National Security Division Focuses on Combating Cyberthreats
The U.S. Justice Department’s National Security Division, created in response to the September 11, 2001, terror attacks, is increasingly focused on an emergent menace: cyberthreats posed by foreign countries, from Russia to China, the division head said Thursday.
“In the past years, [the division’s mission] has come increasingly to include a focus on cyber as part of the threat posed by certain foreign nations,” said John Demers, assistant attorney general for national security, citing the prosecution in recent years of hackers acting on behalf of China, Russia, Iran and the Islamic State terror group.
Over the past two years, U.S. law enforcement and intelligence officials have been sounding alarm bells about cyberthreats presented by a variety of foreign actors, from Russian government efforts to disrupt U.S. elections to Chinese companies trying to steal U.S. trade secrets.
In a report released in February, the Office of the Director of National Intelligence said the worldwide cyberthreat was on the rise.
“The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected — with relatively little built-in security — and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits,” the report said. “The risk is growing that some adversaries will conduct cyberattacks — such as data deletion or localized and temporary disruptions of critical infrastructure — against the United States in a crisis short of war.”
The National Security Division, one of the Justice Department’s seven key units, was created in 2006 as part of the reauthorization of the Patriot Act, a controversial law that Congress passed in response to terror threats in the weeks after 9/11.
Speaking at a cyberthreat intelligence forum in Washington, Demers warned that foreign state and nonstate actors continued to pose a threat to U.S. national security.
“You know that there are countries in this world that want what we have,” Demers said. “They want our sensitive information, our technology, our intellectual property. And they want to destroy any competitive advantage we enjoy.”
In his speech, Demers did not address the Russian threat to U.S. elections but said U.S. law enforcement agencies take every cyberthreat seriously, regardless of its nature or source.
“You don’t have to be a defense contractor to be worried about this,” he said. “Recently, we prosecuted cases involving the thefts of grains of rice and kernels of corn. No one is immune.”
Last month, a Chinese scientist was sentenced to 121 months in prison for conspiring to steal samples of rice seeds from a biopharmaceutical research facility in Kansas. In 2016, an employee of a Chinese conglomerate was sentenced to 36 months in prison for conspiracy to steal inbred corn seeds protected as trade secrets by DuPont Pioneer and Monsanto.
But not every Justice Department cyberdisruption involves prosecution, Demers said.
Last week, the agency announced it had obtained a court order to disrupt a global botnet that had infected hundreds of thousands of home and office router devices around the world.
The botnet, known as VPNfilter, was controlled by a hacker group known as Sofacy Group. It gave the cybercriminals the ability to collect users’ information, exploit their devices and block network traffic.
The FBI later issued a public service announcement about VPNFilter, urging internet users to reboot their routers.
Demers said the Justice Department worked closely with the private sector and other government agencies to disrupt the operation.
“The department could not have begun to neutralize this threat alone,” he said.
VOA’s Jeff Seldin contributed to this report.