US cyber approach ‘too predictable’ for one top general

The nation’s second-ranking military official said that the U.S. approach to protecting its computer systems was “too predictable” and failed to penalize attackers.

“We’re on a path that is too predictable, way too predictable,” Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said. “It’s purely defensive. There is no penalty for attacking us now. We have to figure out a way to change that.” Gen Cartwright suggested that stronger deterrents would be needed. “We are supposed to be offshore convincing people if they attack, it won't be free,” he said, adding that adversaries should know that the United States has “the capability and capacity to do something about it.” Gen Cartwright, who appeared at a news conference after the strategy rollout, described the cyber plan as a first step. “This starts us down the path of building out both our defenses and our awareness skills,” he said. Eventually, he added, more aggressive cyber tactics, as well as legal and diplomatic measures, would be needed to “raise the price” of attacking. Gen Cartwright said the disabling of computerized patient records at a hospital such that the patients cannot be treated would be a violation of the law of armed conflict. “Then you have proportional responses” that can be undertaken, he said, without specifying which or by whom. But when it comes to an act of war, he said, “it’s in the eye of the beholder.”