More than 100 countries around the world are now capable of launching state-sponsored cyberattacks, and Russia tops the list of foreign governments keeping U.S. intelligence officials up at night, according to Richard Ledgett, who only a few weeks ago stepped down as deputy director of the National Security Agency.
"Russia is the most capable, they’re also the most aggressive," Ledgett said today at a cyber-security summit in Washington.
In fact, Russia's successful campaign to interfere with the U.S. presidential election last year will likely "embolden" the "well over 100" nations with cyber-capabilities "to become more aggressive," Ledgett said, warning that foreign government are increasingly launching cyber-operations.
"It is on the rise both in terms of the number of people practicing it, and there are more and more countries that are doing it," Ledgett told those gathered at Georgetown Law School’s annual Cybersecurity Law Institute.
President Donald Trump and others in the administration have openly questioned whether Russia was truly behind last year's hack of the Democratic National Committee and subsequent attempts to influence the outcome of the presidential election. But Ledgett wholly rejected such skepticism, insisting there is "no question it was the Russians."
"NSA had a huge role in making that determination," he said, "and there is no question that that’s what it was. I can’t lay out for you all of the reasons for that, because there's a lot of really sensitive sources that led to that, but it was definitely the Russians."
In January, the U.S. intelligence community issued a report calling Russia's alleged meddling in last year's presidential campaign "a significant escalation" of efforts "to undermine the U.S.-led liberal democratic order."
"We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election," the report said. "We also assess Putin and the Russian Government aspired to help [Donald] Trump’s election chances when possible by discrediting Secretary [Hillary] Clinton and publicly contrasting her unfavorably to him."
Ledgett said today that reaching such a conclusion is based on "a variety of different good sources of information."
"It's more than just looking at the code. It's more than just looking at the targets. It's more than looking at the tactics and the techniques and procedures," and U.S. agencies "have a really good ability to do attribution" thanks to the "intelligence capabilities" of both the U.S. government and allies around the world.
"In fact, it's much better than people tend to think it is," Ledgett added.
The Kremlin, however, is not the only government whose cyber-efforts worry U.S. officials.
China, North Korea and Iran – "about in that order" – are also "the ones that we’re most concerned with," Ledgett said.
China is "half a notch below" Russia with “immense capacity;" "North Korea is relatively small, but they’re capable and becoming more capable;" and, "Iran is a regional player."
Iran is focused on being "important in the Middle East,” but – unlike the other countries – when Iranian officials use their cyber-capabilities they do so "in a very proportional way," such as launching a relatively simple denial-of-service attack on the U.S. financial sector to retaliate for U.S. sanctions against Iran over its nuclear weapons program.
"You might view them as more of a rational actor in this space than the North Koreans," Ledgett said.
His remarks prompted this quip from NSA’s former general counsel, Rajesh De, who was moderating the discussion: "Wait a minute – Iran is a rational actor?"
Ledgett and the crowd laughed.
Ledgett retired from the U.S. government last year, after nearly four decades of public service, beginning in the late 1970s when he enlisted in the U.S. Army.
According to the NSA's website, he received numerous honors over the course of his career, including the Presidential Rank Award for Distinguished and Meritorious Service, the National Intelligence Superior Service Medal, and the Exceptional Civilian Service and Meritorious Civilian Service awards.