America’s top cyber cop told a crowd at the Aspen Security Forum on Thursday that more cooperation with the private sector is needed to keep Americans safe.
John Carlin, the Justice Department’s assistant attorney general for national security, said just one attack in five against American companies is reported to authorities. That makes it harder to use his agency’s new program to prosecute cyber criminals, he said.
“The vast majority of companies today still don’t report criminal intrusions into their systems,” Carlin said.
Carlin touted his agency’s indictments of a Chinese People’s Liberation Army hacker ring as a way to make using the internet safer. In that 2014 case, five members of China’s military were accused of commercial espionage and other crimes.
Speaking during the second day of a four-day national security seminar held by The Aspen Institute, Carlin said the indictment led to last fall’s anti-hacking agreement between Beijing and the Obama administration. That deal called for cooperation in hacking investigations and a halt to state-sponsored hacking of businesses.
Indicting hacker groups sends a message to the nations that sponsor them, Carlin said.
“This approach is a giant ‘no trespass’ sign,” Carlin said. “It’s ‘get off our lawn.'”
But getting criminal charges means knowing about the crimes. That has proven frustrating for the Justice Department, which has found few businesses willing to publicly expose their computer security weaknesses.
“When we work with the private sector we can take effective action,” he said.
A new public-private partnership in Colorado Springs could help the Justice Department and businesses work together.
The National Cybersecurity Center, being built on North Nevada Avenue, plans to help businesses counter cyber threats and educate leaders on safety issues and government help programs. Leaders of that effort say having an entity outside government intervene could make businesses more willing to share information.
In addition to criminal penalties, the federal government has a vast new array of tools to counter cyberspace threats. An executive order signed by President Barack Obama in February cleared use of diplomatic tools like sanctions and other methods to counter cyber crooks.
“Just because someone causes you pain through cyber means doesn’t mean you have to respond through cyber means,” Carlin said.
Cybersecurity is a major priority for the Obama administration. On Thursday, Director of National Intelligence James Clapper told the Aspen gathering computer attacks would be the No. 1 item on his intelligence briefing for the next president.
Military responses to cyber attacks, though are still a work in progress.
Carlin said the military, which includes a major cyber presence in Colorado Springs at Air Force Space Command, is still determining how to retaliate in the new world of computer war.
“In armed conflict, you are going to start developing doctrine of when you use cyber,” he said.
But the new Justice Department push to put hackers behind bars is a method that could make the nation safer he said.
“This approach is new, but we need to keep following it,” he said.