If a business, for example a Wall Street financial firm, is the victim of a cyber attack from a foreign state actor that steals and reveals client data, who should respond – the firm? The police? The military? The federal government? How about if the threat actor is a non-state actor?
I believe that in the instance of a cyber attack, from a foreign state actor, or a non-state actor, the response should be the same. Namely, because many “non-state actors” are paid by the state to harry other nations, and although there aren’t clear ties to national organizations, the “non-state actor” is still operating in the interest of a foreign state -actor. As every attack should be considered a potential affront from a foreign state actor, I believe a response from the highest responsible party should be submitted.
Fortunately, given the nature of most cyber resources, any evidence should be considered duplicate. Given the unfathomably broad surface area, in consideration to jurisdiction, and the near infinite availability of the collected evidence I believe it is possible that all invested parties, the firm, the local police, the state police, the federal executive branch, and the military should be involved, and be permitted to exercise their purveyance at their discretion.
This approach serves two purposes, redundant jurisdictions permit redundant investigations. That way if one department’s hands are tied due to a conflicting investigation, Justice is still given other opportunities to prevail. While this may make for a convoluted investigative process, the accrued experience would be invaluable. By permitting State and County level international cyber investigations, you cultivate Cyber Defense Talent at a grass roots level, which affords greater protection to common citizens, and takes the burden of responsibility from the fine Federal Agents that currently carry the caseload.