Readout of Assistant Attorney General for National Security John P. Carlin’s Address at Vanity Fair’s 2015 New Establishment Summit
Today at Vanity Fair’s 2015 New Establishment Summit, Assistant Attorney General for National Security John P. Carlin and CEO of Sony Entertainment Michael Lynton had a moderated conversation with the President and CEO of the Aspen Institute, Walter Isaacson. They highlighted the growing threat posed by sophisticated computer intrusions to the entertainment industry and the economy at large, discussed the role the federal government can play in protecting companies before, during and after a serious hack and emphasized the importance of public-private partnerships to cybersecurity.
This was the first time that Carlin and Lynton were together on stage to discuss the unprecedented, state-sponsored network intrusion of Sony Pictures Entertainment in November 2014. Carlin and Lynton recounted the story of the hack and highlighted Sony’s valuable cooperation with law enforcement. They emphasized the role that public-private partnerships play in averting cyber hacks and mitigating their damage. Carlin said that Sony’s willingness to involve law enforcement immediately was “an important lesson that Sony did right.” “Literally within hours of the original breach – within the first 24 hours – Sony reached out and the FBI had a team go to Sony to assist,” Carlin added.
Carlin took this opportunity to stress the value of reaching out to law enforcement and making a connection early, before an intrusion takes place. “The reason [Sony] knew who to call is that they had a relationship where a high-level executive knew by name and by a face” their law enforcement contact.
To this end, Carlin announced an NSD outreach initiative to promote information sharing and resilience, as well as to help private companies protect themselves and respond to cyber intrusions. “In large part because of incidents like Sony, we’ve started a new outreach program,” Carlin said, “so that we are reaching out, preventively, to talk to people about best practices and what to think about before the attack happens.” Carlin highlighted that NSD recently named the first Director of the Outreach Program for the Protection of National Assets, Christine Kringer. This new position is the latest in a series of structural changes at NSD designed to reflect the division’s prioritization of combating cyber threats to the national security, as well as its counterintelligence and counterproliferation efforts. Last year, NSD charged a new Deputy Assistant Attorney General with oversight and coordination of the division’s protection of national assets program.
This focus on outreach complements the Justice Department’s national network of specially-trained National Security Cyber Specialists, and Computer Hacking and Intellectual Property coordinators who are available 24/7 to support companies as they face intrusions and online threats from a variety of sources in real-time.
Over the past 18 months, the Department of Justice has prioritized outreach efforts on cyber threats and cybersecurity, hosting discussions with the financial services sector in New York, addressing the Gaming Association in Las Vegas and conducting outreach to insurance companies, national labs, universities and the energy and transportation sectors. Through these efforts, Carlin and other senior Department of Justice officials have met with hundreds of c-suite executives, CIOs and CISOs, general counsels, outside lawyers and other corporate representatives to discuss the unique challenges companies face in today’s elevated threat environment.
Furthermore, the National Security Division continues to partner with the Criminal Division, the FBI and U.S. Attorney’s Offices to make joint visits and to participate in roundtables with companies to answer questions from both corporate security teams and in-house legal counsel. Carlin noted that the department is working to dispel the perception that law enforcement “comes in and seizes your servers,” and to show instead that they are “there to help and they very much respect the need of the business to get back to doing what it does.”
He closed his remarks by underscoring the Department of Justice’s commitment to overcoming perceived hurdles to cooperation and his own pledge to be responsive to the needs of private sector partners, whether they simply want to establish early lines of communication or call while under the strain of a continuing network breach.