Justice Department’s Role in Cyber Incident Response (CRS Insight): in this article, Kristin Finklea discusses the role of the justice department in the context of cyber incident response. The article indicates that criminals and malefeasors are continuing to turn to and leverage the internet in the context of criminal activities. This raises a number of issues given their ability to conceal their identities and obfuscate their locations, according to the article. The article goes on to state that the Presidential Policy Directive (PPD) on U.S. Cyber Incident Coordination (PPD 41) outlines the government’s response to significant cyber incidents. According to the article, PPD-41 includes the following criteria to be used to determine whether an incident is significant or not:
- likely to cause demonstrable harm to:
- national security interests,
- foreign relations,
- economy of the US,
- public confidence in the US,
- civil liberties,
- public health,
- safety of the American people
The article also states that PPD-41 directs the Department of Justice to perform the role of the lead agency directing the threat response by acting through the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force (NCIJTF). According to the article, PPD-41 also describes threat response as being comprised of:
- appropriate law enforcement and national security investigative activity at an affected entity’s site to include:
- collecting evidence,
- gathering intelligence,
- providing attribution,
- linking related incidents,
- identitfying additional affected entities,
- identifying threat pursuit,
- disruption opportunities,
- developing and executing courses of action for mitigation of immediate threats,
- facilitating information sharing and operational coordination with asset response
One key challenge facing the FBI Cyber Investigations is in moving from a reactionary position to a more proactive role aimed at prevention cyber events, according to the article. The article indicates that the FBI has established an initiative identified as the Next Generation Cyber (NGC) cyber initiative. The primary focus areas for the NGC are:
- strengthening the NCIJTF,
- building the FBI’s cyber workforce,
- developing cyber task forces (CTFs) throughout the FBI’s 56 field offices and adding expertise in computer/network intrusion investigations,
- increasing information sharing and enhanced coordination with private sector entities.
The complete article can be found here.
Leave a Reply