Who's hacking U.S. networks? It's not an easy question to answer, defense leaders told lawmakers, as determining if a malicious cyber attacker is a foreign government, a cyber criminal or a cyber criminal supported by a foreign government is never clear.
"The line between nation-state and criminal actors is increasingly blurry as nation-states turn to criminal proxies as a tool of state power, then turn a blind eye to the cyber crime perpetrated by the same malicious actors," said Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, during a hearing today before the House Armed Services Committee.
Russian security services, Eoyang said, are known to leverage the activities of cyber criminals and to then shield them from prosecution for crimes committed for personal benefit.
"We have also seen some states allow their government hackers to moonlight as cyber criminals," she said. "This is not how responsible states behave in cyberspace, nor can responsible states condone shielding of this criminal behavior."
For the U.S., Eoyang said, knowing who is responsible for malicious cyber behavior is important because it determines who can respond to it. When non-state actors are engaging in financially motivated crimes, for instance, it is the Federal Bureau of Investigation and the Department of Justice who are responsible for pursuing those criminals, she said.
"The challenge I think that we have is that when those attacks first come across the network and impact us, when we see that malicious activity, it's always a challenge of attribution to be able to pull it apart and figure out who are the state actors and who are the non-state actors, [and] which elements of government would then be tasked with the lead to disrupt that activity varies based on location and whether or not they are criminal or not," she said.
While the FBI and DOJ handle criminal activities inside the U.S., it is the role of Cyber Command to focus on cyber threats against the homeland from adversary nation-states. It's an effort the Cybercom commander and National Security Agency director, Army Gen. Paul M. Nakasone, said he's proud of.
One area where the role of Cybercom has been important is in the 2020 election. Nakasone said the security of the 2020 election was ensured through the Election Security Group, which is a combined effort of Cybercom and NSA.
"We built on lessons from earlier operations and honed partnerships with the Federal Bureau of Investigation, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, sharing information with those who needed it as fast as possible," Nakasone said.
"To protect the 2020 elections," Nakasone said, "Cybercom conducted more than two dozen operations to get ahead of foreign threats before they were able to interfere with or influence elections.
"I'm proud of the work the command and the election security group performed as part of a broader government effort to deliver a safe, secure, 2020 election," Nakasone said.