A Blur Differentiating Between State Actors, Criminals In Cyber
by C. Todd Lopez, DOD News
May 19, 2021
Who's hacking U.S. networks? It's not an easy question to answer, defense leaders told lawmakers, as determining if a malicious cyber attacker is a foreign government, a cyber criminal or a cyber criminal supported by a foreign government is never clear.
Marines with U.S. Marine Corps Forces Cyberspace Command confer about situations in the cyber operations center in Lasswell Hall at Fort Meade, Maryland on February 5, 2020. (U.S. Marine Corps photo by Staff Sgt. Jacob Osborne)
"The line between nation-state and criminal actors is increasingly blurry as nation-states turn to criminal proxies as a tool of state power, then turn a blind eye to the cyber crime perpetrated by the same malicious actors," said Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, during a hearing today before the House Armed Services Committee.
Russian security services, Eoyang said, are known to leverage the activities of cyber criminals and to then shield them from prosecution for crimes committed for personal benefit.
"We have also seen some states allow their government hackers to moonlight as cyber criminals," she said. "This is not how responsible states behave in cyberspace, nor can responsible states condone shielding of this criminal behavior."
For the U.S., Eoyang said, knowing who is responsible for malicious cyber behavior is important because it determines who can respond to it. When non-state actors are engaging in financially motivated crimes, for instance, it is the Federal Bureau of Investigation and the Department of Justice who are responsible for pursuing those criminals, she said.
"The challenge I think that we have is that when those attacks first come across the network and impact us, when we see that malicious activity, it's always a challenge of attribution to be able to pull it apart and figure out who are the state actors and who are the non-state actors, [and] which elements of government would then be tasked with the lead to disrupt that activity varies based on location and whether or not they are criminal or not," she said.
While the FBI and DOJ handle criminal activities inside the U.S., it is the role of Cyber Command to focus on cyber threats against the homeland from adversary nation-states. It's an effort the Cybercom commander and National Security Agency director, Army Gen. Paul M. Nakasone, said he's proud of.
One area where the role of Cybercom has been important is in the 2020 election. Nakasone said the security of the 2020 election was ensured through the Election Security Group, which is a combined effort of Cybercom and NSA.
Marines with U.S. Marine Corps Forces Cyberspace Command at work on their computers in the cyber operations center in Lasswell Hall at Fort Meade, Maryland on February 5, 2020. (U.S. Marine Corps photo by Staff Sgt. Jacob Osborne)
"We built on lessons from earlier operations and honed partnerships with the Federal Bureau of Investigation, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, sharing information with those who needed it as fast as possible," Nakasone said.
"To protect the 2020 elections," Nakasone said, "Cybercom conducted more than two dozen operations to get ahead of foreign threats before they were able to interfere with or influence elections.
"I'm proud of the work the command and the election security group performed as part of a broader government effort to deliver a safe, secure, 2020 election," Nakasone said.
Our Valiant Troops | Veterans | Citizens Like Us | U.S. Department of Defense