DOD Eyes Cyber Criminals|
May 23, 2022
It's not just hackers operating at the behest of adversarial
nation states who pose a threat to U.S. cyber infrastructure —
it's cyber criminals who are just in it for the money, the
deputy assistant secretary of defense for cyber policy said.
Many in the Defense Department have long viewed the cyber threat
in terms of nation-on-nation said Mieke Eoyang, who spoke Friday
at TruCon2022, the Truman Center for National Policy's annual
"I think that's because we thought that those are the most
technical, the most sophisticated and the ones that would have
the greatest impact," she said. "But I think we've seen over
time with the development of the non-state actor — the criminal
cyber market — is that capabilities that were once reserved for
state actors are available on the dark web for purchase."
The criminal hacker, Eoyang said, is also able to act in a
disruptive manner and greatly impact the American way of life —
such as with last summer's attack on Colonial Pipeline.
Differentiating between the criminal hacker and the nation state
hacker complicates the defense of the nation, Eoyang said.
Further complicating the issue is that some nations, while they
may not have ever directly perpetrated a cyber attack on the
U.S., do make themselves hospitable to criminal hackers who are
interested in benefiting from such attacks.
"How do you then make decisions about how to impose costs if
you're not confident that it is in fact a state actor, a
criminal ... [or] a state actor pretending to be a criminal,"
Eoyang asked. "This is really a very complicated environment."
The Defense Department is frequently unwilling to talk about its
security capabilities when it comes to cyber, but Eoyang did let
out a glimpse of the U.S. capabilities when it comes to cyber
"We have publicly acknowledged that there are categories of
criminal actors who have capabilities that are sophisticated
enough that we consider them targets that we might choose to
disrupt," she said. "I'm not going to talk about who; they
probably know who they are. We're coming for them."
It's not the DOD alone that defends the nation's cyber network.
Eoyang said DOD works closely with law enforcement to keep the
have very strong partnerships with law enforcement, because at
the end of the day, many of these people are motivated by
money," Eoyang said. "They're in it for the ransom. They're not
necessarily in it for harming [the United States.]"
Working alongside law enforcement, such as the FBI, Eoyang said,
allows DOD to make sure that adversaries can't find safe haven
in the United States.
"We can share that information and where it's happening in the
United States, then law enforcement can disrupt," she said.
"We've actually seen our law enforcement colleagues become very
creative and very innovative in their use of lawful tools to be
able to go after this. You may have seen some reporting on the
FBI's ability to seize malware that the [Main Directorate of the
General Staff of the Armed Forces of the Russian Federation]
have inside the United States."
When the Defense Department can work together with U.S. law
enforcement to defend the networks, Eoyang said, both are able
to do more to protect the United States.