Justice Department's Role in Cyber Incident Response (CRS Report for Congress)
Premium Purchase PDF for $24.95 (13 pages)
add to cart or
subscribe for unlimited access
Pro Premium subscribers have free access to our full library of CRS reports.
Subscribe today, or
request a demo to learn more.
| Release Date |
Revised Dec. 18, 2020 |
| Report Number |
R44926 |
| Report Type |
Report |
| Authors |
Finklea, Kristin M. |
| Source Agency |
Congressional Research Service |
| Older Revisions |
-
Premium Aug. 23, 2017 (12 pages, $24.95)
add
|
Summary:
Criminals and other malicious actors increasingly rely on the Internet and rapidly evolving
technology to further their operations. In cyberspace, criminals can compromise financial assets,
hacktivists can flood websites with traffic—effectively shutting them down, and spies can steal
intellectual property and government secrets. When such cyber incidents occur, a number of
questions arise, including how the federal government will react and which agencies will respond.
The Obama Administration, through Presidential Policy Directive/PPD-41, outlined how the
government responds to significant cyber incidents. Responding to cyber incidents involves (1)
threat response, (2) asset response, and (3) intelligence support. The Department of Justice (DOJ),
through the Federal Bureau of Investigation (FBI, or the bureau) and National Cyber Investigative
Joint Task Force (NCIJTF), is the designated lead on threat response, which involves
investigating and attributing specific cyber activities to particular individuals or entities as well as
facilitating intelligence and information sharing.
In investigating cyber incidents, the FBI’s Cyber Division focuses on “high-level intrusions by
state-sponsored hackers and global cyber syndicates, and the most prolific botnets.” In addition to
conducting its own cyber investigations, the FBI
leads the NCIJTF, a multi-agency hub for coordinating, integrating, and sharing
information on cyber threat investigations;
heads up other task forces and law enforcement partnerships focused on cyber
threat response, including cyber task forces with subject matter experts at each
field office, cyber action teams that can rapidly deploy in response to specific
incidents, and cyber assistant legal attachés positioned in certain foreign
countries to work with U.S. counterparts;
has established several initiatives to interface with the private sector regarding
cyber incidents; these resources (such as the Internet Crime Complaint Center,
IfraGard program, and National Cyber-Forensics and Training Alliance) collect
and share information, build partnerships, and enhance cyber threat awareness;
has been working to recruit and retain an appropriate cyber workforce and has
developed a multi-layered cyber training program for its agents; and
has been discussing with the technology community and policymakers how
evolving technology, such as encrypted communications and devices, affects
investigations, particularly in cyber-related cases, and how law enforcement can
develop tools to investigate these cases most effectively.
Relating to the FBI’s work in combating and responding to cyber threats, one question
policymakers may have is how the bureau prioritizes cyber threats. DOJ’s Inspector General,
while noting strides in this arena, has recommended that (1) the FBI should use a more datadriven,
objective methodology to identify and prioritize cyber threats, and (2) the FBI should
develop a means to track agent time spent on specific cyber threats. Policymakers may elect to
conduct oversight of the FBI’s efforts in these areas, examine whether any changes to cyber threat
prioritization affect where cyber threats rank within the broader universe of threats confronting
the nation, and debate whether or how to direct the FBI’s use of funds allocated to combating
cyber threats.
