Washington, DC - The Justice Department’s Criminal Division hosted a cybersecurity roundtable discussion Thursday on the challenges in handling data breach investigations.  Assistant Attorney General Brian A. Benczkowski of the Criminal Division delivered opening remarks and served as moderator for the event.  Deputy Attorney General Rod J. Rosenstein, Assistant Attorney General John C. Demers of the Department’s National Security Division and officials from the FBI, U.S. Secret Service, the White House’s National Security Council and U.S. Department of Homeland Security also delivered remarks at the event. 

The audience included many of the nation’s leading private-sector practitioners in the field of data breach response and representatives from premier cybersecurity and incident response firms in the country.

The Criminal Division held its inaugural cybersecurity roundtable in 2015, shortly after the creation of the Cybersecurity Unit within the Computer Crime and Intellectual Property Section (CCIPS).  The goal of the first roundtable was to spur a conversation within the legal community about how the government can work more effectively with companies, firms, and organizations to prosecute and prevent data breaches.  Three years later, the Department continues to exchange ideas with and look to the private sector’s expertise and insight about how to improve cooperation between law enforcement agencies and data breach victims.

In February of this year, Attorney General Jeff Sessions established a Cyber-Digital Task Force, which published its first report in July.  The report provides a comprehensive assessment of the cyber-enabled threats confronting the nation, and catalogs ways in which the Justice Department combats those threats, including by partnering with the private sector.

“Public-private partnerships addressing cybercrime play a critical role in our efforts to hold criminals accountable for data breaches,” said Deputy Attorney General Rosenstein.  “We depend on the private sector to help us maintain the rule of law in cyberspace at every stage of our work. That includes working together to obtain critical evidence for investigations and trials, and collaborating on developing the legal authorities needed to protect our 21st century economy.  Today’s discussion aims to share best practices, common challenges, and emerging threats, and identify how the Department of Justice and our law enforcement partners can help private industry to protect Americans from harm while safeguarding privacy.  Through roundtables like this and the continuing collaboration they fuel, we will meet emerging threats, protect America’s technological innovations, and preserve public safety and security.”

“The Criminal Division has long been recognized for its innovative and aggressive pursuit of the most sophisticated cybercriminals,” said Assistant Attorney General Benczkowski.  “Active engagement with the private sector through events like the Cybersecurity Industry Roundtable is essential to our effectiveness as prosecutors because it allows us to draw upon a broad range of experience to get better at what we do.  The Criminal Division’s commitment to fighting cybercrime is unwavering, and we look forward to continued close cooperation in that fight with our counterparts in the private sector.” 

The Criminal Division created the Cybersecurity Unit within CCIPS in December 2014 to help channel CCIPS’s expertise and experience combatting cybercrime into the prevention of cybercrime.  The Unit’s contributions during its brief existence have included issuing groundbreaking guidance to help organizations create vulnerability disclosure programs to improve detection of cyber vulnerabilities.  The Unit’s outreach to the private sector has included participation by members of CCIPS in well over 100 cybersecurity events since 2015, such as RSA, Black Hat, DEFCON, and International CES, which has helped the Unit build relationships with and gather input from incident responders, potential victims, and key information security experts.  This input has been put to good use.  The Criminal Division released a document at the first roundtable providing guidance to help organizations prepare for a cyber incident, called “Best Practices for Victim Response and Reporting Cyber Incidents.”

As part of Thursday’s event, the Cybersecurity Unit released a new document providing even more comprehensive guidance that reflects input the Unit received during its outreach efforts.  The revised guidance addresses new issues like working with incident response firms, cloud computing, ransomware, and information sharing.  It is an example of the type of assistance that the Cybersecurity Unit was designed to provide—to help elevate cybersecurity efforts and build better channels of communication between law enforcement and industry.