Former U.S. Secretary of Defense Ash Carter said cybersecurity risks are a “very serious matter” and called for stronger retaliation from the U.S. government and Department of Defense (DoD) against malicious cyber actors.
During Tanium’s Converge 2021 event on Nov. 17, Carter – who is now a Tanium board member – explained that in the face of increasing cyberattacks, the United States does not need to “confine ourselves to retaliation in the same mode in which we were attacked.” In fact, Carter said he would not retaliate with cyber “in most cases,” but added, “you can bet I’d punish anybody who hurt my people.”
“I don’t think we as a country, in any of the last three administrations, has pushed back and punched back enough,” Carter said. “I think it’s also reasonable for companies to expect their government to protect them against foreign-originated attacks. And so I think we have a responsibility in the government and the Department of Defense to defend our people against what is an attack emanating from a foreign place and to retaliate.”
Carter clarified that he does not include nuclear retaliation on the list of options, but instead punishing countries such as Russia, China, North Korea, Iran, and their governments “for their connivance or acquiescence” in attacks on the U.S.
“It’s a strategic mistake, to think that pushing back at low levels of aggression is escalatory. It’s just the opposite,” Carter said. “If you don’t push back, then your opponents just think they can keep ratcheting it up and at some point, our government is going to be forced to respond and that’s not where I think we should be.”
“I think we should respond before our people are clamoring to have us respond. That’s our job as your defense establishment. So I don’t think we’ve done a very good job at all in that,” he added.
Carter also took the time to note that it’s not just up to the government, but organizations as well, to do their part in protecting themselves against cyberattacks, even small ones.
“Even small companies ought to bring themselves up to a reasonable level of [cyber] hygiene so that you can’t take a cheap shot against [them],” Carter said. “It’s not true that it’s beyond your camp if you’re a small company.”
Carter recommended that small companies take advantage of Tanium’s “digestible” cybersecurity package, which pieces together a cyber solution for them for a “high level of protection” against cyberattacks.