As cyber attacks against U.S. escalate, is it time to go on offense?

In response to the disruptive cyber attack by Russian hacking group DarkSide on the Colonial Pipeline, President Biden on May 12 signed an executive order to improve the nation's cybersecurity tactics.

The order doesn't go nearly far enough for national security analyst Ryan Mauro.

"Make no mistake about it, a defensive strategy towards the cyber threat is not going to work," Mauro, director of the Clarion Intelligence Network, said Monday in an interview with "Just the News AM." "There's going to have to be an offensive strategy."

The past decade has presented a new set of national security challenges requiring the protection of American life and infrastructure not just from physical threats, but from online threats as well. The Colonial Pipeline hack, following a slew of similar attacks at targeted networks across the U.S., has renewed questions about whether private industry and the government are ready to defend the nation in the emerging arena of intelligence warfare.

The president's executive order acknowledges that "incremental improvements will not give us the security we need." He asks the private sector to "adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace."

Calling some of what Biden proposes "common sense steps that should've been done already," Mauro believes it's high time the U.S. became aggressive and competitive in cyber space.

"There's really no difference, when you commit an attack, whether using a bomb or cyber strike," he said. "And we need to treat them the exact same way."

Noting that U.S. leaders have generally opted to avoid large shows of strength when faced with cyber attacks, for fear of fast escalation, Mauro countered, "My argument would be that things are clearly escalating anyway." 

When faced with previous attacks, U.S. decision-makers have responded with relatively mild retaliation, like temporary internet and power outage strikes against the offending countries. Following North Korea's 2014 hack of Sony Entertainment, for example, it was considered an "unprecedented" move by the Obama administration to publicly name the entity responsible for the breach. 

Times have changed since then, although the more recent SolarWinds hack by the Russians — which seriously compromised about 100 companies and a dozen government agencies — has still not formally been addressed by the government. 

Mauro says going on the offensive means means more than making enemy lights flicker when U.S. infrastructure is severely compromised.

"These are the types of retaliations that our adversaries are expecting when they make the decision to allow or orchestrate an attack like this," he said. "That's the type of response that's already factored into their calculation ... It's time for the U.S. to do things like having its own Wikileaks, so that when Putin does something, guess what appears on the internet? A bunch of his own secrets, showing how corrupt he is — that will deter them." 

The Colonial Pipeline hack cost one American company at least tens of millions of dollars and wreaked havoc all along the East Coast as gas stations ran dry and Americans panic-purchased fuel to refill their tanks. 

Regardless of whether or not the Russian government directly orchestrated the latest pipeline attack, "Putin doesn't allow anything of a significant nature to go on involving Russians without his being aware," said Mauro, "and for that, the U.S. should respond accordingly. The world should know that if you do something like this to us, we're going to respond in kind."