In the President’s Management Agenda (PMA), the Justice Department was tasked with combating cyber-enabled threats and attacks by “conducting 8,400 computer intrusion program deterrences, detections, disruptions, and dismantlements, while successfully resolving 90 percent of its cyber defendant cases.” According to a Q3 FY2019 update, the Justice Department has not only met its quarterly targets, but it has also exceeded them.
The Justice Department used two strategies to meet its PMA goal: identify, disrupt, and prosecute cyber threat actors and develop and use all appropriate tools to identify and disrupt cyber threats. In order to measure success, the Department compared FY2019 to FY2018.
For its first strategy, the Department of Justice committed to charging “individuals acting on behalf of nation-states to harm our national interests, transnational organized crime groups, and individuals for launching cyberattacks against computers in the United States.” For the second strategy, the Department said it would “continue its collaboration with other agencies, including the intelligence and defense communities, to aid attribution and ensure that responses are both effective and consistent with law.”
To measure progress against its goal, the Department tracks two performance measures, both of which have quarterly targets.
In regards to the Department’s first strategy, the update noted that the FBI Cyber Division’s FY2019 goal computer intrusion program deterrences, detections, disruptions, and dismantlements is 8,000. By Q3, the FBI had exceeded its quarterly target of 2,000 and achieved 4,517. In terms of its yearly goal, the FBI has 11,280 investigative outcomes against a goal of 8,000.
The Department showed similar success in using its second strategy. In Q3 FY2019, the Department saw 100 percent of its 44 cases completed with favorable results for the Department. The update noted that between both Q2 and Q3 the number of defendants in cyber cases the Department has pursued has increased by 57 percent. By the end of Q3, the Department notes that it has favorably resolved 114 cyber defendant cases. However, the update noted that “depending upon the total number of cases resolved, a one-case differential can significantly impact the favorable percentage.” The update further explained that “many cases concerning ‘cybercrime’ may not necessarily be captured under this number, as there is not a single statute to prosecute criminal cyber conduct.”