Bill that would have the White House create a database of APT groups passes House vote

US hopes that a name-and-shame strategy would deter foreign nation-state hacking groups to attack US infrastructure as often as now.
Written by Catalin Cimpanu, Contributor

The US House of Representatives passed a bill this week that would have the White House create and maintain a database containing all the names of individuals and cyber-threat groups associated with foreign cyber-espionage operations active against the US.

The bill, named the Cyber Deterrence and Response Act of 2018 (H.R. 5576), was proposed in June by Rep. Ted Yoho (R, Florida), and passed in the House on Wednesday, September 5, after a voice vote.

According to the bill's revised text, the White House, through the president, would be required to establish and maintain a database of advanced persistent threats --or APTs-- a term used in the cyber-security private sector to refer to government-backed groups that are engaged in cyber-espionage operations against other countries.

Also: How US authorities tracked down the North Korean hacker behind WannaCry

Government-level hacking has been happening since the mid-90s but has gotten out of control in the past decade as government agencies around the world have digitized and exposed their underbellies online, sometimes with little to no protection.

In recent years, the US has often been a target of foreign APTs conducting hacking operations on behalf of several countries, such as Russia, China, Iran, and North Korea, --all historical adversaries.

The private cyber-security industry has tracked dozens of groups from each country operating in the US. The problem is that each cyber-security firm has regularly given different names to the same group, and after a few years, even cyber-security experts now require spreadsheets like these to keep track of one APT's different codenames, what are its affiliations, and what are the different malware strains the group has used in the past.

Also: US government releases post-mortem report on Equifax hack

Through his Cyber Deterrence and Response Act, Rep. Yoho hopes to have the White House select a common name that will be used in unison by the public and private sector to refer to the same group.

The purpose is to optimize research carried out in identifying and in tracking a group's movements across the US critical and non-critical infrastructure, and hence, obtaining better intelligence about attacks, targeting patterns, and motivations.

Furthermore, the bill also wants the White House to name and shame individuals conducting hacking operations against the US on behalf of foreign APTs.

"It is vital that when these attacks happen, they are exposed, pulled out of the shadows, and punished accordingly," Rep. Yoho said back in June when he proposed the bill.

The idea is that once the names of individuals become public, other state agencies can intervene, such as how the US Department of the Treasury imposed sanctions on a North Korean man and the company he worked for after the Department of Justice named him yesterday as one of the members of a North Korean APT.

"The Cyber Deterrence and Response Act will bring these aggressors out of the shadows and create a framework that deters and provides the proper response for their actions," Rep. Yoho said on Wednesday after the bill passed through the House. "It is vital that when these attacks happen, they are exposed and punished quickly and accordingly."

Also: Alex Stamos: Pretty clear GRU's goal was to weaken a future Clinton presidency

On August 23, Sen. Cory Gardner (R, Colorado) introduced a companion bill (S.3378) in the US Senate.

Once/if the Senate bill passes as well, the Cyber Deterrence and Response Act will be sent to the president to sign into law.

Once the president starts naming and shaming APTs and their members, these names will be published in the Federal Register, creating an official record of APT nomenclature.

Editorial standards