A bill approved Thursday by the House Foreign Affairs Committee calls on the White House to develop a publicly available list of advanced persistent threat (APT) groups identified by the U.S. government.
In broad strokes, the “Cyber Deterrence and Response Act of 2018” seeks to establish a strategy that allows the country to act in response to attacks by foreign hackers. The bill, sponsored by Rep. Ted Yoho, R-Fla., would make policy changes and create new controls on how the executive branch can increase costs on adversaries that target U.S. companies or government agencies in cyberspace.
The legislation also calls for a comprehensive and uniform list of foreign hacking groups, to give government agencies common terminology when discussing certain cyberthreats.
Such a list would be the first of its kind. Published regularly in the Federal Register, it could include input from multiple different federal agencies — a notable stipulation since there typically are discrepancies between organizations on how to attribute various attacks to threat groups.
For example, even within the U.S. intelligence community, there is some disagreement over how to refer to malicious cyber-activities or if they should be grouped together under single entities. An agency’s ability to track a threat group will dictate its own understanding of the attackers’ origin.
Commonly, APT group names are created by the private sector. Some of the well-known groups are Russian-linked “APT28” or “Fancy Bear,” the Chinese-linked “APT1” or “CommentPanda,” and North Korea-linked “Lazarus Group” or “Hidden Cobra.”
Because of language in the legislation, the list would not include U.S.-linked or likely allied-linked hacking groups, like the infamous NSA-associated “Equation Group.” That group was first cataloged by Moscow-based cybersecurity company Kaspersky Lab. Instead, the federal list would only include groups and individual hackers that are deemed a threat to the U.S.
In a statement from Yoho’s office, the congressman said: “Not all threats to our national security are kinetic. More and more, countries who wish to weaken the United States and disrupt our way of life are using keyboards and the internet … My Cyber Deterrence and Response Act will shine a light on these countries and create a framework that not only deters but provides the proper response for their actions. It is vital that when these attacks happen, they are exposed, pulled out of the shadows, and punished accordingly.”