Objective 2.4: Enhance Cybersecurity and Fight Cybercrime
Protecting our national security also requires countering cyber threats from foreign and domestic actors – whether nation states, terrorists, or criminals – who seek to conduct espionage, invade our privacy, attack our elections, steal our intellectual property, damage our financial and physical infrastructure, or extort ransom payments. In 2021, cyberattacks caused significant financial damage and extensive harm to governments, critical infrastructure, and industries worldwide. The effects of cyberattacks are also felt by individuals, in the form of identity theft, account hacking, email compromise schemes, and cyberstalking. The rise of cryptocurrencies also enables cybercriminals, terrorists, and nation states to acquire tools and collaborate and launder their criminal proceeds in new and challenging ways. Cybersecurity is a shared responsibility among those who use our digital infrastructure, those who build it, and those who are entrusted with governing it.
The Department serves as the lead federal agency for cyber threat response and maintains primary domestic responsibility for identifying, disrupting, prosecuting, and otherwise deterring malicious cyber actors. The Department works with our partners here and abroad to defend networks, attribute malicious activity, sanction bad behavior, and take the fight to adversaries overseas. The Department relies in part upon private sector reports to help detect and understand ongoing activities by adversaries, and shares knowledge gained from investigations with the private sector to help defend their networks and customers. In doing this work, the Department maintains the public’s trust by ensuring compliance with all privacy and security requirements.
Strategy 1: Deter, Disrupt, and Prosecute Cyber Threats
The Department will bring to justice those who commit cyberattacks, whether they are lone actors, elements of transnational organized crime groups, or acting on behalf of nation states or terrorist groups. In parallel, the Department will work to disrupt and dismantle the online infrastructure that facilitates cyberattacks and to seize the criminal proceeds of such crimes. We will develop investigations, prosecutions, and policy that complement and strengthen these disruption efforts and the disruption efforts of the Department’s domestic and international partners.
To accomplish these goals, the Department will enhance its own technological and investigative capabilities. The Department will address supply chain vulnerabilities, support other government agencies and the private sector, and identify new sources of evidence and intelligence. In addition, the Department will continue to develop ways to attribute cyberattacks, to respond to and engage victims and targeted entities, and to provide intelligence to help victims recover and strengthen their defenses. Finally, we will continue to develop our own cyber expertise by investing in recruitment, training, and capacity building.
Strategy 2: Strengthen Interagency, Intergovernmental, International, and Private-Sector Partnerships to Fight Cybercrime
Cybersecurity requires cooperation and coordination across many public, private, and international stakeholders. The Department will bolster its interagency and international collaborations to aid attribution, defend networks, sanction bad behavior, and otherwise deter or disrupt cyber adversaries overseas. The Department will continue to strengthen relationships with, and build coalitions of, like-minded countries to work with the United States in combating cybercrime. The Department will also leverage the National Cyber Investigative Joint Task Force (NCIJTF) for joint and sequenced operational planning. In addition, because the private sector and academia manage the overwhelming majority of the nation’s critical infrastructure, research, and innovation, the Department will work with these entities to improve information sharing and to encourage the reporting of suspected criminal and other hostile cyber activity.
Strategy 3: Safeguard Justice Department Systems
The Department, like all components of the U.S. Government, must protect its information. The Department will protect its information from internal and external threats, whether malicious or unwitting, through training, personnel security measures to deter and prevent insider threats, and robust information system security and physical security. The Department will improve its use of multifactor authentication, encryption, and other security measures, both when communicating internally and when communicating with partners inside and outside the federal government.
Strategy 4: Enhance Cyber Resilience Outside the Department
The Department will work with the private sector and other government agencies to share vital information they can use to strengthen their cyber defenses and resilience. The Department will help the private sector identify and address their vulnerabilities through threat intelligence sharing and targeted outreach. We will also continue to support policy efforts to protect the digital supply chain, federal information systems, and critical infrastructure against vulnerabilities. And we will ensure that the tools used to protect our networks are deployed consistent with federal law and the Constitution. The Department will also use available authorities, including the False Claims Act, to hold accountable anyone who puts U.S. government information or assets at risk by knowingly providing deficient cybersecurity products or services, misrepresenting their cybersecurity practices or protocols, or violating obligations to monitor and report cybersecurity incidents and breaches.
Key Performance Indicators:
- Percent increase in disruptions of malicious cyber actors’ use of online infrastructure through proactive operations and judicial means
- Percent of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours
- Percent increase in operations conducted jointly with strategic partners
- Percent of confirmed cyber incidents to Department systems
- Number of threat advisories disseminated to the private sector
Contributing DOJ Components: CIV, CRM, NSD, USAO, FBI, COPS, JMD, OPCL