Government Giving 'No More Free Passes' To CybercriminalsGovernment Giving 'No More Free Passes' To Cybercriminals
At RSA Conference Wednesday, Assistant Attorney General for National Security John Carlin explained the government's new "all tools approach" to cracking down on cyberespionage and other crime.
April 22, 2015
SAN FRANCISCO, WEDNESDAY, APR. 22 -- Attribution, extradition, diplomacy and other factors have largely helped cyberiminals evade the law. Yet, as John P. Carlin, assistant attorney general for national security at the U.S. Department of Justice explained at the RSA Conference today, the US has become more aggressive, aiming to increase the costs of cybercrime and make it clear "that it is not okay to steal from American companies."
"There are no free passes," said Carlin. "That is where the PLA case came from."
In May 2014, DOJ indicted five members of the Chinese People's Liberation Army (PLA) for hacking and espionage offenses against American companies in the nuclear power, metals and solar products industries. Although Carlin said it's likely those five people may never be apprehended and see their day in court, it is important that they be publicly named and formally charged. "We don't want to send the wrong message that we're decriminalizing theft," he said.
In December 2014, the FBI officially named North Korea as the culprit behind the attacks on Sony Pictures Entertainment, and President Obama stated "We will respond. We will respond proportionately and we'll respond in a place and time and manner that we choose."
"That's an important message," said Carlin, "not just to the North Koreans, but to all the [malicious] actors out there."
Carlin explained that attribution is not always easy, but that to the degree it is possible, the government aims to act upon it. "One, we have to be able to figure out who did it, and that's where we need the private sector's help. Two, we can't be afraid of saying it, otherwise it's cost-free. Three, then there have to be costs."
Those costs, said Carlin, may include indictments or a variety of diplomatic of economic sanctions; and those measures must increase until the activity stops.
"These are hard cases to prove up," he said. "But they're not impossible."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks