Federal law enforcement’s new approach to countering ransomware and other attacks in cyberspace leans heavily on preventative measures and partnerships with the private sector as recent cyber attacks have evolved into national security threats.
Speaking during the RSA Conference in San Francisco, U.S. Deputy Attorney General Lisa Monaco discussed the Department of Justice’s new stance surrounding cybercrime.
“We [federal law enforcement] did take a very intentional approach to shift our orientation,” Monaco told former Cybersecurity and Infrastructure Security Agency Director Chris Krebs. She specified that prioritizing the disruption and prevention of cybercrime was a new perspective married to traditional law enforcement tools to pursue bad actors.
“The direction we’ve given to our prosecutors and investigators is: you got to have a bias towards action, to disrupt and prevent, to minimize that harm if it’s ongoing, to disrupt it and take that action to prevent the next victim,” she said.
Despite the legal pathways available to enforce this posture, Monaco said that federal prosecutors have had to shift away from the mentality that every investigation will lead to prosecution. Preventing future attacks and responding to victims’ reports shapes Justice’s updated approach on safeguarding the U.S.’s digital networks.
“We’re not measuring our success only with courtroom action or courtroom victories,” she said. “This is about preventing and disrupting, and putting the victims at the center.”
As with most federal agencies under the Biden administration, enhanced public and private sector partnerships are also critical to Justice’s enforcement efforts.
“We want to work hand in glove with the private sector to give as much information as we can about what we’re seeing to alert folks,” Monaco said. She also added that these partnerships will extend to evaluating how organizations take steps to mitigate cyber attacks.
“When entities don’t take as much…self remedial action as maybe we would like them to or maybe they should, we are going to take action,” she said. “We’re going to do so in a surgical and safe way, and we’re going to do so in consultation with the private sector…pursuant to court process.”
Monaco specifically cited the 2021 cyberattack on Microsoft Exchange software—largely attributed to the Hafnium hacking group—as an example of the federal government helping entities recover from a security breach or zero day event.
Leadership from other agencies within Justice echoed Monaco’s stance. Cynthia Kaiser, the deputy assistant director of the Federal Bureau of Investigation’s Cyber Division, told Nextgov that, pursuant to the recently-released National Cyber Strategy, federal law enforcement is focusing on disruption of cyber events.
“The recent release of the National Cybersecurity Strategy amplifies the FBI’s cyber mission and goals, and points to a lot of the work our people are already doing in this space to act on cyber threat information to provide critical services to victims and impose risk and consequence on our adversaries,” Kaiser said.
Kaiser further added that partnerships expand past the private sector and into local and state governments, as well as internationally.
“We want to do everything we can to help our partners—public and private—do what they need to do,” she said. “That means using our role as the lead federal agency with law enforcement and intelligence responsibilities to not only pursue our own actions, but also to enable our partners to defend networks, attribute malicious activity, sanction bad behavior and take the fight to our adversaries overseas.”
Both Kaiser and Monaco also said that law enforcement is monitoring the adoption of emerging, and potentially disruptive, technologies in a geopolitical context. Monaco highlighted adversarial nations using technologies like artificial intelligence to suppress or intimidate civilians, as well as leverage it in military operations.
“We are very, very focused on what the adversary with nation states are doing to acquire, to use and abuse, what we are calling disruptive technologies,” Monaco said. This threat extends to attacking digital assets and evading sanctions.
“While these technologies present opportunities for positive use, they could also be used by cyber actors for malicious intent, potentially giving them the ability to develop more sophisticated cyber capabilities in a shorter timeframe,” Kaiser said. “However, regardless of who the attackers are, or what their target is, they will most likely continue to target networks and systems in the same ways they have historically: through exploiting unpatched vulnerabilities, guessing simple passwords and spearfishing.”
Kaiser advocated basic cyber hygiene as still one of the best defenses entities can have. Monaco further clarified that Justice is working in tandem with the Departments of Commerce and Homeland Security to form the Disruptive Technology Strikeforce. Consisting of 14 groups total, Strikeforce’s mission looks to use data analytics, regulations and enforcement to examine emerging technology acquisition among adversaries.
“We cannot get after this threat if we are not working together,” Monaco said.