EXCLUSIVE: Israel needs to be ready for terrorist 'dirty' cyber bomb

Ex-deputy head of US Cyber Command warns that the West is not prepared for an attack.

By YONAH JEREMY BOB
Hands are seen on a keyboard in front of a displayed cyber code in this picture illustration taken October 4, 2018 (photo credit: DADO RUVIC/REUTERS)
Hands are seen on a keyboard in front of a displayed cyber code in this picture illustration taken October 4, 2018
(photo credit: DADO RUVIC/REUTERS)
The West and Israel must take necessary precautions to prevent terrorists from launching a “dirty” cyber bomb, Lt.-Gen. (ret.) Vincent Stewart, who stepped down a few months ago from his post as deputy head of the US Cyber Command, told The Jerusalem Post in an exclusive interview.
Stewart, who also ran the US Defense Intelligence Agency, spoke to the Post on the sidelines of this week’s ICT-IDC Herzliya counter-terror conference in his first interview with any media outlet since leaving the Pentagon.
He said that while the West took cyber attacks from nation-states seriously, it is vastly underestimating the danger of a massive ISIS or al-Qaeda cyber attack which could cripple a country’s entire infrastructure.
Unlike nation states, he noted, terrorist groups are not deterred by the threat of a counter-strike. Stewart recounted that until 9/11, no one conceived that hijacked airplanes could be used by terrorists to destroy buildings.
Even as Western governments now take cyber attacks seriously from countries like Russia, China, Iran and North Korea, Stewart said that they are ill-prepared for a sophisticated attack from a terrorist group, which could “have the same effects as a ‘dirty’ [nuclear] bomb.”
If large swaths of the US, Israel or another country “lose power for an extended period of time, it is not just about the inconvenience of losing power… Think about the impact on hospitals and refrigerated medicines.” When a variety of medicines go bad, “how long will it be until there are serious health issues” in a widespread manner?
While drawing attention to cyber terrorism, Stewart acknowledged that a nation state like Russia was still the most dangerous cyber adversary with “Russia viewing itself as a global power” and Russian President Vladimir “Putin believing he is almost the czar.”
Stewart did not beat around the bush about his criticism of what he viewed as an overly conservative approach by the Obama administration in pushing back on cyber attacks for fear of escalation.
“Russia will not back off unless we stand up and show that we are willing to fight back. But if you push too hard, you risk ultimate escalation. So which is it? Push back and risk ultimate escalation or deescalate?” he asked.
“It is foolish to watch any adversary and just let them clean up [against you] and do nothing in response. That kind of behavior encourages” a country like Russia to continue to go after you.
Under the US Cyber Command’s more recent strategy of “‘persistent engagement – we are no longer going to clean up on aisle five… We are going to give you things to think about. We have to respond. It doesn’t need to be high end. Just enough to say that we are on the playing field.”
The message to Russia and other would be cyber attackers is “you cannot operate anymore with impunity. There is a cost. That is where the administration is today, and it still hasn’t resulted in nuclear war by the weekend.”
Stewart said that the problem in the past has been “five words used together which drove me mad and stopped every conversation about using cyber tools – ‘cyber effects of significant consequences.’ This stopped us from doing anything. We couldn’t define ‘significant consequences’.”
This meant that every debate about whether to use a US cyber offensive weapon to strike back at adversaries’ cyber attacks on the US has led to, “Holy crap, we will escalate into a cyber war or a nuclear war,” an attitude which he said was a mistake leading to paralysis.
He credited James Mattis, who was US Secretary of Defense for most of the Trump administration, for “talking about cyber operations in support of the department of defense. This changed the thinking. It meant that I am responsible for the defense of our nation from all threats in all domains.”
Stewart explained that Mattis’ shift allowed Stewart and other top officials at US Cyber Command a freer hand to use cyber offense to deter US adversaries from future cyber attacks.
The former cyber general asked, “How could you testify to Congress after a massive cyber event” against the US and tell Congress, “Yes, we could see the [cyber attacking] nation-state and we understood their [cyber] tools and knew about the effect,” but did nothing and just watched because of fears of escalation.
Moving to the recent US Cyber Command hack of Iran’s Islamic Revolutionary Guard Corps’ intelligence unit for tracking ships in the Persian Gulf, Stewart said, “I don’t know what the US did or did not do, but there is always a conflict between losing some intelligence to deliver effects.”
In media reports on the US hack, carried out to block Iran’s efforts from capturing oil tankers, some anonymous US intelligence officers objected to the use of cyber tools. They said that after the hack, the IRGC plugged the vulnerability, cutting-off a major resource for US spying.
“This is always a challenge. How much intelligence do you want to gather versus operational effects you can have on the target… There is a concept I called many years ago: ‘operate to know’ – you conduct operations to get additional intelligence insights.”
The former US deputy cyber chief added, “Sometimes the intelligence community keeps saying, ‘Let’s just keep looking,’” but at a certain point you need to “just drop the bomb… then there is no real threat.”
Discussing cyber challenges from China and recent reports that the US is counter-hacking Huawei after accusations of Huawei conducting espionage on the US, he said, “I don’t know who is hacking Huawei, but we treat all of our near-peer competitors largely the same.”
Stewart was alluding to the new readiness by the US to use offensive cyber weapons against China to deter its alleged cyber activities against the US, just as the US has been doing with Russia. He also expressed concerns generally about the US taking its eye off China.
Beijing has “taken advantage of the US’s 18-year focus on terror[ism] to expand its influence globally,” noting that – especially in Africa – it was letting the Chinese impose a model for exploiting native countries’ resources.
Next, Stewart discussed the supposedly always impending quantum computing revolution. “Whoever wins the high ground dominates forever,” he said with a glint in his eye, half serious and half-sarcastic.
Essentially, he explained that quantum computing would allow code-breaking and hacking at a previously unheard-of-level, but whether it comes next week or not for several years remains unclear.
Stewart concluded with a warning that, “We are all on the front lines… We are all so connected and part of the global interconnected network. Refrigerators are now connected. The last intrusion I saw came through an aquarium because the salt water aquarium’s lights are timed and networked. We are all vulnerable.”