“The foreign hackers behind the massive cybersecurity failures dominating recent headlines had one critical strategy in common — they leased computers in the United States to burrow into their victim’s networks. Because U.S. cybersecurity systems don’t regard domestic connections as inherently suspect, the attackers were able to hide in plain sight. Like secretive investors deploying a series of shell companies and trusts to mask true ownership, Russia, China and other sophisticated nations effect cyber-maliciousness through a series of intermediary, innocuous-looking internet servers.”
…
“No government agency — even our powerful spy agencies — currently has a sufficiently agile legal authority to catch foreign cyber malefactors in the act of co-opting U.S. computer networks. The National Security Agency is allowed to surveil only foreign actors; pursuing them on the home front is the job of the FBI. But by the time the NSA notices suspicious foreign activity and hands the case off to the FBI, it’s often too late. The foreign malware might well have been injected into American networks, and the FBI investigation simply confirms that now-dormant internet servers in the U.S. were used by foreigners to stage their attacks.”
…
“The difficulty lies in resolving deeply felt concerns over any increase in government surveillance authority, no matter how important the purpose. We are also paralyzed by a sense of fatalism that cyber vulnerabilities are simply the price we pay for being online, and an erroneous belief that the Constitution stands in the way of any solution.
Most cybersecurity experts agree an effective public-private cyber information-sharing system is essential in stopping foreign cyber maliciousness before it causes too much damage. But information sharing isn’t enough; it would be hamstrung from the start if the government cannot seamlessly and quickly track malicious cyber activity from its foreign source to its intended domestic victims. If some government agency had that legal power, then it could, for example, quickly check out a domestic IP address after an alert from the NSA that the address was communicating with a suspicious overseas server. If that IP address showed questionable activity, the government and the private sector jointly could take steps to reconfigure firewalls or otherwise curtail the hack. Admittedly, this wouldn’t prevent hacks and attacks that were based on previously unknown software bugs (so called zero-day exploits). But the reality is that most large-scale hacks by foreign countries rely on already known software imperfections and hardware deficiencies.”