One of the most prolific hacks seen in 2014 was no doubt that involving Sony Pictures. The instance is still being investigated, but there is much controversy surrounding the cyber criminal activity that caused the entertainment firm to cancel the commercial release of its latest film, “The Interview.”
By now, we’ve all heard about the hack and connected messages pushing Sony to prevent the release of the politically charged film. However, this event also brought to light an emerging trend in the industry: state-backed cyber crime.
According to NBC News, in mid-December, the FBI made an official statement accusing North Korea of being involved with the attack on Sony Pictures.
“North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI’s statement read. “Such acts of intimidation fall outside the bounds of acceptable state behavior.”
Following this statement, President Barack Obama came forward to say that no evidence had been uncovered to suggest that North Korea – or any other country – was connected to the hack.
Although it’s still too soon to say who was behind the attack, the instance did shine a light on state-backed cyber crime, as well as efforts to combat it.
Department of Justice: Boosted focus on state-backed cyber crime
Even before the Sony hacking event came to light, the Department of Justice was already ramping up its efforts to prevent state-backed cyber crime. According to The Hill contributor Cory Bennett, in late October last year, the DOJ’s National Security Division launched a new phase in its plans to combat online espionage.
Plans involved bringing three new senior officials into the NSD fold to help support its Anti-Terrorism and Advisory Council program efforts. The department is hoping to catch up to the current state of cyber crime, particularly after the organization made its first official indictment against five members of the Chinese military allegedly involved in hacking activity.
“While our top priority will always be combating terrorism, we must also sharpen our focus and increase our attention on the emerging threats of economic espionage and proliferation,” said John Carlin, DOJ assistant attorney general for national security. “These changes will help us continue confronting today’s threats while readying the NDS workforce to engage what we see as the key emerging threats to our national security.”
Michael McCaul, House Homeland Security Committee chairman, noted that there is currently a gap in protection against state-backed hacking actors. In many cases, this gap is being filled by companies in the private sector, however McCaul noted he preferred these instances be taken care of on the federal level. Government agencies have capabilities that many enterprises may not have access to, and are therefore better equipped for cyber crime of this kind.
Maryland supports private efforts against cyber crime
Despite McCaul’s sentiments, there have been instances when federal agencies does support private sector cyber security efforts. The Maryland Technology Development Corporation announced in late 2014 that the state planned to provide support for its Cybersecurity Investment Fund. The CIF is a first for Maryland, and will offer investments to companies in the state for the development and commercialization of new cyber security products. Financial support will include investments of up to $100,000 for private enterprises.
TEDCO hopes that the funding will help these businesses streamline their production of protection solutions, which include any technology, process or mechanism connected with protecting unauthorized access to digital networks.
“Maryland is the epicenter of cyber security, home to unmatched federal resources, industry-leading companies and a growing community of dynamic and innovative startup companies,” said Maryland Governor Martin O’Malley. “TEDCO’s Cybersecurity Investment Fund will be an excellent addition to the outstanding array of resources we have dedicated to the information security industry.”
O’Malley also noted that the fund will help support newer organizations in the cyber security industry while creating new jobs and opportunities within the state.
Virginia provides investments for cyber security startups
The state of Virginia recently launched a program similar to TEDCO’s CIF. The business accelerator initially began in the fall of 2013 and is known as MACH37. This program was also backed by the state, and provides $50,000 investments to support the establishment of cyber security organizations in the area.
Companies involved in the program receive support and resources over a three-month period in the hopes that financial funding will help businesses establishment themselves and their protection approaches.
“We want to create companies that can be sustainable and that we can get a return on investment from,” noted MACH37 managing partner Rick Gordon.
Although state-backed hacking activity is a real threat in the current industry climate, many federal organizations are working to prevent it through their own efforts, and by supporting initiatives from the private sector. Thanks to these activities, cyber criminals will have reduced opportunities to snoop and steal sensitive information.