DOD Works to Increase Cybersecurity for U.S., Allies Published Sept. 17, 2020 By David Vergun DOD News Open and reliable access to the Internet is essential for global security and prosperity. However, growing cyber threats from state and non-state actors threaten those values, the Defense Department's principal director for Cyber Policy said. Madeline Mortelmans, spoke today at an event hosted by the Association of European Journalists in Madrid, Spain. Photo Details / Download Hi-Res Adversaries China, Russia, Iran and North Korea are increasingly taking malicious cyber activities in the gray zone, which is below the threshold of armed conflict, to undermine U.S. and allies' security, she said. China is using cyber espionage for military and economic advantages, Mortelmans said. In 2018, the Justice Department estimated that more than 90% of economic espionage cases involved China and more than two-thirds of the cases involved in the theft of trade secrets were connected to China; this in spite of their 2015 pledge not to use espionage for their economic benefit. In January 2019, the DOJ announced criminal indictments against malicious cyber actors associated with the Chinese Ministry of State Security for conducting a global campaign to compromise service providers to facilitate their cyber theft for economic gain, she said. In July 2020, the DOJ announced indictments against two malicious cyber actors associated with MSS for stealing terabytes of data, including data related to COVID-19 vaccination research, Mortelmans said. Russia is conducting cyber espionage that has the potential to disrupt critical infrastructure and erode confidence in America's democratic system, she said. For example, they've made attempts to interfere in the 2016, 2018 and now 2020 U.S. elections, as well as elections of allies and partners. North Korea has hacked financial networks and cryptocurrency to generate funds to support their weapons development program, she said. Photo Details / Download Hi-Res Photo Details / Download Hi-Res Iran has conducted disruptive cyberattacks against U.S. and allies' companies, along with information operations to push their own narrative across the Middle East, Mortelmans said. Violent extremist organizations use cyber to recruit terrorists, raise funds, direct attacks and distribute gruesome propaganda online, she mentioned. There are also cyber criminals who pose a growing threat from their use of ransomware to extort money from local and state governments as well as the commercial sector, she said. In response to these threats, U.S. Cyber Command has taken a comprehensive and proactive approach, she said, that involves being able to defend forward anywhere in the world, in order to respond to cyber and other threats before they reach the homeland, Mortelmans said. Defending forward includes understanding what adversaries are trying to do and what the threat looks like. This effort includes working with allies and partners, she noted. Besides having an understanding of adversaries' intention, Cybercom has the tools and expertise to conduct defensive and offensive cyber operations, she said. Photo Details / Download Hi-Res A cyber operation can constitute an act of war or use of force, she pointed out. An attack is based on the effects that are caused, rather than the means by which they are achieved. An example would be an attack on critical infrastructure such as the power grid. A cyberattack does not necessarily require a cyber response, she added.