DoJ Creating Cybercrime TeamCybersecurity Unit to Engage the Private Sector
At a time of growing anxiety over cybercrime, especially among businesses victimized by cyber-attacks, the U.S. Justice Department is creating a cybersecurity unit within its Computer Crime and Intellectual Property Section aimed, in part, to better engage the private sector in battling online crime.
The creation of the cybersecurity unit was revealed in a Dec. 4 speech delivered by Assistant Attorney General Leslie Caldwell at the Georgetown Law Center.
"The private sector has proved to be an increasingly important partner in our fight against all types of online crime, but particularly cybersecurity-related matters," said Caldwell, who heads DoJ's criminal division. "Prosecutors from the cybersecurity unit will be engaging in extensive outreach to facilitate cooperative relationships with our private-sector partners. This is a fight that the government cannot and will not wage alone."
Caldwell said the unit's prosecutors would work with the private sector to expedite cooperation to battle cybercrime. Citing the type of outreach the cybersecurity unit would conduct, she referenced a DoJ white paper published in May that addressed concerns by communications service providers about the uncertainty over whether the Electronic Communications Privacy Act prohibits sharing specific types of cyberthreat information.
Peter Swire, a Georgia Tech professor of law and ethics who tracks government IT security and privacy, says the environment is right to create such an organization within Justice's Computer Crime and Intellectual Property Section. "CCIPS was formed in the 1990s, when the area of computer crime was new and the Justice Department needed a group of lawyers to address the new problem," he says. "Today, with the Internet central to so much of human behavior, computer crime is a very broad subject. Now it makes sense to specialize more. Cybersecurity-related crimes are extremely important in their own right; it makes sense to create a unit dedicated to cybersecurity issues."
Zal Azmi, former CIO at the FBI and Executive Office for the U.S. Attorneys, both DoJ units, sees the creation of the cybersecurity unit as a fitting tactic to respond to growing cybercrimes. "We have been talking about cybercrime for a very long time, and this move ... shows DOJ's commitment to investigating and prosecuting cybercriminals," says Azmi, CEO of IT services provider Nexus Solutions.
Neither Caldwell nor DoJ provided details about the cybersecurity unit, such as how many lawyers and other staffers would be assigned to it or who would head the new organization. It was unclear in Caldwell's remarks how the new unit would have an impact on DoJ's cybercrime prosecutions. Her comments suggest the new unit would serve as a resource center for law enforcement agencies and businesses as well as a public relations organization to promote a positive image of DoJ's cybercrime initiatives.
Caldwell said she's aware of mounting public suspicion of law enforcement's use of electronic surveillance and high-tech investigative techniques, noting that DoJ would employ the cybersecurity unit to help dispel those misgivings.
"This kind of mistrust can hamper investigations and cybersecurity efforts," she said. "Most of this mistrust, however, comes from misconceptions about the technical abilities of the law enforcement tools and the manners in which they are used. I hope to engage the public directly on these issues and to allay concerns."
Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs, research arm of the anti-malware company, says the DoJ is stepping in the right direction to get itself back in the good graces of public opinion by creating a dedicated cybersecurity unit and centralizing all requests and operations for cyber-operations.
"This will allow for privacy concerns to be addressed by a single authority rather than having to contact local departments for answers or inquiries," Kujawa says. "At the same time, this central authority can dictate which tools can be used and the kind of training required to use them, also making it more difficult for the tools themselves to be abused by law enforcement officials who might not know exactly what they are capable of and what kind of precautions they need to take when performing operations."
Azmi says businesses have also shown a lack of trust in law enforcement. "There has always been a distrust of law enforcement not only in the high tech investigative techniques but information protection as well," he says. "The private sector is reluctant to share cybersecurity incident information with the government fearing that it might become public knowledge."
He says new initiatives, such as DoJ's cybersecurity unit, as well as existing programs, including the FBI InfraGard public-private sector information sharing and analysis venture, should help reduce business' wariness of government and law enforcement.
The cybersecurity unit also will serve as a liaison between the DoJ and Congress on drafting cybersecurity legislation. "This new unit will strive to ensure that the advancing cybersecurity legislation is shaped to most effectively protect our nation's computer networks and individual victims from cyber-attacks," Caldwell said.