Nation-state actors are becoming increasingly aggressive in their cyberattacks on the critical national infrastructure. These malicious cybercriminals are perpetrating espionage, theft of intellectual property, operational disruptions, credential theft, and more on facilities, networks, systems, and processes that U.S. citizens depend on for day-to-day life. As of June 2022, attacks on the critical national infrastructure made up 40% of all nation-state attacks, according to Microsoft Digital Defense Report 2022. That’s double the percentage of attacks reported the prior year. Nation-state actors from China, Russia, Iran, and North Korea are the main players.

The National Security Division of the Department of Justice (DOJ) has been protecting the United States against foreign cyber threats with a relatively small number of dedicated prosecutors and cyber experts. Nevertheless, in recent years, the DOJ agencies have successfully taken down Hive ransomware, dismantled Snake malware, and disabled control of the Cyclops Blink botnet. But as threats increase in number and sophistication level, the DOJ requires additional manpower to combat the threats. After all, human attackers — nation-state actors or otherwise — must be confronted by human defenders. 

As a solution, the DOJ announced in June the establishment of the National Security Cyber Section (NatSec Cyber), a new cyber-focused unit within the National Security Division that will help disrupt cyber activity and prosecute nation-state cybercrime.

What will NatSec Cyber do?

Nation-state actors are constantly strategizing and executing tactics against their targets, particularly the healthcare, critical manufacturing, and government facilities industries. The FBI’s Internet Crime Complaint Center, the unit that collects reports of internet crime and assists victims in freezing money involved in cybercrime, received 870 complaints of ransomware attacks and 21,832 business email compromise complaints in 2022. These are significant numbers of reports to investigate, and the numbers only represent 20% to 25% of the total number of victims of cyber threats, according to the FBI Cyber Division.

Now, with the addition of NatSec Cyber, the DOJ will have a greater ability to combat the multitude of cyberattacks. The new unit will position prosecutors in the 56 FBI field offices and 94 U.S. attorneys general offices nationwide to add depth to the government’s capacity to act on cyber threats. The new prosecutors will bring expertise, effectiveness, and an improved understanding of the technology that threat actors use. Once the FBI or Intelligence Community identifies a threat, the prosecutors will act to quickly disrupt malicious campaigns and start legal actions as soon as possible.

Why are Humans Needed?

Human attackers are directing the cyberattacks on the critical national infrastructure, and they are relentless in their pursuits. These nation-state actors constantly invent ways to infiltrate the networks of U.S. companies and governments. When human attackers are in pursuit, they must be confronted by human defenders. Technology alone is not enough to defend against today’s sophisticated attacks from nation-state actors.

Often, nation-state actors use tactics, such as ransomware, that have repeatedly worked to achieve their goals. Other times, they use a novel means of attack for a zero-day exploit. Zero-day exploit is a tactic used to penetrate a vulnerability and attack before the technology vendor knows there is a vulnerability. These attacks are highly effective for initial exploitation, and the vulnerability can be quickly copied by other nation-state actors and distributed widely before potential victims have an opportunity to perform patches. When a nation-state actor infiltrates such a vulnerability, human defenders are needed to stop the attack and protect against further harm.

In addition, the Cybersecurity and Infrastructure Security Agency (CISA) is now warning Americans about the possibility of a major Chinese cyberattack. Researchers discovered that a Chinese hacking group has been spying on critical national infrastructure networks, in particular U.S. military and government targets, and CISA suggests that the group has the capacity to launch an espionage campaign. Such an evolving threat will require additional cyber experts, and NatSec Cyber prosecutors will play a valuable role.


Nation-state actors are indeed becoming increasingly aggressive in their attacks on the critical national infrastructure. Through NatSec Cyber, the DOJ is adding manpower to combat these threats. Your organization may benefit from the addition of human defenders as well. Learn more about why human attackers must be confronted by human defenders.