Threats from ransomware attacks conducted by criminal organizations within Russia and China, as well as via cyber attacks against critical infrastructure from rogue states continue to present a challenge for U.S. law enforcement.
To help mitigate those threats, the United States Department of Justice (DOJ) announced this week that it had created a new National Security Cyber Section – known as NatSec Cyber – within its National Security Division. The newly established litigating section has already secured congressional approval, and was created in response to the core findings in Deputy Attorney General Lisa O. Monaco’s Comprehensive Cyber Review in July of last year.
“NatSec Cyber will give us the horsepower and organizational structure we need to carry out key roles of the Department in this arena,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security.”
NatSEC will further increase the DOJ’s capacity to disrupt and respond to malicious cyber activity, while promoting department-wide and intragovernmental partnerships in tackling increasingly sophisticated and aggressive cyber threats by hostile nation-state adversaries, the agency noted. The newly created section could also bolster collaboration between key partners, including the Criminal Division’s Computer Crimes and Intellectual Property Section (CCIPS) as well as the FBI’s Cyber Division.
The DOJ said that NatSec would serve as a valuable resource for prosecutors in the 94 U.S. Attorneys’ Offices and 56 FBI Field Offices across the country.
“Responding to highly technical cyber threats often requires significant time and resources,” added Assistant Attorney General Olsen. “NatSec Cyber will serve as an incubator, able to invest in the time-intensive and complex investigative work for early-stage cases.”
Has This Been Overdue?
It was just last week that several U.S. federal government agencies were hit in a global cyberattack conducted by Russian cybercriminals. It exploited a vulnerability in a widely used software. It was also just the recent such high-profile attack and comes just two years after a ransomware attack shut down the Colonial Pipeline, disrupting the supply of fuel in the Southeastern United States.
The involvement of the top law enforcement agency in the United States has been welcome news for those in the cybersecurity industry.
“We applaud this decision by the DOJ in launching a cyber unit with a national security focus and consider this move long overdue,” said Ted Miracco, CEO of cybersecurity provider Approov. “While the Department of Defense (DoD) and intelligence services have traditionally focused on national security, it is increasingly important for the DOJ to get involved in criminally prosecuting entities that are a threat to commercial companies involved in national security.”
Miracco expects this to be different from other cybersecurity efforts conducted by U.S. agencies and departments.
“This new effort by DOJ to bridge the gap between traditional DoD efforts at national security and the activities that are left to U.S.-based firms operating in the private sector,” Miracco told ClearanceJobs. “Today, the big tech firms may have the resources to deal with cyberattacks from foreign governments, but small and mid-sized companies can become the victim of cyber attacks and theft of intellectual property that may be critical to national security, and yet lack the resources that the DOJ can bring to leveling the playing field in foreign and domestic courts.”
Federal Law Enforcement Needs to be Involved
To date, U.S. companies have lost billions of dollars in stolen IP and data breaches perpetrated by Russian and Chinese government entities, and Miracco added that it is beneficial for the DOJ to participate in prosecuting the perpetrators and protecting U.S. interests, especially in critical industries such as semiconductors.
The question is still how all of the different cybersecurity units in the government might communicate with one another. It was more than two decades ago that the intelligence community’s (IC’s) failure to share their respective findings that contributed to the 9/11 attacks.
The government would want to avoid similar competition, or mistrust when it comes to cyber.
“We may have reached a point where we need an agency like the Department of Homeland Security (DHS) to act as a central information gathering authority to coordinate the rapid dissemination and response to incoming threat intelligence information,” added Miracco. “This approach worked in counteracting terrorism and the threats from cyber attacks have reached a tipping point where all the resources of the government will need to be focused on preventing further attacks on U.S. interests. This will involve all aspects of government, from the Judicial Department to the Defense Department, and including all of the relevant intelligence services.”
Of course, actually getting the different departments to work together will not be easy. However, there is a precedent for success in the DHS example.
“Let’s just hope it doesn’t require a national tragedy in the form of a cyberattack, to bring the various departments together,” Miracco continued. “With the rapid adoption of artificial intelligence (AI) based cyberthreats, there has never been a better time for the DOJ to get involved in protecting U.S. interests. I am fully supportive of the effort and hope to see immediate action on the multitude of attacks that are taking place every day.”
