CYBER SECURITY LAW AND POLICY

Crossroads Blog | Institute National Security and Counterterrorism

Current Affairs, Cyber, DOJ

CRS Insight Justice Department’s Role in Cyber Incident Response

Posted by Christopher Folk on November 18, 2016 0 Comments

Read Next →

Actual Indictment

Cyber Espionage

U.S. Charges Chinese Man With Economic Espionage For Stealing Source Code With Intent To Benefit The Chinese Government

Cybercrime

FBI unable to hire number of computer scientists authorized, according to Inspector General program audit

AppleVsFBI

FBI Director’s Speech at the Symantec Government Symposium 8/30/2016 full text and audio

Justice Department’s Role in Cyber Incident Response (CRS Insight): in this article, Kristin Finklea discusses the role of the justice department in the context of cyber incident response.  The article indicates that criminals and malefeasors are continuing to turn to and leverage the internet in the context of criminal activities.  This raises a number of issues given their ability toin10609 conceal their identities and obfuscate their locations, according to the article.   The article goes on to state that the Presidential Policy Directive (PPD) on U.S. Cyber Incident Coordination (PPD 41) outlines the government’s response to significant cyber incidents.  According to the article, PPD-41 includes the following criteria to be used to determine whether an incident is significant or not:

  • likely to cause demonstrable harm to:
    • national security interests,
    • foreign relations,
    • economy of the US,
    • public confidence in the US,
    • civil liberties,
    • public health,
    • safety of the American people

The article also states that PPD-41 directs the Department of Justice to perform the role of the lead agency directing the threat response by acting through the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force (NCIJTF). According to the article, PPD-41 also describes threat response as being comprised of:

  • appropriate law enforcement and national security investigative activity at an affected entity’s site to include:
    • collecting evidence,
    • gathering intelligence,
    • providing attribution,
    • linking related incidents,
    • identitfying additional affected entities,
    • identifying threat pursuit,
    • disruption opportunities,
    • developing and executing courses of action for mitigation of immediate threats,
    • facilitating information sharing and operational coordination with asset response

One key challenge facing the FBI Cyber Investigations is in moving from a reactionary position to a more proactive role aimed at prevention cyber events, according to the article.  The article indicates that the FBI has established an initiative identified as the Next Generation Cyber (NGC) cyber initiative.  The primary focus areas for the NGC are:

  1. strengthening the NCIJTF,
  2. building the FBI’s cyber workforce,
  3. developing cyber task forces (CTFs) throughout the FBI’s 56 field offices and adding expertise in computer/network intrusion investigations,
  4. increasing information sharing and enhanced coordination with private sector entities.

The complete article can be found here.

Christopher Folk

Read Next →

AppleVsFBI

FBI Director’s Speech at the Symantec Government Symposium 8/30/2016 full text and audio

AppleVsFBI

FBI Director’s Speech at the Symantec Government Symposium 8/30/2016 full text and audio

CCDCOE

NATO Conference on Cyber Conflict materials now available.

Leave a Reply

Categories

Archives

Bitnami