The United States Is At An Inflection Point In Terms Of Cyber Threats
By a Biometrica staffer
The United States has repeatedly faced various kinds of cyberattacks in recent times, with targets ranging from infrastructure to education, and mostly due to criminals wielding ransomware. At the Justice Department Criminal Division’s fifth Cybersecurity Roundtable, Assistant Attorney General Kenneth A. Polite Jr. and Deputy Attorney General Lisa O. Monaco emphasized that the need for collective action to combat cyberthreats has never been greater. In her remarks, Monaco said the bottom line was that the country was at “another inflection point in terms of the types of cyber threats” it faces.
On the one hand, nation state actors remain a cybersecurity threat. The big four, in particular — Russia, China, North Korea, and Iran — pose a significant threat to “our national security, our economic security and our personal security,” Monaco said. But the nature of cyber threats is now no longer limited to just “state-sponsored actors.” The threat today blends criminal groups too who are forming alliances of convenience, of opportunity, and sometimes alliances by design with nation-state actors.
The tactics used today are also much more brazen, especially when it comes to ransomware and digital extortion, Monaco said. The overall environment is more aggressive, sophisticated, and belligerent. Cyber criminals, like we mentioned before, appear to be targeting everything. “Just to illustrate this issue in the ransomware context, we know that the FBI is investigating more than 100 ransomware variants, and those variants are impacting thousands of victims. Suffice it to say, there is much to be done in this space, and to combat this crowded and aggressive threat landscape,” Monaco said.
Keeping these factors in mind, the Deputy Attorney General said the Department is already doing various things to combat cyber threats including:
- Lessons learnt from the counterterrorism fight have been applied to the cyber threat fight, making the approach more intelligence-led, more threat-driven, breaking down the walls between intelligence about cyberattacks and cyber threat actors and the efforts to disrupt them.
- The first nationwide network of national security cyber prosecutors around the country has been created.
- Launching a Comprehensive Cyber Review to make sure the DOJ is adjusting to the speed of the threat in terms of what it is doing, and what tools it is bringing to the table.
- Earlier this year, the DOJ launched the Ransomware and Digital Extortion Task Force to address this particular manifestation of the cyber threat. Through this Task Force, the DOJ is making sure that the components of the department — including the Criminal Division, the U.S. Attorney’s Offices, the FBI, and the National Security Division — are all working together to address this threat.
- The DOJ also sent a directive to all 93 U.S. Attorney’s Offices to say: “Where you see a ransomware event in your district, in your location, whether it involves a ransomware attack on a company, whether it involves a part of the ecosystem that allows it to flourish — we want to know about it so we have a national picture. It is the kind of reporting that we have required from the field for years after 9/11 when it comes to terrorist activity.”
- Last week, Monaco also announced the creation of a new National Cryptocurrency Enforcement Team housed within the Criminal Division. The Department has made great strides in combating the misuse of cryptocurrency platforms, she said, adding that it has shown it won’t hesitate to go after those platforms that help criminals launder or hide their criminal proceeds.
- Also last week, the Department launched a Civil Cyber-Fraud Initiative, and this is first time it will be using civil enforcement tools to drive cybersecurity accountability.
But one of the biggest takeaways from Monaco’s remarks was that the DOJ and other law enforcement agencies are seeking public help to fight off cyber threats. “In this threat environment, with the stakes that are involved, we cannot do this alone, so we need your engagement. And we want to hear from you […]. The nature of the threat, the stakes that are involved, in my mind make it critical that we have that engagement – and nowhere is this more true than in the context of ransomware attacks,” she said.
When it comes to tackling the issue of ransomware and the ecosystem that lets it flourish, there was a single message from her remarks. She said: “We need reporting from victims to address this threat, to prevent additional victims. We know those victims — oftentimes your clients — face reputational risks, they face operational risks, ultimately though, we are seeing lives and livelihoods risked. Given the stakes, we need that engagement from victim companies and we need it early. Those who come forward will see that we are determined to bring our authorities to bear, to be nimble in our response, to employ tools that go after the ecosystem that lets these bad actors flourish.”
Most entities that do business with the government abide by their contract terms and obligations, but cyber intrusions may still occur even when a contractor has a robust monitoring, detection, and reporting system, per the Deputy Attorney General. But in instances where those who are entrusted with government dollars and sensitive government systems fail to follow required cybersecurity standards, or misrepresent their cybersecurity practices or capabilities, the Department is going to go after that behavior.
Some of the greatest progress and accomplishments to date in the area of cybersecurity comes from a “whole-of-society approach,” Monaco said. “That means we don’t just want to hear from you — we need to. We need to hear about the challenges you face and the ways you think the department can evolve to help meet the threat. We need to hear what you think is working well, and more importantly, what you’d like for us to consider doing differently,” she added.