The Department of Justice (DoJ) has released the final report for its Comprehensive Cyber Review conducted over the last year, highlighting DoJ’s need for stronger collaboration with its partners and allies, as well as the need to prioritize prevention efforts.
Deputy Attorney General Lisa Monaco launched the review in May 2021 to reevaluate DoJ’s strategies to combat cyber threats in light of increases in ransomware and supply-chain attacks.
Among a number of recommendations, the final report says DoJ can “significantly amplify its own efforts by working more closely with its partners and allies” to disrupt cyber threats. DoJ should leverage the tools of other U.S. government partners; like-minded nations; state, local, tribal, and territorial governments; and the private sector, the report says.
As a result of this recommendation, the department will designate the first-ever Cyber Operations International Liaison (COIL), who will work with department components and European allies “to increase the tempo of or otherwise enable operations and other disruptive actions against top-tier cyber actors, including charges, arrests, extraditions, asset seizures, and the dismantlement of infrastructure.”
Additionally, the report highlights the need to prioritize prevention efforts and update DoJ’s response plans for a significant cyber intrusion into its own systems. The report recommends the agency prepare separate cyber-incident response materials – called the Justice Cyber Incident Playbook – for department leadership.
“The report we release today reflects what we have learned over the last year, including the need to prioritize prevention, to ensure we are doing all we can to help victims, and above all else – to use all the tools at our disposal, working with partners here and around the globe, across the government, and across the private sector,” Monaco said during a speech on July 19. “This approach has yielded real results.”
“Thanks to rapid reporting and cooperation from a victim,” Monaco said DoJ’s cyber approach has produced good results yet again, with the FBI and DoJ announcing yesterday the disruption of activities of a North Korean state-sponsored group deploying ransomware known as “Maui.”
“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain,” Monaco said. “The approach used in this case exemplifies how the Department of Justice is attacking malicious cyber activity from all angles to disrupt bad actors and prevent the next victim.”