In a prepared speech at the Georgetown Cybersecurity Law Institute, Assistant Attorney General Leslie R. Caldwell discusses a new Department of Justice cyber security unit to better help the government and industry tackle cyber-related issues:

So, I think I’ve made clear that we want your help.  But we also want to help you.  Last December, at the Legal Symposium on cybercrime on this campus, I announced that the department was taking the fight against cybercrime in a new direction.  I announced the Criminal Division’s plan to work more closely with the private sector and federal agencies to address cybersecurity challenges.  We created a hub for the Division’s cybersecurity work, which is the new Cybersecurity Unit in CCIPS.

Our reasons for creating the Cybersecurity Unit were simple.  First, cybercrime and cybersecurity have always been linked.  Vulnerabilities in hardware and software and inadequate implementation of security protocols are what facilitate cybercrime.  The tradecraft used by cybercriminals tells us something about the state of cybersecurity.

In creating the Unit, we hope to use the lessons that CCIPS has learned and the skills that its prosecutors have gained from investigating and disrupting cybercrime to create actionable guidance and to support public- and private-sector cybersecurity efforts.  Furthermore, by creating a dedicated Cybersecurity Unit we can better ensure that cybersecurity receives the consistent, dedicated attention that it requires.

CCIPS is well-suited to this task.  Its expertise regarding the relevant laws is exceptional.  They are the department’s experts in laws directly affecting cybersecurity, including:

  • The Computer Fraud and Abuse Act, which is often referred to as the “hacking statute;”
  • Statutes which regulate electronic surveillance and are implicated in all varieties of cybersecurity monitoring and intrusions detection technologies, such as the Electronic Communications Privacy Act, the Wiretap Act and the Pen Trap statute; and
  • The evolving constitutional, statutory and jurisprudential framework broadly relating to the collection and use of electronic evidence.

Moreover, CCIPS has extensive existing expertise in cybersecurity.  For years, CCIPS has been providing other government agencies with legal advice on how to lawfully implement their cybersecurity programs.

CCIPS, along with others in the department, also frequently represents the Department of Justice in priority interagency efforts, often led by the National Security Council, on cutting-edge issues at the intersection of technology and criminal law, such as encryption.  In addition, CCIPS provides guidance to federal prosecutors around the country on how technological trends – from the latest app to new social media – may impact investigations.

The US government seems to have a number of highly disparate cyber security efforts taking place simultaneously, and none of these tasks appear to be coordinated in any way, shape, or form. This is not good news.