DOJ sets new goals for responding to ransomware attacks

The Justice Department said it wants to increase the percentage of reported ransomware incidents it handles to 65% by September 2023.

In a strategic planning document published Friday, the Department of Justice said that by September 30, 2023, it pledges to increase “the percentage of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours to 65%.”

The department also wants to increase “the number of ransomware matters in which seizures or forfeitures are occurring by 10%.”

The pledges were also included in the President’s Management Agenda website and were under the purview of Eun Young Choi, the recently appointed director of the National Cryptocurrency Enforcement Team at the Justice Department. 

The department set similar goals in its 2022-2026 Strategic Plan document, pledging to “address supply chain vulnerabilities, support other government agencies and the private sector, and identify new sources of evidence and intelligence.”

“In addition, the Department will continue to develop ways to attribute cyberattacks, to respond to and engage victims and targeted entities, and to provide intelligence to help victims recover and strengthen their defenses,” the DOJ said. 

“Finally, we will continue to develop our own cyber expertise by investing in recruitment, training, and capacity building.”

The Justice Department said it also wanted to “bolster its interagency and international collaborations to aid attribution, defend networks, sanction bad behavior, and otherwise deter or disrupt cyber adversaries overseas.”

Other goals laid out by the document include closer public/private partnerships as a way to encourage incident reporting and tougher internal measures to improve cybersecurity at the department, including multifactor authentication, encryption and more. 

“The Department will help the private sector identify and address their vulnerabilities through threat intelligence sharing and targeted outreach. We will also continue to support policy efforts to protect the digital supply chain, federal information systems, and critical infrastructure against vulnerabilities,” officials explained. 

The document mentions that the DOJ plans to use the False Claims Act as a way to “to hold accountable anyone who puts U.S. government information or assets at risk by knowingly providing deficient cybersecurity products or services, misrepresenting their cybersecurity practices or protocols, or violating obligations to monitor and report cybersecurity incidents and breaches.”

As a way to measure its progress on these pledges, the DOJ said it would track the percent increase in disruptions of malicious cyber actors’ use of online infrastructure “through proactive operations and judicial means,” the increase in operations conducted with strategic partners and the number of threat advisories disseminated to the private sector. 

They also plan to track the number of confirmed cyber incidents to Department systems.