U.S. Deputy Attorney General Lisa Monaco announced yesterday the creation of the Disruptive Technologies Task Force, which is charged with keeping advanced technology developed by U.S. companies out of the hands of foreign governments. — U.S. Deputy Attorney General Lisa Monaco, seen in this photo from January, announced yesterday the creation of the Disruptive Technologies Task Force.(Photo by Anna Moneymaker/Getty Images)

U.S. Department of Justice Forms Disruptive Technology Strike Force

By Scott Briscoe

17 February 2023

U.S. Deputy Attorney General Lisa Monaco announced Thursday the creation of the Disruptive Technologies Task Force, which is charged with keeping advanced technology developed by U.S. companies out of the hands of foreign governments.

“We will use intelligence and data analytics to target illicit actors, enhance public-private partnerships to harden supply chains, and identify early warning of threats to our critical assets, like semiconductors,” Monaco said. “Our goal is simple but essential—to strike back against adversaries trying to siphon our best technology.”

The task force modernizes the approach the United States takes to protect sensitive, advanced technology. Originally, efforts to combat nation-state-sponsored corporate espionage focused on tangible assets. The most important assets, and the most prominent attack vectors, are now information based. The Committee on Foreign Investment in the United States (CFIUS) adjusted its focus and mission during the past decade, but the new task force formalizes the approach for the new threat landscape.

“The strike force’s work will focus on investigating and prosecuting criminal violations of export laws; enhancing administrative enforcement of U.S. export controls; fostering partnerships with the private sector; leveraging international partnerships to coordinate law enforcement actions and disruption strategies; utilizing advanced data analytics and all-source intelligence to develop and build investigations; conducting regular trainings for field offices; and strengthening connectivity between the strike force and the Intelligence Community,” the DOJ said in a press release.

The release identified China, Iran, North Korea, and Russia as nation-states who have engaged in novel schemes to attack and steal advanced technology from U.S. companies.

“When it comes to cyberspace, we see nation-states—often acting in concert with criminal groups in a new, blended, double threat–engaging in more sophisticated, brazen, and dangerous attacks,” Monaco said. “They use cyber armies and proxies—hackers for hire and organized criminal networks—in ways that flout international norms and risk our collective security.”

She also gave a particularly stern assessments of China.

“The Chinese government is not just hacking to gather our data,” she said. “China’s doctrine of ‘civil-military fusion’ means that any advance by a Chinese company with military application must be shared with the state. And its national security law requires any company doing business in China to make its data accessible to the government. So if a company operating in China collects your data, it is a good bet that the Chinese government is accessing it.”

An ASIS webinar (free to ASIS members) last week, “State-Sponsored Cyber-Espionage Attacks,” led by Jim Hannigan with Securitas Security Services and a member of the IT Security Community Steering Community, addressed the topic.

He said nation-states have a variety of motivations for attacking companies, including gaining control over or being able to debilitate critical infrastructure and other vital systems, spreading disinformation to create confusion and affect elections, testing capabilities and readiness of civilian and military assets, and exploiting systems and people for financial gain.

“State-sponsored threat actors may be politically motivated, in which case you’re not always exactly clear what the goals and objectives are and why they are taking a particular action,” Hannigan said. “There is wide range of threat actors involved. The activities can be coming from multiple directions, multiple locations at one time, which lends to the complexity of dealing with what’s going on.”

A signature of state-sponsored attacks, he said, is that they can be described as advanced, persistent threats. They involve multiple techniques, from malware and phishing to cross-site scripting (inserting malicious code into legitimate websites) and SQL injections (which enables theft of databases), that are run in parallel or tandem, and they run them over a period of time.

“A nation-state threat isn’t simply a hack,” he said. “It’s a long-term, multiple direction…attack against a resource.”

One of the highly visible areas of concern has been the United States’ attempt at keeping China from obtaining the capability to produce highly sophisticated semiconductor chips.

In the February edition of Security Technology, James Lewis, senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies, wrote about the new restrictions.

“The new American restrictions impose export controls to block China’s ability to purchase and manufacture high-end chips, limiting the country’s ability to obtain advanced computing chips, develop and maintain supercomputers, and manufacture advanced supercomputers,” Lewis explained. “The restrictions will significantly slow China’s chip efforts and will hold back Chinese semiconductor capabilities for years, but these effects will not be immediate, comprehensive, or ultimately permanent.”

He noted the actions have been disruptive to electronics and advanced technology supply chains. Also, “to be effective, any new arrangement to restrict access to semiconductor technology needs the participation of Japan, Korea, Taiwan, the Netherlands, and Germany (or the European Union), and perhaps Singapore, as well as the United States. Cooperation is not assured.”