Advertisement

DOJ official: Only way to stop nation-state hacking is public attribution

If the U.S. hopes to deter nation-state actors from hacking into American organizations, the government must publicly shame those perpetrators by disclosing their identities, according to Department of Justice Assistant Attorney General John Carlin.

If the U.S. hopes to deter nation-state actors from hacking into American organizations, the government must publicly shame perpetrators by disclosing their identities, according to Department of Justice Assistant Attorney General John Carlin.

Carlin, during a panel discussion Thursday at the Aspen Institute Security Forum, explained that public attribution is the “only” way to deter nation-state level hackers from attacking the U.S.

The comments run contrary to the White House’s “case-by-case” approach recently described by spokesperson Eric Schultz.

Referencing how the Obama administration previously handled the Sony-North Korea hack, Carlin told an audience in Aspen: “We said it, so that’s new. Take it out of the intel channel, as we did with PLA. Be public about it, because that’s the only way to change behavior. [And] not just theirs, but everyone else trying to figure out what you can get away with in this space.”

Advertisement

Experts tell FedScoop that when accurate attribution of an attack is possible, cybersecurity cases typically compel U.S. officials to answer two fundamental questions: how will we respond and what should be made public?

Consequently, these same two questions have become increasingly important in light of the data breach at the DNC — allegedly conducted by a party with ties to the Russian government —  that led to the disclosure of damaging, internal emails.

Analysts, private tech firms and unnamed intelligence officials believe that Moscow is responsible for the cyber attack. But the White House has decined to ascribe blame until an ongoing FBI investigation concludes.

Director of National Intelligence James Clapper, who also spoke at the Aspen Institute Security Forum, said that the government is not yet ready to name who was responsible for the DNC cyber attack and even when such information is available, a determination about public attribution remains unclear.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts