Who's hacking the U.S.? It's not an easy question to answer, defense leaders told lawmakers, as determining if a malicious cyber attacker is a foreign government, a cyber criminal or a cyber criminal supported by a foreign government is never clear.
"The line between nation-state and criminal actors is increasingly blurry as nation-states turn to criminal proxies as a tool of state power, then turn a blind eye to the cyber crime perpetrated by the same malicious actors," said Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, during a hearing today before the House Armed Services Committee.
Russian security services, Eoyang said, are known to leverage the activities of cyber criminals and to then shield them from prosecution for crimes committed for personal benefit.
"We have also seen some states allow their government hackers to moonlight as cyber criminals," she said. "This is not how responsible states behave in cyberspace, nor can responsible states condone shielding of this criminal behavior."
For the U.S., Eoyang said, knowing who is responsible for malicious cyber behavior is important because it determines who can respond to it. When non-state actors are engaging in financially motivated crimes, for instance, it is the Federal Bureau of Investigation and the Department of Justice who are responsible for pursuing those criminals, she said.
"The challenge I think that we have is that when those attacks first come across the network and impact us, when we see that malicious activity, it's always a challenge of attribution to be able to pull it apart and figure out who are the state actors and who are the non-state actors, [and] which elements of government would then be tasked with the lead to disrupt that activity va ..
Support the originator by clicking the read the rest link below.
