Readout of Assistant Attorney General for National Security John P. Carlin’s Address at French American Foundation Event

Speaking today at the French American Foundation, Assistant Attorney General for National Security John P. Carlin called for French and European cooperation on combating nation state-sponsored theft of intellectual property, as well as destructive cyber-attacks.

Carlin highlighted the recent massive cyberattack by purported jihadis on French TV5Monde to illustrate a common purpose.  “It’s not a matter of whether a nation will fall prey to a cyber-attack, but when,” said Carlin.  He stressed the importance of global cooperation to increase the cost of hacking.  “It’s about deterrence.  Until nation states and terrorists stop stealing and committing bullying, destructive cyber-attacks, we must increase the cost.  Whether you are the Syrian Electronic Army, ISIL or a state-sponsored hacker, we can and will find you.  And when we do, there will be consequences.  Prosecution, sanctions, diplomacy and designations are just some of the many options we have.  Together, we will find the right tool, or right combination of tools, to make this activity very, very costly.”  Carlin committed to playing the long game, saying, “As international partners, we need to keep at it, keep applying that pressure.  That’s how you change behavior.  It will not happen overnight.”

Carlin has long stressed the need for global responsibility.  He told today’s attendees, including French and U.S. government officials, think tanks, private industry, academia and security and insurance professionals, “It was true when we said it in May 2014 following the PLA indictment, and it remains true today: we are aware of no nation that publicly states that theft of information for commercial gain is acceptable.  It is time for us to, once and for all, come to a common agreement about acceptable state behavior in cyberspace.”

Carlin also addressed the importance of executive involvement in cybersecurity and managing cyber risk: 

“These are C-suite decisions.  You cannot manage your corporate cyber risk if you do not understand and prioritize it.  You must make cyber defense a key component of your business strategy, and then invest in it.  Also consider cyber insurance to protect your bottom line and – most important from my vantage point – do not go it alone.  The Justice Department is here to help you when you encounter cyber threats.”

Carlin also highlighted the need for nations to apply the lessons learned in counterterrorism to emerging threats in cyberspace.  He closed his remarks by saying: 

France is one of America’s oldest and closet allies, and has long stood with us in our efforts to combat terrorism.  When nations band together to combat terrorism, as we did following the brutal attack at the offices of the Charlie Hebdo magazine, we are strong and we will win.  But that principle is not limited to terrorism – it extends to all threats to our nations’ security.  We are in this fight together, and we have to learn from one another, so that the same actors, using the same tools and signatures, cannot simply move from one country’s network to another, targeting our intellectual property and innovation or damaging our networks.  Digital security is vital to national security.