The Justice Department will launch an extensive review of its strategy for defending the nation against increasingly sophisticated and deceptive cybersecurity attacks, Deputy Attorney General Lisa Monaco said in remarks at the virtual Munich Cyber Security Conference.
The audit is expected to run over a four-month period and will examine:
- Supply chain attacks such as the SolarWinds Orion campaign in December 2020 (alleged executed by Russian-backed operatives);
- nation state exploits such as the Hafnium crew’s Microsoft Exchange Server incident;
- ransomware;
- the use of artificial intelligence by hacking crews; cryptocurrency; and
- other emerging threats.
“We are launching this week, under my direction, a review of how the department is looking at exactly this set of challenges,” Monaco said. “We want to bring forth actionable recommendations in a 120 day time frame ... on what can we be doing better, working with our partners across borders, to address these threats.” (via The Washington Post)
The review comes two weeks after Justice announced it is forming a special task force to deal with skyrocketing ransomware with more training, resources and cross agency sharing of threat intelligence to thwart cyber extortion, particularly that linked to nation state-supported hackers, the Wall Street Journal first reported.
Of late, security agencies and federal law enforcement have homed in on threats to the nation’s critical infrastructure. Last month, the Energy Department said it will collaborate with private industry on a 100-day initiative to encourage power plants and electric utilities owners and operators to upgrade their tools to identify cyber threats to their networks and to recommend how best to safeguard the energy system supply chain.
“We're talking life and death,” Monaco said. “When a victim is a critical infrastructure holder, we are talking the main avenues of how we power our grid, how we get our water supply, you name it.”
Justice's role to fight cyber attacks appears to be expanding beyond investigating, indicting and prosecuting cyber crews to proactively disrupting ongoing cyber crimes--most recently executing a court order to excise malicious web shells from hundreds of exposed servers in the Exchange Server attack. This review may signal the White House’s intention for the agency to partake in drafting the nation's cyber blueprint going forward.
“We need to rethink and really assess, are we using the most effective strategies against this kind of new evolution, this pivot point that I think we're at today in the cyber threat?” Monaco said. “There is no time to lose on what can we be doing better working with our partners across borders to address these to address these threats.”
