After the Michael Rodgers's term, former US Cyber Commander, Paul Nakasone, former US Army Commander, was appointed head of the NSA and US Cyber Command. In addition, changes were made to the commanders of the CYBERCOM departments, such as navy, ground and air cyber commands.
The US Department of Defense's cyber strategy is another step forward in promising US cyber-attacks. The country claimed to have suffered numerous cyber-attacks from Iran, China, Russia, and North Korea, and needs to control the cyber space, prevent unlawful detention and prevent nation states from cracking down its systems and networks. ; In other words, they believe that deterrence should be created in cyberspace.
The United States came to the conclusion that the time for defense after and during an attack was over, and should not wait for Preventive defense. DOD officials realized that they had to take the defending forward approach and utilize pre-emptive attack for deterrence.
However, another strategy called “continuous engagement” has been mentioned in a new US document. This strategy means raising costs to the enemy in order to force it to retreat. One of the tactics of this strategy is "name and shame" by which Americans expose the hacker’s identity. CYBERCOM officials have decided that by disclosing other countries’ operations, revealing their hacker names, their capabilities and potentials make them fear and persuade them not to cooperate with their leaders.
The United States has applied this tactic since 2016 by banning 7 Iranian citizens for allegedly carrying out cyber-attacks against some US centers and infrastructure, but Iran alone did not escape the indictments; Russia, China and North Korea were also indicted by the defendants.
The question is what legal basis for issuing such indictments they have in mind. Is there an international convention to ban hackers? If so, is it acceptable for all active countries in the cyber field?
What is the technical evidence of accusations against citizens? If you ask this question from an FBI official or US Judiciary, they will definitely say that they had obtained this information through their ability to collect information and cyber security companies like FireEye and CrowdStrike. These companies have the potential to track such things yet the question is whether the cyber security companies’ proof could be assigned as a convicted crime. How have these institutions been given the qualifications that they can easily provide evidence or the information needed to boycott citizens for hacking charges to federal agencies such as the FBI or the Department of Justice?
Assuming these companies have the technical capability to assign cybercrime even definitely, why they have not attributed a cyber-attack to the United States. It is as pure as that the country has carried out offensive attacks against other countries to achieve its goals, though.
If we want to deny this, then the publication of US cyber strategies by the DOD officials and the claims of responding to cyber-attacks is futile. It will then be noted that these companies are supported by intelligence agencies. For example, looking at members who work in CrowdStrike will indicate that FBI agents also own a chair in there. Another example is that the head of the company, Dmitri Alperovitch recently met the assistant to the Secretary of Justice on a national security matter and spoke on cyber sanctions. Even Rand's think tank, in a report, says companies such as CrowdStrike, FireEye, and Symantec are becoming Cyber Judiciary institutions, that is, if these companies attribute an attack to a country, necessary actions must be to taken.
If such a policy is accepted from the United States, we must first ask the companies if they have the ability to provide a technical report and information on Stuxnet, Flame, Duqu, Wiper, and Regin malware and their main actors; exactly the same as the reports released against Iran. Following from that, US Justice Department should be asked to take the appropriate actions against the malware creators.
The answer is very simple. They will never do such a thing because the abovementioned operations were carried out by the US or Israeli governments against Iran, and the CYBERCOM, the NSA and the 8200 unit hackers were responsible for spreading them.
How can these companies report against America while they are undercover institutions for imposing cyber sanctions against Iran? They are the powerful arms of the United States to enforce cybercott and start a economic cyber warfare on Iran. This is even more clear when we know that the United States is trying to implement the “name and shame” tactic against digital currency activists and to impose sanctions against the Iranian domestic digital currency. We need to talk more about this in the future.