Around the world with the NSA's cyber chief
The head of the National Security Agency’s cyber branch on Wednesday warned that the number of digital threats has proliferated.
“Almost every nation in the world now has a cyber exploitation program,” Rob Joyce, director of the NSA’s Cybersecurity Directorate, said during the Aspen Cyber Summit in Colorado.
“The vast majority of those are used for espionage and intelligence purposes, but... there is interest in dabbling in offensive cyber and outcomes. The difference between the top of the list and the bottom of the list, usually, is scale,” added Joyce, who has served in a number of roles at the nation’s top electronic spy agency and was a special assistant to the president and cybersecurity coordinator in the National Security Council in 2018.
There are some "high-end, sophisticated small actors, but they're confined to whatever that national interest is that they're aimed at so we see less of them."
Joyce also delivered his latest assessments on the so-called “Big Four,” foreign nations that have traditionally acted as America’s digital adversaries—Russia, China, Iran and North Korea—and their latest online activities.
Russia. “They are the disruptive force. They're often trying to not increase their activity but tear down others... They're very active in the intelligence-gathering activities, still, both against governments [and] critical infrastructure. And then, the concern is that that effort that we've seen them actively use disruptive effects around the globe. We've seen evidence of pre-positioning against U.S. critical infrastructure. All things that can't be tolerated and we need to work against.”
China. “Scope and scale, China's off the charts. The amount of Chinese cyber actors dwarfs the rest of the globe, combined… The difference [from] four or five years ago to today, the difference I see, is we respected them less. It was always broad, loud and noisy, and what we're finding, when you have a resource base that large, the elite in that group really are elite.
“The high end of the Chinese sophistication is really good. We've got to continue to understand, disrupt and then find ways across the whole of that technology to kind of push back… Yes, defense is really important, but you also have to work to disrupt so that's the continuous engagement strategy out of the [Defense Department] and the idea that we got to put sand and friction in their operations, so they don't get just free shots on goal."
Iran. “Iran's still active. They were certainly first and foremost, back when everybody was talking about the bank [distributed denial of service attacks, and the Shamoon Wiper virus. Still actively engaged in offensive cyber. But what we're seeing is they're often very focused on regional things right now. They haven't been as focused on broader impact. But they're capable and most importantly they're dangerous because they're less judicious in what they decide is a reasonable action. I think at times Iran doesn't understand just how much they've gone up to, and even over, the line to the point where they've drawn the ire and concern of the greater greater community.”
North Korea. “North Korea is still very, very focused on creating wealth for the regime because there's not many more sanctions that the world can put on North Korea. So they've got to find ways to generate currency, to make exchanges, and they found that stealing Bitcoin is often easier than stealing from the Bank of Bangladesh. They haven't been hitting the biggest banks quite as aggressively, because they're making their money in the crypto space ... The commercial firms were dealing with a lot of North Korean issues back when the [Covid-19] vaccine was an issue; they were going after the intellectual property of vaccine makers. So, still active, still a threat, very capable but mostly focused on crypto exchanges and creating money.”
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.