News   Defense News

DOD Works to Increase Cybersecurity for U.S., Allies

Sept. 17, 2020 | BY David Vergun , DOD News

Open and reliable access to the Internet is essential for global security and prosperity. However, growing cyber threats from state and non-state actors threaten those values, the Defense Department's principal director for Cyber Policy said.

Madeline Mortelmans spoke today at an event hosted by the Association of European Journalists in Madrid, Spain.

Airman works on computers
Green Scene
Air Force Tech. Sgt. Kyle Hanslovan, a cyber-warfare specialist serving with the 175th Cyberspace Operations Group of the Maryland Air National Guard, works at Warfield Air National Guard Base, Middle River, Md., Oct. 30, 2017.
Photo By: Joseph Eddins
VIRIN: 171030-F-LW859-025M

Adversaries China, Russia, Iran and North Korea are increasingly taking malicious cyber activities in the gray zone, which is below the threshold of armed conflict, to undermine U.S. and allies' security, she said.

China is using cyber espionage for military and economic advantages, Mortelmans said. In 2018, the Justice Department estimated that more than 90% of economic espionage cases involved China and more than two-thirds of the cases involved in the theft of trade secrets were connected to China; this in spite of their 2015 pledge not to use espionage for their economic benefit.

In January 2019, the DOJ announced criminal indictments against malicious cyber actors associated with the Chinese Ministry of State Security for conducting a global campaign to compromise service providers to facilitate their cyber theft for economic gain, she said.

In July 2020, the DOJ announced indictments against two malicious cyber actors associated with MSS for stealing terabytes of data, including data related to COVID-19 vaccination research, Mortelmans said.

Russia is conducting cyber espionage that has the potential to disrupt critical infrastructure and erode confidence in America's democratic system, she said. For example, they've made attempts to interfere in the 2016, 2018 and now 2020 U.S. elections, as well as elections of allies and partners.

North Korea has hacked financial networks and cryptocurrency to generate funds to support their weapons development program, she said.

Airmen work on computers.
Tech Work
Air Force Tech. Sgt. Kyle Hanslovan, a cyber-warfare specialist serving with the 175th Cyberspace Operations Group of the Maryland Air National Guard, works in the Hunter's Den at Warfield Air National Guard Base, Middle River, Md., Dec. 2, 2017.
Photo By: J.M. Eddins Jr., Air Force
VIRIN: 171202-F-LW859-016M
An airman works on network gear.
Tech Work
Air Force Airman 1st Class Christopher Kendrick, 49th Communications Squadron cyber transport technician, connects fiber optic cables to the base network switches at the base network control center on Holloman Air Force Base, N.M., June 30, 2020.
Photo By: Air Force Airman 1st Class Quion Lowe
VIRIN: 200630-F-UE756-1025K

Iran has conducted disruptive cyberattacks against U.S. and allies' companies, along with information operations to push their own narrative across the Middle East, Mortelmans said.

Violent extremist organizations use cyber to recruit terrorists, raise funds, direct attacks and distribute gruesome propaganda online, she mentioned.

There are also cyber criminals who pose a growing threat from their use of ransomware to extort money from local and state governments as well as the commercial sector, she said.

In response to these threats, U.S. Cyber Command has taken a comprehensive and proactive approach, she said, that involves being able to defend forward anywhere in the world, in order to respond to cyber and other threats before they reach the homeland, Mortelmans said.

Defending forward includes understanding what adversaries are trying to do and what the threat looks like. This effort includes working with allies and partners, she noted.

Besides having an understanding of adversaries' intention, Cybercom has the tools and expertise to conduct defensive and offensive cyber operations, she said.

Two men work on computer.
Computer Work
Air Force Senior Airman Kevin Novoa and Air Force Tech. Sgt. Chris Smith, members of the Connecticut National Guard's Joint Cyber Response Team, assist the city of Hartford, Conn., information technology team, Sept. 9, 2020, in recovery efforts following a ransomware attack that occurred Sept. 4, 2020.
Photo By: Timothy Koster, Army
VIRIN: 200909-A-UQ901-001

A cyber operation can constitute an act of war or use of force, she pointed out. An attack is based on the effects that are caused, rather than the means by which they are achieved. An example would be an attack on critical infrastructure such as the power grid.

A cyberattack does not necessarily require a cyber response, she added.