Us Deputy Attorney General Requests Assistance From Companies in the Fight Against Cybercrime

This week, US Deputy Attorney General Lisa O. Monaco called upon private industry to assist law enforcement in fighting cybercrime. During her opening remarks at the Criminal Division of the Department of Justice’s (“DOJ”) cybersecurity roundtable, Monaco stressed that the United States is at an “inflection point” in the types of cyber threats it faces, namely that bad actors were historically nation-states but are expanding to include more private actors and criminal enterprises.

Monaco outlined the DOJ’s maturing approach to fighting cybercrime and highlighted the different mechanisms in place to address the cyber threat “as it rapidly evolves.” These include the DOJ’s Comprehensive Cyber Review designed to accomplish three goals: 1) assess how the DOJ can improve its investigative capability to enable effective prosecution and disruption of bad actors, 2) improve DOJ resiliency, and 3) prepare the next generation of attorneys and agents who “go after these threat actors.”

Monaco also highlighted the importance of building a “national picture” of ransomware attacks nationwide. Despite the DOJ’s directive to all 93 U.S. Attorneys instructing them to inform the DOJ whenever there is a ransomware attack in their district, she maintained that this is not enough.

Monaco stressed that “we need reporting from victims to address this threat, to prevent additional victims.” Though recognizing that companies may face “operational” and “reputational” risks, she argued that the benefits and importance of partnering with law enforcement outweigh these risks. She argued that ultimately, “it is bad for companies, bad for America . . . if companies are attacked and don’t partner with law enforcement . . . and help disrupt these activities and prevent future victims.” In addition to her appeal from a civic-duty perspective, Deputy Attorney General Monaco also made a point to outline the tangible benefits companies can receive when working with law enforcement, including getting encryption keys and money back.

Monaco’s remarks included a specific focus on the heightened responsibility of federal government contractors. Noting that contractors are entrusted with government dollars and are “trusted to work on sensitive government systems,” she stressed that failure to “follow required cybersecurity standards, or misrepresent their cybersecurity practices or capabilities” is unacceptable and vowed to “go after that behavior.” Specifically, she referenced the newly established Civil Cyber-Fraud Initiative, which will use the False Claims Act to “enforce civil fines on government contractors and grant recipients as well as protect whistleblowers who bring information forward.”

Monaco made a direct appeal to work cooperatively with private industries. Specifically, she asked to hear from industry about:

1. The challenges companies face;
2. How the DOJ can “evolve to meet the threat”;
3. What the private sector thinks is working well; and
4. what private industry would like the DOJ to “consider doing differently.”

Monaco’s remarks spotlight the US Government’s increasing focus on protecting the country’s national and economic security by strengthening its cybersecurity.  It also presents an opportunity for private sector companies to actively engage in the requested dialogue and ensure that the resulting policies properly balance the multitude of considerations.