The Department of Justice (DoJ) Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) today announced its new Strategic Approach to Countering Cybercrime.
Principal Deputy Assistant Attorney General Nicole Argentieri unveiled the new guidance this morning during a CSIS event, highlighting the strategy’s three critical goals.
“The Strategic Approach to Countering Cybercrime emphasizes the division’s focus on using all tools to disrupt criminal activity and hold criminal actors accountable, developing law and policy to prevent and prosecute cybercrime, and promoting cybersecurity through capacity building and public education,” Argentieri said during the opening keynote of the event. “It also highlights the division’s expertise in collecting and using electronic evidence.”
Argentieri offered examples of how CCIPS is working with Federal and international partners to implement each of the three strategic goals.
CCIPS has worked with the FBI and other partners on successful cyber disruptions and prosecutions against prolific cybercrime groups, including the notorious ransomware groups LockBit and AlphV/Blackcat.
“While we are proud of these successes, we know our work is not done. We remain especially vigilant about the next generation of technology that criminals are employing to commit cybercrime,” she said. “Because bad actors are already exploiting AI for criminal purposes.”
The second goal in the new strategy emphasizes the Criminal Division’s role in ensuring that the department has effective tools to combat cybercrime and that it protects civil rights in cybercrime investigations.
Argentieri said the Criminal Division participated in negotiating the first international agreement encouraging governments to use AI in responsible ways that respect civil rights.
“The Council of Europe convened these negotiations, which resulted in a first-of-its-kind treaty,” she explained.
“The treaty provides an opportunity for rights-respecting governments to set forth a shared baseline for how we will use AI in a way that is consistent with respect for human rights, democracy, and the rule of law,” she said. “It codifies key principles related to AI such as transparency, accountability, non-discrimination, reliability, and privacy, It establishes minimum risk management practices; and establishes a forum for like-minded democracies to coordinate on AI’s impact.”
Finally, the strategic approach’s third goal is focused on promoting cybersecurity through capacity building, public education, and information sharing.
“Among the many things the Criminal Division is doing to advance cybersecurity, we are actively building relationships with AI companies to better understand how criminals are exploiting AI and identify ways that the private sector can work with the department to combat criminal activity on their platforms,” Argentieri said. “These relationships are essential – the private sector has a critical role to play in addressing the criminal misuse of AI.”
Argentieri also announced that CCIPS is working towards updating its Vulnerability Disclosure Framework from 2017 to further advance AI research and help public and private organizations create effective vulnerability disclosure programs.
“The original framework described how to build vulnerability disclosure programs for IT systems that accounted for issues that might arise under the Computer Fraud and Abuse Act. And it minimized legal jeopardy for security researchers,” she said. “We are revising our framework to address the reporting of vulnerabilities for AI systems and to contemplate issues that might arise under intellectual property laws as well.”
Argentieri concluded by emphasizing that the nation “must be vigilant in understanding this rapidly evolving technology.”
She continued, “The Criminal Division stands ready to take on this role by leading the department’s efforts to combat the criminal misuse of AI, to uphold the rule of law both at home and abroad when it comes to governments’ use of AI, and to facilitate partnerships with the private sector to ensure that public-interest research advances, while malicious actors are held accountable.”
