We've seen a growing number of foreign actors using U.S. commercial network infrastructure to launch cyber-attacks and a new report from the National Security Telecommunications Advisory Committee (NSTAC) details findings and recommendations to deal with the abuse of domestic infrastructure (ADI).

In December 2022, the executive Office of the President commissioned the NSTAC with a new study on “Addressing the Abuse of Domestic Infrastructure by Foreign Malicious Actors” and the report has 10 key findings and six recommendations. One of the findings and recommendations calls for the government to create an overall, centralized strategy to combat ADI. “A multi-faceted strategy is required to combat ADI,” the report states. “No singular action or approach will fully address the challenge on its own. Rather, a layered approach is needed to combat ADI, requiring effective strategic direction within the U.S. government, and employing multiple lines of effort and alignment across government agencies, industry, and civil society.”

An additional finding of interest is that ADI should not focus on just foreign abuse but overall abuse no matter where the threat actor is located. “There is no technical or other consistent method that can be employed to distinguish ADI between foreign actors and domestic actors with speed and accuracy at the macro level, especially for routine online business transactions,” the report states. “Often, malicious foreign activity is already disguised by threat actors to look like domestic activity. Efforts to impose additional requirements targeting foreign rather than domestic actors will provide even greater incentives for malicious foreign actors to use tactics that make them appear to be domestic actors.”

Other findings focus on combating attacks from adversaries, understanding the true scope of ADI, elevating existing measures to combat fraud and abuse, and a focus on information sharing.

Other recommendations include:

• Working with the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative and the National Security Agency’s (NSA) Collaboration Center to create an operational working group that includes relevant private sector providers and key government representatives to focus on enhancing tactical collaboration.
• Through the National Institute of Standards and Technology and other, pilot a program to evaluate the practical application of privacy enhancing technologies that accelerate development of data sharing and treat analysis to domestic infrastructure.
• Create a public-private task force that develops a framework to outlines best practices to mitigate ADI, including for managing reseller relationships. This framework can serve to improve security practices of technology providers and serve as the basis for the Commerce Department’s potential implementation of identity verification from Executive Order 13984 that enables the Commerce Department to exempt an IaaS provider from identity verification requirements.
• Develop a strategy to share intelligence with international partners regarding ADI, and encourage joint operation, provide feedback to infrastructure providers, and facilitate collective defense through CISA, the NSA, the FBI, and the State Department.
• Coordinate the development of a set of recommendations with the private sector to update and enhance the Cybersecurity Information Sharing Act of 2015 with CISA and the Department of Justice.

The NSTAC report lays out good initial findings and recommendations on combating ADI and we look forward to working with the agencies on implementation. 

‍