The Department of Justice recently released its comprehensive assessment of cyber threats in the United States, titled “Report of the Attorney General’s Cyber-Digital Task Force.” The Report is the result of the establishment of the Attorney General’s Cyber-Digital Task Force by the Department in February 2018. Attorney General Jeff Sessions directed the Task Force to answer two questions:

  1. How is the Department responding to cyber threats?
  2. How can federal law enforcement more effectively accomplish its mission in this important and rapidly evolving area?

The 156-page Report presented by the Task Force responds to the first question and is broken into six chapters, each analyzing cyber threats and how the Department counters them.

The report indicates that one of the top cyber threats posed to the United States currently is what the department labels “malign foreign influence operations.” Malign foreign influence operations include covert actions by foreign governments that are intended to disrupt American democratic institutions, divide society and impact society to affect public discourse and guide geopolitical objectives of the foreign entity. The report analyzes variations of those operations as well as their capabilities, but emphasizes the targeted attacks by foreign adversaries on elections in the United States. The report identifies, for the first time, categories of malign foreign influence operations, which include:

  1. Targeting of election-associated infrastructure.
  2. Actors attempting to compromise the confidentiality or integrity of targeted groups’ or individuals’ private information.
  3. Covert offers of financial, logistical or other campaign support meant to influence the policies of unwitting politicians, party leaders, campaign officials or the public.
  4. Disinformation campaigns and covert influence operations.
  5. Overt influence efforts, including utilizing state-owned media and lobbyists to attempt to influence U.S. policymakers.

The Report indicates that the 2016 United States presidential election saw an unprecedented scale of internet-facilitated operations attempting to exert such influence. In light of this, the Report predicts the 2018 midterm elections are susceptible to more covert foreign missions to disrupt the electoral process. To counter these threats, the Department will utilize a range of tools, including prosecuting criminal activity under the Foreign Agents Registration Act; maintaining strategic relationships with social media providers; engaging the FBI; activating the joint Foreign Influence Task Force, which serves as the central coordinating authority for handling malign foreign influence operations; identifying foreign intelligence threats; and providing classified briefings to election officials of all 50 states regarding capabilities of adversaries to influence the election infrastructure. The report also announces a new Department policy, which governs the disclosure of malign foreign influence operations and provides guideposts for the Department to counter foreign influence threats.

The Report details the sophisticated threats and cyber schemes the Department detects and how it disrupts them. The most prevalent categories of attacks include: (1) damage to computer systems, (2) data theft, (3) fraud/carding schemes, (4) crimes threatening personal privacy and (5) cyber-enabled threats to critical infrastructure. The Report details the variety of ways these attacks are conducted, such as ransomware, phishing campaigns, malware, distributed denial of service attacks, and botnets. The FBI works with private entities to make them aware of information regarding any affected sectors through briefings and technical alerts. To disrupt cyber threats, the Department also utilizes several methods and legal tools, including conducting forensic investigations through the FBI to detect the activity and prosecuting the criminals under Federal cybercrime statutes.

The Department also emphasizes a relationship with private-sector companies in order to properly respond to threats. Through “operational engagement,” the Department and the FBI tailor outreach operations to organizations and sectors with particular cyber risks to develop lines of communication as well as reports to assist those industries regarding cyber threats. This process also includes collaboration with other Intelligence and Government Agencies to provide joint products such as technical threat indicators and intelligence to protect against cyber threats.

Finally, the Department outlines its efforts to develop a workforce that can respond to the ever-developing cyber threat landscape. The Department cultivates its workforce by retaining attorneys with the technological backgrounds and experience to handle cyber threat cases and by employing non-lawyer professionals with extensive expertise in technology.

This Report provides an overview of the Department’s detection of ever-changing cyber threats to the United States as well as the tools and methods the Department is utilizing to counter those threats. The Report indicates that in the future the Department will build on the initial findings and provide recommendations to the Attorney General for more means to protect Americans from cyber threats.