Coming Soon: A Supreme Court Ruling on TikTok, China and National Security
EXPERT INTERVIEWS — Does Chinese ownership of the wildly popular TikTok app pose a national security risk to the United States? And if so, what should […] More
On May 10, 2016, Peter Romar, a hacker associated with the Syrian Electronic Army, appeared in a U.S. courtroom after his extradition from Germany to face charges of conspiracy and a host of computer crimes. Romar was one of a trio of Syrian nationals on the FBI’s “Cyber’s Most Wanted” list. This was another in a series of indictments by the Department of Justice (DoJ) against foreign hackers involved in transnational cyber activity, including Chinese and Iranian individuals – some clearly state affiliated and some who were state supported actors using private companies as fronts.
What is really the purpose of this legal strategy? Will it yield results in confronting and deterring transnational cyber criminal activity or economic espionage? What happens when there is no real possibility of extraditing the defendants?
On July 30, 2014, Assistant Attorney General John Carlin, speaking at Carnegie Mellon University, discussed the need for more aggressive legal action aimed at all types of overseas hackers, including those that are engaging in intelligence activities. When the DoJ indicted five members of the People’s Liberation Army for cyber espionage, there was little chance that the Chinese government would turn over members of their cyber intelligence units (not unlike any other sovereign state). Carlin also made it clear that DoJ was applying the counterterrorism model in pursuing cybersecurity threats by building expertise among federal prosecutors and establishing the National Security Cyber Specialists’ Network.
One of the most notable indictments that occurred since Carlin’s speech were the charges against seven Iranians working for companies linked to the Iran’s Islamic Revolutionary Guard Command (IRGC), Tehran’s leading instrument for transnational terrorism and subversion. According to the indictment, these Iranian hackers launched denial of service attacks against “46 of the largest U.S. financial institutions” in New York and accessed the industrial control systems for a dam in Rye, New York.
Since many of those indicted probably will never see the inside of a U.S. courtroom, what is the purpose of this “naming and shaming?” Certainly, these indictments are tools to provide the foundation for sanctions as authorized by an April 2015 Presidential Executive Order targeting state sponsored malicious cyber activity. No such sanctions have been forthcoming against Iran.
However, the Chinese did arrest a number of hackers on a list supplied by the U.S. government immediately before President Xi Jinping’s Washington visit– an obvious response to U.S. threats of sanctions culminating in a bilateral memorandum regarding cyber espionage. It would be quite premature to celebrate a change in China’s cyber-powered economic espionage machine targeting the U.S. A few months of tamping down their “private” cyber spies do not signify a sea change in China’s strategy. Nevertheless, the indictments did play a role in U.S. pressure on the Chinese.
As the counterterrorism effort was built up in the U.S., there was an effort to deter, deny, and disrupt certain terrorist networks by revealing some of their state sponsors and support nodes. Criminal indictments were one of those tools. Now, as part of the cyber defense effort, legal activity is represented in the U.S. cyber strategy and playbook. It is clear that the DoJ pressed for a role in cyber criminal cases. As a result, it is building a significant cyber knowledge and skills base for its prosecutors and investigators, demonstrating the type of expertise that the government can bring to bear without the explicit involvement of the U.S. Intelligence Community. But the DoJ is also making determinations about which state sponsored organizations and individuals will be pursued for legal action, a significant cyber strategy in and of itself. Beyond the issues of evidentiary sufficiency, attribution, and the protection of intelligence sources and methods, what are the strategic and policy factors figuring into the DoJ’s calculus? How are the potential state defendants identified and prioritized?
Attorney General Loretta Lynch lauds DoJ’s effort in “piercing the anonymity” of hackers and the state organizations supporting them. But there is more to deterrence than simply naming and even trying cyber criminals – and this legal strategy can only be one part of an agile cyber deterrence toolbox of actions and sanctions.
Related Articles
EXPERT INTERVIEWS — Does Chinese ownership of the wildly popular TikTok app pose a national security risk to the United States? And if so, what should […] More
EXPERT INTERVIEW — The race between China and the U.S. for tech supremacy gets fiercer by the day. In the latest salvo, the U.S. this […] More
EXPERT INTERVIEW — The U.S. starts the new year with a daunting set of challenges in the national security space – from global conflicts to terrorism […] More
EXPERT INTERVIEW — The U.S. Treasury Department closed 2024 with the announcement that state-sponsored hackers from China had breached its systems in a “major incident.” The hackers […] More
SPECIAL REPORT — In 2025, technological advances will continue to reshape industries, transform national security strategies, and fuel global competition. Artificial Intelligence (AI) will expand its […] More
EXPERT VIEW — 2024 has brought multiple reminders of the threats – real and potential – posed by the People’s Republic of China (PRC). Over the […] More
Search