May 23, 2022

It's not just hackers operating at the behest of adversarial nation states who pose a threat to U.S. cyber infrastructure — it's cyber criminals who are just in it for the money, the deputy assistant secretary of defense for cyber policy said.

Many in the Defense Department have long viewed the cyber threat in terms of nation-on-nation said Mieke Eoyang, who spoke Friday at TruCon2022, the Truman Center for National Policy's annual conference.

"I think that's because we thought that those are the most technical, the most sophisticated and the ones that would have the greatest impact," she said. "But I think we've seen over time with the development of the non-state actor — the criminal cyber market — is that capabilities that were once reserved for state actors are available on the dark web for purchase."

The criminal hacker, Eoyang said, is also able to act in a disruptive manner and greatly impact the American way of life — such as with last summer's attack on Colonial Pipeline.

Differentiating between the criminal hacker and the nation state hacker complicates the defense of the nation, Eoyang said. Further complicating the issue is that some nations, while they may not have ever directly perpetrated a cyber attack on the U.S., do make themselves hospitable to criminal hackers who are interested in benefiting from such attacks.

"How do you then make decisions about how to impose costs if you're not confident that it is in fact a state actor, a criminal ... [or] a state actor pretending to be a criminal," Eoyang asked. "This is really a very complicated environment."

The Defense Department is frequently unwilling to talk about its security capabilities when it comes to cyber, but Eoyang did let out a glimpse of the U.S. capabilities when it comes to cyber criminals.

"We have publicly acknowledged that there are categories of criminal actors who have capabilities that are sophisticated enough that we consider them targets that we might choose to disrupt," she said. "I'm not going to talk about who; they probably know who they are. We're coming for them."

It's not the DOD alone that defends the nation's cyber network. Eoyang said DOD works closely with law enforcement to keep the U.S. safe.

"We have very strong partnerships with law enforcement, because at the end of the day, many of these people are motivated by money," Eoyang said. "They're in it for the ransom. They're not necessarily in it for harming [the United States.]"

Working alongside law enforcement, such as the FBI, Eoyang said, allows DOD to make sure that adversaries can't find safe haven in the United States.

"We can share that information and where it's happening in the United States, then law enforcement can disrupt," she said. "We've actually seen our law enforcement colleagues become very creative and very innovative in their use of lawful tools to be able to go after this. You may have seen some reporting on the FBI's ability to seize malware that the [Main Directorate of the General Staff of the Armed Forces of the Russian Federation] have inside the United States."

When the Defense Department can work together with U.S. law enforcement to defend the networks, Eoyang said, both are able to do more to protect the United States.