The Department of Justice (DoJ) is launching a four-month effort to reevaluate its strategies to combat cybersecurity threats in light of increases in ransomware and supply-chain attacks and the tendency of attackers to use U.S.-based infrastructure to launch their exploits, said the United States Deputy Attorney General Lisa Monaco on April 30 at a security conference in Germany.
Monaco, who began her latest stint of service at DoJ last week, said her focus at the agency encompasses a range of emerging threats, including threats from domestic and foreign extremists.
But she emphasized that cyber threats “are at the top of my priority list.” Those threats, she said, have become even more acute since she was last in government as chief counterterrorism advisor to President Obama.
“It has exploded, it has become more diffuse, more sophisticated, more dangerous than ever before,” she said of the general cyber threat.
“As I return to the Justice Department what I’m seeing is that we are at this pivot point and I think what distinguishes today’s threat – and what I’m seeing and what I’m acutely focused on, and what we will be focusing on here in the department – is how malicious actors are exploiting the technology that has been such a boon to our commerce, to free speech, to the way we communicate, the way we drive, you name it,” Monaco said.
“We have over time moved all of everything we do from the analog to the digital space, but we didn’t do it with security in mind,” she said.
“Well, we’re at another point where new technologies and connectivity is exploding in a way that I think we really have to think about how the bad actors are exploiting it,” the Deputy AG said.
“What we’re seeing now is that … the way we are using new innovation and technology, it’s being used against us, and it’s being used against us by nation-state adversaries, by criminal enterprises, and we see it in the supply chain attacks … we see it in the use of ransomware,” Monaco said.
“And that’s why we are launching this week, under my direction, a review of how the department is looking at exactly this set of challenges,” she said. “We want to bring forth actionable recommendations in a 120-day time frame, so there is no time to lose.”
Part of that effort, Monaco said, will be looking at “what can we be doing better working with our partners across borders to address these threats, things like how is digital currency becoming a tool and something that is also exploited,” supply chain attacks, and “how can we address the blended threat of nation-states and criminal enterprises sometimes working together to exploit our own infrastructure against us.”
The tendency of attackers to use U.S. communications infrastructure in supply-chain exploits has also been flagged by Gen. Paul Nakasone, who heads both U.S. Cyber Command and the National Security Agency (NSA), as a growing concern.
“So, there is a great deal to do, and we’re launching this review to make sure we are bringing all the tools we can to address it,” Monaco said.
Ransomware Task Force
As part of DoJ’s overall cybersecurity approach, the agency last week created a ransomware task force “to really go after that particular manifestation of the cyber threat,” the Deputy AG said.
Monaco reckoned that 2020 was the “worst year we have experienced to date when it comes to ransomware” with damage measured in the billions of dollars against companies and governments.
She particularly decried the non-financial impacts of ransomware attacks.
“It is not just about money, it’s about mayhem,” she said, adding, “when the victim is a hospital, we’re talking life and death.”
“This is something that we are acutely focused on we’ve launched this ransomware and digital extortion task force,” she said. “Our task force will be focused on … how do we go after the entire ecosystem that is being used, the infrastructure that bad actors are using, the digital currency they’re using as a means to perpetrate their extortion efforts … we have to take a holistic look at it.”
Monaco also indicated that DoJ’s ransomware focus will extend to possible next generations of digital attacks.
“Ransomware is one manifestation which we are now seeing in the headlines, but more broadly, what is the next ransomware that we’re going to have to deal with, what is the next exploitation by bad actors of other technologies, whether it’s AI, again digital currency issues, what is the next iteration of the supply chain attack that we’ve seen,” she asked.
“The Justice Department has tools that it can use and we are working every day with our partners to disrupt to deter and to hold accountable malicious cyber actors exploiting these technologies, but we have got to move at the same speed that our adversaries are,” she said.