Private Detection Of Foreign-Based Cyber Attacks Effects U.S. Policy

Private-sector companies have developed computer forensic capabilities that enable them to detect and verify foreign government involvement in cyberattacks. The sophistication of their capabilities rivals that of U.S. intelligence agencies. They market their work as “threat intelligence,” and they create a new dynamic with respect to foreign policy. In other areas of statecraft, government agencies monopolize the tools to identify state-sponsored activity, and therefore determine whether there will be open discussion about it. Does this capability align with U.S. interests, or does it risk undermining them? The intelligence community has a high standard for the sources and quality of technical indicators that inform attribution because the government has to consider the consequences of escalation or strained diplomatic relations before publicly accusing a sovereign nation of malicious cyber activity. Private firms do not face the same constraints or repercussions. For them, identifying threats brings media attention, and consumer demand for their services. The tension between private and government threat detection is garnering attention and starting to generate proposals about how to proceed.