Government Giving 'No More Free Passes' To Cybercriminals
At RSA Conference Wednesday, Assistant Attorney General for National Security John Carlin explained the government's new "all tools approach" to cracking down on cyberespionage and other crime.
SAN FRANCISCO, WEDNESDAY, APR. 22 -- Attribution, extradition, diplomacy and other factors have largely helped cyberiminals evade the law. Yet, as John P. Carlin, assistant attorney general for national security at the U.S. Department of Justice explained at the RSA Conference today, the US has become more aggressive, aiming to increase the costs of cybercrime and make it clear "that it is not okay to steal from American companies."
"There are no free passes," said Carlin. "That is where the PLA case came from."
In May 2014, DOJ indicted five members of the Chinese People's Liberation Army (PLA) for hacking and espionage offenses against American companies in the nuclear power, metals and solar products industries. Although Carlin said it's likely those five people may never be apprehended and see their day in court, it is important that they be publicly named and formally charged. "We don't want to send the wrong message that we're decriminalizing theft," he said.
In December 2014, the FBI officially named North Korea as the culprit behind the attacks on Sony Pictures Entertainment, and President Obama stated "We will respond. We will respond proportionately and we'll respond in a place and time and manner that we choose."
"That's an important message," said Carlin, "not just to the North Koreans, but to all the [malicious] actors out there."
Carlin explained that attribution is not always easy, but that to the degree it is possible, the government aims to act upon it. "One, we have to be able to figure out who did it, and that's where we need the private sector's help. Two, we can't be afraid of saying it, otherwise it's cost-free. Three, then there have to be costs."
Those costs, said Carlin, may include indictments or a variety of diplomatic of economic sanctions; and those measures must increase until the activity stops.
"These are hard cases to prove up," he said. "But they're not impossible."
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024