DOJ establishes cybercrime enforcement unit as U.S. warnings mount over Chinese hacking

The Department of Justice established a cyber-focused section within its National Security Division to combat the full range of digital crimes, a top department official said Tuesday.

The National Security Cyber Section — NatSec Cyber, for short — has been approved by Congress and will elevate cyberthreats to “equal footing” with other major national security issues, including counterterrorism and counterintelligence, Assistant Attorney General for National Security Matt Olsen said in remarks at the Hoover Institution in Washington.

The new section enables the agency to “increase the scale and speed of disruption campaigns and prosecutions of nation-state cyberthreats as well as state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security,” Olsen said.

The NatSec Cyber center arrives at time of growing concern about nation-state cyberattacks especially originating from Russia and China. Last week, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, warned Americans to be prepared for a major Chinese cyberattack. “This, I think, is the real threat that we need to be prepared for, and to focus on, and to build resilience against,” she said at an event in Washington.

However, the section has been many months in the making. It comes out of Deputy Attorney General Lisa Monaco’s July 2022 Comprehensive Cyber Review meant to review the agency’s approach to cyber-related matters and develop “actionable recommendations to enhance and expand the Department’s efforts.” It also tracks with a main theme of President Biden’s cybersecurity strategy, which calls for cross-agency collaboration to fight cybercrime.

The DOJ has taken a more proactive and aggressive approach to cyber-related prosecutions over the past two years, even when the agency’s actions preclude traditional prosecutions and convictions. Monaco described the shift in strategy in April on stage at the RSA Conference in San Francisco, saying that there is now “a bias toward action to disrupt and prevent, to minimize that harm if it’s ongoing,” with the goal “to take that action to prevent that next victim.”

The first major example of the policy shift was the April 2021 FBI action to proactively disable web shells related to Chinese-aligned efforts to exploit vulnerable Microsoft Exchange Servers, Monaco said. Another example of the proactive nature of DOJ actions was the April 2022 FBI operation that hobbled a Russian military intelligence-directed botnet that the FBI and DOJ determined could have enabled follow-on malicious activity.

The new unit within the DOJ will “give us the horsepower and organizational structure we need to carry out key roles of the Department in this arena,” Olsen said. “NatSec Cyber prosecutors will be positioned to act quickly, as soon as the FBI or an IC partner identifies a cyber-enabled threat and to support investigations and disruptions from the earliest stages.”