​DoJ, security experts warn of increasing overseas cyberattacks

Reuters / David McNew
The United States must ramp up its ability to defer and defeat cyberattacks, security experts and federal prosecutors agree, as foreign hackers target American networks with increasing scope and sophistication.

With security breaches being suffered by US-based corporations on a regular basis, panelists at a summit in Washington, DC this week sounded an alarm for firms to adopt aggressive yet defensive cyber policies – lest they want to risk becoming this year's Target, Home Depot or, most unfortunately, Sony Pictures Entertainment.

At the International Conference on Cyber Engagement at Georgetown University, two of the federal government's top attorneys urged private businesses to forge relationships with law enforcement in order to minimize in advance their response to a hypothetical – but increasingly possible – cyberattack.

READ MORE: Pentagon drafting thousands of ‘cyber forces’ in prep for cyber emergency

John Carlin, the assistant attorney general for the US Department of Justice's national security division, echoed a strategy for dealing with cyberattacks laid out in a report released by the Pentagon last week, which advocated for, among other objectives, making such assaults too costly to wage.

“A private company that has internet-connected computers cannot keep a dedicated nation state out of its systems,” Carlin said, so the government must do “everything we can to increase the costs for the bad guy so that they know there is going to be a consequence.”

In the wake of last year's Sony hack, attributed by the US to North Korea, Carlin's co-panelist, Assistant Attorney General Leslie Caldwell of the DoJ's criminal division, said that prosecutors are widening their net with regards to pursuing foreign suspects.

Caldwell said that cybercrime is currently the top priority for the Justice Dept., but stressed that it’s an issue that far exceeds other illegal activity when it comes down to how the players are dispersed. In nearly every cyber case she's worked, Caldwell said, an international component has complicated matters for US investigators. Federal prosecutors are nevertheless touting last year’s indictments against alleged hackers with China's People's Liberation Army, among other catches, as being a symbol of the DoJ's growing willingness to prosecute abroad.

Threats against US networks are increasingly becoming issues of national security, the feds agreed, with the hack suffered by Sony being the best example as of late. They also admitted that not enough American companies are taking preventative measures to avoid becoming the next victims, however, and urged companies to embrace security before it risks becoming an afterthought.

“You need to have a point-of-contact in law enforcement before you're hacked,” Caldwell said, “... to know what you're supposed to do.”

“You should definitely have a relationship” with authorities, she added. “The FBI and Secret Service have agents all around the country who have a lot of expertise in this area.”

Caldwell and Carlin also both advocated for corporations to share cyberthreat information with the federal government – an item up for discussion in the US Congress as recently as last week. At a panel later in the afternoon, security experts agreed that firms must work with the feds as attacks become harder to counter.

Tom Kellerman, the chief cybersecurity officer for the firm Trend Micro, added that 44 percent of respondents in a recent poll taken among critical infrastructure industries said that they had fallen victim to a Sony-like attack, and the reason is because dangerous malware has become easier to get than ever.

Like the DoJ panelists before him, Shawn Henry, the president of CrowdStrike Services and a former FBI cyber agent, said that corporations and governments must work together in order to best fend off attacks that might otherwise be out of scope for either.

READ MORE: CISA's sibling: House passes new cyber threat-sharing bill

In the physical realm, Henry said, governments abide by an ethos of “Anything at any cost to protect the citizens.” Digitally speaking, though, “it's not happening,” he said. Malicious code on par with what the alleged North Korean actors used against Sony may be on every corporate network, Henry said, but it's not being stopped by the government. Rather, it's being purchased by crooks on the deep web and used again and again on unsuspecting, unprepared companies while governments watch idly.

“They don't have the capability, authority or capacity to do it in today’s environment for a lot of reasons,” Henry said of the governments’ response.

According to Kellerman, “the only way the internet is going to be sustainable in the next 20 years” is if Silicon Valley embraces cybersecurity, and not just by “investing in cyber security start-ups.”

Last week, the Dept. of Defense released its first official cyberstrategy report in five years, the contents of which advocated for waging offensive operations against foreign adversaries to disrupt and deter their ability to target American networks. Meanwhile, lawmakers in the House voted 307-116 last week favor of the Protecting Cyber Networks Act, advancing a bill that expanded legal liability protections for corporations if they choose to voluntarily share certain kinds of digital data with the government.