During one of her first public appearances since being sworn in, Attorney General Loretta Lynch said she will focus on investigating and prosecuting cyber crimes and stressed the need for law enforcement to work with the private sector to achieve true cybersecurity.
"We have a mutual and compelling interest in developing comprehensive strategies for confronting this threat and it is imperative that our strategies evolve along with those of the hackers searching for new areas of weakness," Lynch said at a cybersecurity roundtable with industry hosted by the Criminal Division on April 29. "But we can only meet that challenge if law enforcement and private companies share the effort and work in cooperation with each other."
To help meet this challenge, Justice announced the release of a new guidance document outlining best practices for companies developing a response plan or reacting to a breach.
Document: Best Practices for Victim Response and Reporting of Cyber Incidents
The guidance "reflects lessons learned by federal prosecutors while handling cyber investigations and prosecutions, including information about how cyber criminals' tactics and tradecraft can thwart recovery," the introduction states, noting it was designed for smaller organizations that might not have the resources to do this legwork in-house.
The document includes eight steps companies should take before a cyber incident occurs and detailed advice on what to do in the event of an attack.
The guidance also includes a few tips on what not to do, such as attempting to hack back, which could be an illegal move.
Related: New DOJ Cybersecurity Unit to advise on Internet crime
"For all its scope and complexity, cyber crime is not an unsolvable species of crime," said Leslie Caldwell, assistant attorney general. "Cyber criminals commit their crimes because they see hacking as a low-risk, high-reward proposition. Accordingly, our goal must be to alter that assessment."
Justice developed the guidance as a means of helping the private sector keep up with the changing landscape of cyber crime and plans to continuously revise it as a living document, Caldwell said.
"Our door at the Department of Justice is always open to new partnerships and new approaches to combating cyber crime," Lynch said. "I am excited about all that we will achieve together in the days ahead."
Related: Obama signs order authorizing sanctions against cyber criminals
Justice will also be developing more guidance documents in the future specifically targeted to victims of cyber crime.
"At the Criminal Division we see ourselves as engaged in a long-term battle against cyber crime – a battle that we will only meet with success if we collaborate with [the private sector] as we surmount obstacles and design innovative solutions," Caldwell said.
Lynch agreed.
"I firmly believe that cybersecurity must be among the highest priorities for the Department of Justice," she said. "That is why, as attorney general, I will seek to build on the already outstanding work of the women and men of the department."
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
