When Gen. Paul Nakasone, the head of U.S. Cyber Command and the NSA, broadcast his "defend forward" strategy to protect America from hackers, did he help goad Russia into aggressive action?



Joe Biden had his first official call as president this week with his Russian counterpart, Vladimir Putin. They touched on things you'd expect - arms treaties, Ukrainian sovereignty, dissidents and also the massive cyberattack on American companies and the government that was discovered last month. Dina Temple-Raston of NPR's investigations team looks at what's behind that bold new strike.

DINA TEMPLE-RASTON, BYLINE: A little over a year ago, the head of the National Security Agency and Cyber Command, General Paul Nakasone, decided to do something unusual. He decided to give the American people an idea of what the U.S. military was doing in cyberspace. He went public with a new strategy he called defend forward.


PAUL NAKASONE: So defend forward is a DOD strategy that looks outside of the United States.

TEMPLE-RASTON: That's General Nakasone in an NPR interview about a year before the last election.


NAKASONE: We're going to expand our insights of our adversaries. We're going to know our adversaries better than they knew themselves. Secondly, we're going to harden our defenses. And the third thing, we'll be poised to act.

TEMPLE-RASTON: Nakasone was sending a message of deterrence to Moscow. If you meddle in the presidential elections the way you have in the past, he was saying, the U.S. is poised to respond.


NAKASONE: It's a little bit different in cyberspace because you have foes that can come and go very, very quickly. They can buy infrastructure. They can develop their capabilities. They can conduct attacks. And what you have to do, from what I've learned, is you have to be persistent on them in making sure that whenever they do that type of thing, you're going to be there, and you're going to impact them.

TEMPLE-RASTON: It turns out, as Nakasone was talking about being persistent on them, the U.S. believes Russian intelligence service hackers had likely already begun work on a new project - cracking into a network security company called SolarWinds.


UNIDENTIFIED REPORTER #1: Good evening. America under virtual invasion...

UNIDENTIFIED REPORTER #2: Security experts are scrambling to assess the damage after hackers breached sensitive government and corporate computer...

UNIDENTIFIED REPORTER #3: Sources say the attack took advantage of the widespread use of software from a company called SolarWinds.

TEMPLE-RASTON: The SolarWinds hack makes clear that something experts have been warning about for years has finally arrived - the supply chain attack. If one contractor, say, a company that does network security, falls prey to a hack, then a company is only as safe as that outside contractor. Richard Bejtlich is a former military intelligence officer who's now the principal security strategist at Corelight, a cybersecurity firm.

RICHARD BEJTLICH: And if you were one of those organizations that had enough money to say, we want to have inventory management, we want to have network management, let's go with SolarWinds - well, suddenly that's opened you up to a whole new set of problems.

TEMPLE-RASTON: The investigation into what actually happened has only just begun. But at this stage, what seems clear is that hackers got into the networks through a company software update. And it appears that targeting a company like SolarWinds is a very efficient way to crack into U.S. systems because intruders can slip into thousands of company and government networks all at once. And one of the questions that's come up in the wake of the attack is this - did Nakasone's discussion of defense forward inspire Russian hackers to do something spectacular just to prove they could?

Kiersten Todt is the managing director of the Cyber Readiness Institute, and she says the Russians hardly needed an excuse.

KIERSTEN TODT: I think the Russians are emboldened to work against us and come after us for lots of reasons, not the least of which could be us saying, hey, we're going to, you know, have a secure and safe 2020 election. That would inspire them to say, oh, no, you're not. And while you're focusing on the election, we're actually going to come into your networks.

TEMPLE-RASTON: What the hackers could do next is unclear. Was this just an intelligence operation aimed at grabbing sensitive information, or are the hackers lying in wait, having created backdoors that will allow them to come and go as they please? Officials are trying to determine that now.

Dina Temple-Raston, NPR News.

(SOUNDBITE OF AK AND SUBLAB'S "TRANQUIL") Transcript provided by NPR, Copyright NPR.