2018 was in many ways a watershed year for the United States in cyberspace. Washington revamped its cyber strategy. It loosened authorities for military cyber operators. It responded to large-scale global cyberattacks. And it dealt with chilling intrusions on its critical infrastructure. Looking back, though, what did all these changes mean, and how well did U.S. cyber policy fare?
Let’s start with the good news. In two particular areas—attribution and indictments—the United States has shown clear improvements in responding to inappropriate behavior in cyberspace. Over the past year, the Department of Justice significantly increased the pace of indictments against Chinese, Russian, Iranian and North Korean individuals for state-linked cyber activities. The department announced, for example, only one such indictment in 2014, but at least eight in 2018. Such steps, with some exceptions, are not usually enough to change national policies, and more data and analysis are needed to judge their real impact. In theory, though, and especially over the longer term, indictments and sanctions can make it harder for countries to recruit young talented hackers, who may not want to be restricted from travelling to or dealing financially with the United States and Europe.