About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

10 J. Nat'l Sec. L. & Pol'y 525 (2019-2020)
Persistent Enforcement: Criminal Charges as a Response to Nation-State Malicious Cyber Activity

handle is hein.journals/jnatselp10 and id is 540 raw text is: 


    Persistent Enforcement: Criminal Charges as a
 Response to Nation-State Malicious Cyber Activity


                         Garrett Hinck & Tim Maurer*


                                 INTRODUCTION
   The question of how states attribute responsibility for malicious cyber activity
to other state actors has provoked much attention from both policymakers and
scholars.1 Yet one approach to this problem has not been analyzed in depth: the
use of criminal charges to allege or suggest state responsibility for cyber inci-
dents. The United States has increasingly used this instrument since 2014. Its
Department of Justice in fact adopted an explicit goal of bringing charges against
foreign actors responsible for cyber activity.2 Federal prosecutors have unsealed
a series of indictments and criminal charges against Chinese intelligence officers
involved in the theft of intellectual property and Iranian and North Korean indi-
viduals who carried out destructive cyber attacks on behalf of their governments.
This also includes charges against Russian intelligence officers alleged to have
interfered in the 2016 U.S. election.
   This increasing number of criminal charges raises several important questions:
What are the goals of these criminal charges, especially those against foreign
intelligence officers unlikely ever to be arrested by U.S. law enforcement? Are
criminal charges merely a more formal approach to alleging state responsibility
than leaking statements from senior administration officials to the media about
cyber threats from other states? And how should this strategy of bringing criminal
charges be evaluated in the context of broader U.S. policy efforts to combat mali-
cious cyber activity? How does it interact with the Justice Department's stance of
independence from political considerations?
   The U.S. first publicly brought criminal charges that explicitly alleged that a
foreign state played a role in malicious cyber activity in 2014, with charges against
five officers in the Chinese People's Liberation Army (PLA) for stealing intellec-
tual property (IP) from a number of U.S. companies, including Westinghouse,

  * Garrett Hinck is a researcher at the Carnegie Endowment for International Peace working on
nuclear and cybersecurity policy. Tim Maurer is Co-director of the Cyber Policy Initiative at the
Carnegie Endowment for International Peace. In 2018, Cambridge University Press published his book,
Cyber Mercenaries: The State, Hackers, and Power, a comprehensive analysis examining proxy
relationships between states and hackers. © 2020, Garrett Hinck & Tim Maurer.
  The authors wish to thank Jon Bateman, Michael Daniel, Martha Finnemore, Jonah Hill, Duncan
Hollis, Matthew Noyes, officials at the U.S. Department of Justice's National Security Division, and the
experts at the workshop organized by Third Way's Cyber Enforcement Initiative for providing
invaluable comments and feedback on this article.
  1. Scott J. Shackelford & Richard B. Andres, State Responsibility for Cyber Attacks: Competing
Standards for a Growing Problem, 42 GEO. J. INT'L L. 971, 974 (2011).
  2. See Adam Hickey, senior Dep't of Justice official, Remarks at CyberNext DC (Oct. 4, 2018),
https://perma.cc/5FQX-MT5G.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most