Following the 9/11 terrorist attacks, federal, state, and local law enforcement agencies have redoubled their efforts to prevent any such attack from ever again occurring on American soil. New laws, new practices, and new technologies have enabled police to prevent numerous attacks, and quickly respond to the few cases in which an attack has been successful.
But even as police continue to work toward safeguarding the homeland against “conventional” attacks on “soft targets” conducted with easily accessible weapons, law enforcement at every level has ratcheted up efforts to “deter, detect, delay, deny, and defend” against the ever-evolving threat of cyberterror.
Recent high-profile cyberattacks have drawn national attention to the problem. The ransomware attack on Colonial Pipeline, which caused a massive disruption in fuel supply to the Eastern United States, and the JBS USA Holdings hack, which imperiled the distribution of nearly one-fifth of the nation’s meat supply, are just two examples.
In addition to Colonial and JBS, there have been significant attacks in recent years on Equifax, Marriott International, MGM Resorts, and others. Some attacks were data breaches involving the theft of customers’ and employees’ personal information, and others were ransomware in which the victim’s data is locked up until a bounty is paid.
The attack on SolarWinds, a major information technology firm, created a backdoor to customer’s IT systems, allowing nefarious actors to spy on entities such as such as Microsoft and the U.S. Department of Defense.
Cybersecurity Ventures, a leading researcher on the global cyber economy, released a report in late 2020 indicating that says global cybercrime could grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. The firm posited that cybercrime could be “more profitable than the global trade of all major illegal drugs combined.”
Clearly, there are vulnerabilities in America’s cyber infrastructure, and it is the job of the police to protect its citizens from such threats.
Cyberattacks in the United States have largely been conducted by foreign actors against private enterprises, with the primary motivation of the attackers being financial gain.
Adam Hickey is one of the deputy assistant attorney generals of the National Security Division (NSD) at the U.S. Department of Justice. Hickey oversees the Counterintelligence and Export Control Section and the Foreign Investment Review Section at DOJ, and among other things supervises investigations and prosecutions of foreign, state-sponsored hacking and attacks.
Hickey says that cyberattacks have come from a variety of entities around the globe, including Chinese state actors looking to steal intellectual property as well as nefarious actors in North Korea who are essentially in the business of bank robbery over the Internet. “We’ve brought cases that allege millions of dollars being stolen—or attempted to be stolen—by actors working on behalf of that government,” Hickey says of entities in North Korea.
Hickey adds, “We’ve seen the Russian government sponsor online information operations involving impersonation of Americans. Iran has done that as well for the purpose of sowing discord or interfering with our elections or our policy debates.”
Morgan Wright, a former detective and currently chief security advisor for the California-based cybersecurity startup SentinelOne, says there are existing legal avenues for responding to financially driven cyberattacks.
“There are sanctions in place that if you pay, especially as designated nationals or foreign terrorist organizations and they can trace it and it’s shown that it’s going to them, you can be sanctioned by OFAC—the Office of Foreign Asset Control and the US Treasury,” Wright says.
Wright adds that preventing future attacks may come down to increasing the incentive for the private sector to tighten their cyber defenses the same way that federal legislation got corporations to get their financial houses in proper order a decade ago under the Sarbanes-Oxley Act.
Wright says that companies in compliance with stringent cybersecurity standards may get a tax credit or some other benefit. However, companies that fail to meet such stringent cybersecurity standards and are breached, company leadership is held accountable, including potential jail time.
President Joe Biden said in a June press conference that he had presented Russian President Vladimir Putin with a list of critical infrastructure sectors, including chemical operations, commercial facilities, government entities, the financial sector, transportation systems, as well as food and water supplies “off-limits” to cyberattacks.
Wright says, “If you start knocking out dams and power grids, that’s truly an act of war. Making someone inconvenienced to have to wait in an hour-long line to buy gas basically just makes us all remember 1978 and ‘odd-number-even-number’ license plate lines. So, we are talking about two different animals.”
Regardless of whether it is an attack causing inconvenience or one potentially causing physical harm or death, local and state police investigators will almost certainly have to involve federal entities such as the FBI and the DOJ to uncover what happened and bring the perpetrators to justice.
Hickey says that it’s especially important for local law enforcement to be plugged in with the FBI.
“I would recommend that local departments have a very strong working relationship and good communication with the FBI field office that is covering them,” Hickey says.
Unfortunately, law enforcement agencies themselves have been the target of numerous cyberattacks, particularly “doxing” attacks that reveal to the public and the press certain protected personal information about an agency’s officers. Ransomware attacks against agencies or entire cities and counties are also common.
Hickey says, “I think it’s a responsibility of everyone who has access to every computer—be it beat cop or supervisor—to be careful in how they use it and not carelessly click on a link they shouldn’t or the like, because law enforcement’s part of our critical infrastructure.”
Wright says that law enforcement should be setting the example of cyber defense.
“We have to obey the law if we want other people to obey the law. I think the other thing we’ve got to do is to be the proponents of good cyber hygiene. In other words, I don’t want to hear about another police department being a victim of ransomware attacks because somebody clicked on a link or opened up a document they shouldn’t have opened.”
Hickey agrees. “Everyone on the force needs to be cyber-savvy enough not to be the one that gets the network compromised. You’ve got a responsibility to keep those networks up andrunning.”
Cyberattacks are a type of terrorism and warfare. They instill fear and/or a lack of faith in entities entrusted to deliver vital services such as food, water, and energy to the American people in order to disrupt our way of life.
Cyberattacks can be motivated entirely by the raw greed of criminals or the ideological beliefs of terrorists. In either case, a cyberattack has the potential to cause calamity and chaos, and American police are on the front lines in protecting our homeland.
The range of bad actors that threaten Americans safety and security in cyberspace is constantly changing, as are their capabilities to inflict serious harm. It is the purview of law enforcement at every level to protect the homeland from this latest form of asymmetric warfare.
Doug Wyllie is contributing web editor for POLICE.