government should do now — especially given the expanding threat several nation-state actors pose to the 2020 presidential election.

While some officials hope sanctions and indictments will eventually force hackers to think twice before attacking American networks, other experts suggested that the federal government should lower the bar for a military strike in response to a digital attack.

“We should be very explicit about how low the threshold is for a kinetic response to an attack on our infrastructure,” said Tom Corcoran, a former senior staffer on the House and Senate intelligence oversight committees from 2001 to 2014 and the current head of cybersecurity at Farmers Insurance Group. “It doesn’t necessarily need to cause a loss of life or even a significant economic impact.”