“It’s not good and it’s not a good norm,” Schneider said. She said the U.S. government has been slow to respond to cyberattacks in large part because it is careful to ensure it avoids inadvertently attacking civilians, violating international law or triggering dangerous counterattacks.
Still, Schneider acknowledged that Cáceres and Angus have a point: the U.S. could use its cyber power more, and explained why that doesn’t amount to bureaucracy. “There are good reasons and there are bad reasons,” Schneider said. “Like, we have complex organizational politics, we don’t know how to do things differently, we’re not good at using this type of talent, and we’ve been doing it for 50 years and it works great for dropping bombs.”
Schneider noted that by all accounts, U.S. offensive hacking has become less aggressive and less agile over the past five years. For example, beginning in 2018, General Paul Nakasone, then Commander of Cyber Command, advocated a “forward defense” strategy aimed at shifting cyber conflicts to enemy networks rather than waiting for cyber conflicts to occur on U.S. soil. During those years, Cyber Command launched destructive hacking operations aimed at crippling Russian disinformation-spreading Internet research troll farms and destroying the infrastructure of the Trickbot ransomware group, which some at the time feared could be exploited Used to interfere with the 2020 election. Since then, however, Cyber Command and other U.S. military hackers appear to have gone relatively quiet, often leaving responses against foreign hackers to law enforcement agencies like the FBI, which face more legal restrictions.
Jason Healey said Cáceres was not entirely wrong to criticize this more conservative stance. He served as senior cybersecurity strategist at the U.S. Cybersecurity and Infrastructure Security Agency until February. He responded to Cáceres’s Cyberhawk thesis by citing the disruption trilemma, an idea proposed by researcher Lennart Maschmeyer in a 2021 paper: Hacking operations must choose between intensity, speed, and control. . Even in the earlier, more aggressive years, U.S. Cyber Command tended to increase control and prioritize it over other variables, Healey said. But he noted that there may actually be targets — such as ransomware gangs or hackers working for Russia’s unrestricted GRU military intelligence agency — that might need to reset those dials. “With these targets,” Healy said, “you can really let the hounds loose.”
P4x is dead, long live P4x
As for Caceres himself, he said he has no objection to a conservative approach by U.S. hacking agencies to limit their damage or protect civilians — as long as they take action. “First it’s conservative,” he said, “and then it’s fucking.”
Regarding the argument that more aggressive cyberattacks will lead to escalation and counterattacks by foreign hackers, Cáceres pointed to attacks that these foreign hackers are already conducting. For example, ransomware group AlphV launched a catastrophic attack on Change Healthcare in February that disabled the medical claims platform of hundreds of healthcare providers and hospitals and was as devastating to civilians as any cyberattack. “Escalation has occurred,” Caceres said. “We did nothing and their behavior continued to escalate.”
Caceres said he hasn’t completely given up on convincing someone in the U.S. government to adopt his more cautious approach. In a sense, giving up his P4x account and revealing his real name was his last-ditch effort to attract the attention of the U.S. government and restart dialogue.
But he also said he wouldn’t wait for Pentagon approval before going ahead with his approach. “If I had continued to do it alone, or just with a few people I trusted, I could have progressed much faster,” he said. “I can screw up for people who deserve it, and I don’t have to report it to anyone.”
In other words, the P4x controller may be dead. But P4x’s cyber warfare doctrine remains.