In a speech at the Cybercrime 2020 symposium on December 4, 2014, U.S. Assistant Attorney General Leslie R. Caldwell announced that the Department of Justice is creating a dedicated Cybersecurity Unit within the department’s Computer Crime and Intellectual Property Section (CCIPS).
Noting that a cyberheist campaign last year caused $45 million in losses in a matter of hours, Caldwell said, “That crime dwarfed the biggest bank heists in U.S. history several times over, and the masterminds never had to worry about security guards, dye-packs, or silent alarms. In fact, they never had to leave home.”
In response to threats like those, Caldwell said, “It is important that we address cyber threats on multiple fronts, with both a robust enforcement strategy as well as a broad prevention strategy. I am, therefore, announcing today the creation of the Cybersecurity Unit within CCIPS.”
“Prosecutors from the Cybersecurity Unit will provide a central hub for expert advice and legal guidance regarding the criminal electronic surveillance statutes for both U.S. and international law enforcement conducting complex cyber investigations to ensure that the powerful law enforcement tools are effectively used to bring the perpetrators to justice while also protecting the privacy of every day Americans,” Caldwell said.
The Cybersecurity Unit will work in cooperation with law enforcement, private sector partners, and the U.S. Congress. “This new unit will strive to ensure that the advancing cyber security legislation is shaped to most effectively protect our nation’s computer networks and individual victims from cyber attacks,” Caldwell said.
“As you know, the private sector has proved to be an increasingly important partner in our fight against all types of online crime, but particularly cyber security-related matters,” Caldwell added. “Prosecutors from the Cybersecurity Unit will be engaging in extensive outreach to facilitate cooperative relationships with our private sector partners.”
“This is a fight that the government cannot and will not wage alone,” she said.
Caldwell also stressed that privacy and civil liberties are key considerations in all investigations. “Privacy concerns are not just tacked onto our investigations, they are baked in,” she said. “Privacy concerns are in the laws that set the ground rules for us to follow; the Departmental policies that govern our investigative and prosecutorial conduct; the accountability we must embrace when we present our evidence to a judge, a jury, and the public in an open courtroom; and in the proud culture of the Department.”
Adam Kujawa, head of malware intelligence at Malwarebytes Labs, told eSecurity Planet by email that the announcement is a step in the right direction. “This will allow for privacy concerns to be addressed by a single authority rather than having to contact local departments for answers or inquiries,” he said.
“At the same time, this central authority can dictate which tools can be used and the kind of training required to use them, also making it more difficult for the tools themselves to be abused by law enforcement officials who might not know exactly what they are capable of and what kind of precautions they need to take when performing operations,” Kujawa added.