CRS: Justice Department’s Role in Cyber Incident Response

Nov 21

Kristin Finklea, Specialist in Domestic Security

Criminals and other malicious actors increasingly rely on the Internet and rapidly evolving technology to further their operations. They exploit cyberspace, where they can mask their identities and motivations. In this context, criminals can compromise financial assets, hactivists can flood websites with traffic—effectively shutting them down, and spies can steal intellectual property and government secrets.

When such cyber incidents occur, a number of issues arise, including how the government will react and which agencies will respond. These issues have been raised following a number of high profile breaches such as those against the U.S. Office of Personnel Management. Federal law enforcement has the principal role in investigating and attributing these incidents to specific perpetrators, and this responsibility has been codified within the broader framework of federal cyber incident response.

Presidential Policy Directive (PPD) on U.S. Cyber Incident Coordination

The Obama Administration, through PPD-41, outlined how the government responds to significant cyber incidents—those that are “likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.”Responding to cyber incidents involves threat response, asset response, and intelligence support. The Department of Justice (DOJ), through the Federal Bureau of Investigation (FBI) and National Cyber Investigative Joint Task Force (NCIJTF), is the designated lead on threat response. Asset response and intelligence support responsibilities are led by other federal agencies.

Read Complete CRS Insight