A recent report throws cold water on one of the U.S. government’s key pillars for what it calls whole-of-government deterrence in cyberspace: indictments.

According to cyberthreat intelligence firm CrowdStrike’s 2019 Global Threat report, nation-state actors do not seem deterred in the face of legal actions.

“[I]n spite of some impressive indictments against several named nation-state actors — their activities show no signs of diminishing,” the report states. “In diplomatic channels and the media, several nation-states gave lip-service to curbing their clandestine cyber activities, but behind the scenes, they doubled down on their cyber espionage operations — combining those efforts with further forays into destructive attacks and financially motivated fraud.”

The report continues, saying that law enforcement efforts “have not yet halted or deterred nation-state sponsored activities” as nation-states were continuously active in 2018 targeting dissidents, regional adversaries and foreign powers to collect intelligence for decision-makers.

Examples provided by CrowdStrike include North Korea’s activity in both intelligence collection and currency-generation schemes, despite participating in diplomatic outreach; Iran’s continued focus on operations against other Middle Eastern and North African countries, particularly regional foes across the Gulf Cooperation Council; China’s significant rise in U.S. targeting likely tied to increased tensions between the two countries; and Russia’s activity across the globe in a variety of intelligence collection and information operations.

2018 saw many high-profile indictments of individual actors that perpetrated hacks against American and allied entities working on behalf of nation-states. Such indictments include:

  • Iranians accused of stealing intellectual property from over 300 universities, government agencies and financial services companies;
  • 12 Russians for conducting the operations against the Democratic Party in the runup to the 2016 presidential election;
  • Park Jin Hyok, a North Korean hacker accused of involvement in the 2014 destructive hack of Sony Pictures, the 2016 heist of $81 million from a bank in Bangladesh and the WannaCry ransomware attack;
  • A Russian hacker accused of participating in the 2014 hack of JP Morgan Chase; and
  • Two Chinese hackers for their involvement of a 12-year cyber campaign targeting the intellectual property and trade secrets of companies across 12 nations. 

Some have said that the indictments have made a difference and could deter future behavior.

“I think it’s a very interesting [question], bringing this issue home to the individual operators, whether it’s indicting individuals even though you know they will never be extradited. Is that a career un-enhancing move if you are a member of the [Chinese People’s Liberation Army] or the member of a proxy group in Russia or Iran? Is your cover burned forever doing more things for that government?” asked Sean Kanuck, visiting fellow at the Hoover Institution and former national intelligence Officer for cyber issues, at a media roundtable discussion hosted by Stanford’s Hoover Institution in California Oct. 1.

“Who knows? But if you can make this personal, such that someone’s career and their financial livelihood or the special benefits their family gets in certain countries are no longer available to them, will it make future very talented people not interested in following a similar career path?”

The argument from those in favor of indictments include that they don’t want these acts to go unpunished by not taking action in the face of rampant malicious cyber activity. Others, however, are less convinced.

“Is the indictment strategy working? It is hard to answer this question with certainty, because it is not clear how that strategy might be working in tandem with broader trade measures and with secret cyber operations. But viewed narrowly, on the basis of the public record in light of its publicly stated aims, the indictment strategy appears to be a magnificent failure,” Jack Goldsmith, a Harvard law professor and former assistant attorney general in the Office of Legal Counsel, wrote in a December post on the Lawfare Blog.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Cyber