Persistent Enforcement: Criminal Charges as a Response to Nation-State Malicious Cyber Activity

{
  "authors": [
    "Tim Maurer",
    "Garrett Hinck"
  ],
  "type": "legacyinthemedia",
  "centerAffiliationAll": "",
  "centers": [
    "Carnegie Endowment for International Peace"
  ],
  "collections": [],
  "englishNewsletterAll": "",
  "nonEnglishNewsletterAll": "",
  "primaryCenter": "Carnegie Endowment for International Peace",
  "programAffiliation": "",
  "programs": [],
  "projects": [],
  "regions": [],
  "topics": []
}

In The Media

Persistent Enforcement: Criminal Charges as a Response to Nation-State Malicious Cyber Activity

Malicious cyber activities by foreign states present major challenges to the U.S. government. One tool brought to bear most recently against these state actors is the criminal indictment.

By Tim Maurer and Garrett Hinck

Published on Jan 24, 2020

Source: Journal of National Security Law and Policy

The question of how states attribute responsibility for malicious cyber activity to other state actors has provoked much attention from both policymakers and scholars.¹ Yet one approach to this problem has not been analyzed in depth: the use of criminal charges to allege or suggest state responsibility for cyber incidents. The United States has increasingly used this instrument since 2014. Its Department of Justice in fact adopted an explicit goal of bringing charges against foreign actors responsible for cyber activity.² Federal prosecutors have unsealed a series of indictments and criminal charges against Chinese intelligence officers involved in the theft of intellectual property and Iranian and North Korean individuals who carried out destructive cyberattacks on behalf of their governments. This also includes charges against Russian intelligence officers alleged to have interfered in the 2016 U.S. election.

This increasing number of criminal charges raises several important questions: What are the goals of these criminal charges, especially those against foreign intelligence officers unlikely ever to be arrested by U.S. law enforcement? Are criminal charges merely a more formal approach to alleging state responsibility than leaking statements from “senior administration officials” to the media about cyber threats from other states? And how should this strategy of bringing criminal charges be evaluated in the context of broader U.S. policy efforts to combat malicious cyber activity? How does it interact with the Justice Department’s stance of independence from political considerations?

Read Full Text

This article was originally published in the Journal of National Security Law and Policy.

Notes

¹ Scott J. Shackelford & Richard B. Andres, State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem, 42 GEO.J.INT’L L.971, 974 (2011).

² SeeAdam Hickey, senior Dep’t of Justice official, Remarks at CyberNext DC (Oct. 4, 2018), https://perma.cc/5FQX-MT5G.

Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.

More Work from Carnegie Endowment for International Peace

Commentary
Emissary
What If Trump Gets His Russia-Ukraine Deal?
It’s dangerous to dismiss Washington’s shambolic diplomacy out of hand.
Eric Ciaramella
Article
South-South AI Collaboration: Advancing Practical Pathways
The India AI Impact Summit offers a timely opportunity to experiment with and formalize new models of cooperation.
Lakshmee Sharma, Jane Munga
Commentary
Strategic Europe
Taking the Pulse: Can the EU Attract Foreign Investment and Reduce Dependencies?
EU member states clash over how to boost the union’s competitiveness: Some want to favor European industries in public procurement, while others worry this could deter foreign investment. So, can the EU simultaneously attract global capital and reduce dependencies?
Rym Momtaz, ed.
Article
What Can the EU Do About Trump 2.0?
Europe’s policy of subservience to the Trump administration has failed. For Washington to take the EU seriously, its leaders now need to combine engagement with robust pushback.
Stefan Lehne
Commentary
Strategic Europe
To Survive, the EU Must Split
Leaning into a multispeed Europe that includes the UK is the way Europeans don’t get relegated to suffering what they must, while the mighty United States and China do what they want.
Rym Momtaz

More Work from Carnegie Endowment for International Peace

Kushner and Putin shaking hands, with Witkoff standing next to them

Commentary

Emissary

What If Trump Gets His Russia-Ukraine Deal?

It’s dangerous to dismiss Washington’s shambolic diplomacy out of hand.

Eric Ciaramella

Article

South-South AI Collaboration: Advancing Practical Pathways

The India AI Impact Summit offers a timely opportunity to experiment with and formalize new models of cooperation.

Lakshmee Sharma, Jane Munga

Commentary

Strategic Europe

Taking the Pulse: Can the EU Attract Foreign Investment and Reduce Dependencies?

EU member states clash over how to boost the union’s competitiveness: Some want to favor European industries in public procurement, while others worry this could deter foreign investment. So, can the EU simultaneously attract global capital and reduce dependencies?

Rym Momtaz, ed.

Article

What Can the EU Do About Trump 2.0?

Europe’s policy of subservience to the Trump administration has failed. For Washington to take the EU seriously, its leaders now need to combine engagement with robust pushback.

Stefan Lehne

Commentary

Strategic Europe

To Survive, the EU Must Split

Leaning into a multispeed Europe that includes the UK is the way Europeans don’t get relegated to suffering what they must, while the mighty United States and China do what they want.

Rym Momtaz