The U.S. military needs to improve its ability to deter attacks on its computer networks, and is working to make them more costly for U.S. adversaries, top U.S. military and intelligence officials told a Senate hearing on Tuesday.
"We are not where we need to be in our deterrent posture," U.S. Deputy Defense Secretary Robert Work told the Senate Armed Services Committee.
James Clapper, director of national intelligence, told the committee that cyber threats to the U.S. national and economic security were increasing in frequency, scale, sophistication and severity of impact, both by countries such as Russia, China, Iran and North Korea, as well as non-state actors.
"Such malicious cyber activity will continue and probably accelerate until we establish and demonstrate the capability to deter malicious state-sponsored cyber activity," he said. Establishing a credible deterrent requires agreement on norms of cyber behavior by the international community, he said.
He said the current environment was like "the Wild West," and one key question was whether to put limits on spying activity that did not exist during the Cold War.
Clapper and the other officials said they viewed last week's cyber agreement between China and the United States as a "good first step," but said it was unclear how effective the pact would be.
Asked if he was optimistic the agreement would eliminate Chinese cyber attacks, Clapper said simply, "No."
Work said three incidents - a massive breach of the U.S. Office of Personnel Management (OPM) that involved the records of 21 million individuals, an attack on the unclassified network of the Joint Chiefs of Staff, and an earlier attack on Sony Pictures - were carried out by three different countries.
The United States has publicly linked the Sony attack to North Korea, and U.S. officials, speaking on background, have linked the OPM attack to China, and the JCS attack to Russia.
In the OPM case, Clapper said three types of evidence were needed link an attack to a given country: the geographic point of origin, the identity of the "actual perpetrator doing the keystrokes," and who was responsible for directing the act.
Work said the administration's response would be "vigorous" if another incident of that scale occurred that was firmly linked to China. He said the response could involve a variety of tools, including economic sanctions and criminal indictments.