Justice Department launches review of cyber policies after ransomware, supply chain scourges
The Justice Department is undertaking a four-month review of its approach to combatting a range of malicious cyber activity from foreign governments and criminals amid a spate of ransomware attacks and supply chain compromises.
“We need to rethink … and really assess are we using the most effective strategies” against such hacking, Deputy Attorney General Lisa Monaco said Friday at the Munich Cyber Security Conference.
The review of Justice Department policies, which began this week, will cover the cryptocurrencies that cybercriminals use to cash in on ransomware, along with the “blended threat of nation-states and criminal enterprises, sometimes working together, to exploit our own infrastructure against us,” Monaco said.
The policy review is an acknowledgement that, despite the Justice Department and FBI investing heavily in efforts to indict and arrest criminals and take down hacking forums, cyberthreats to U.S. businesses and government agencies remain unrelenting.
The 120-day Justice Department review comes after alleged Russian and Chinese hacking operations that have exploited software made by the U.S. federal contractor SolarWinds and Microsoft, respectively. The former hacking campaign breached at least nine federal agencies, while vulnerabilities used in the latter campaign exposed tens of thousands of U.S. businesses and state and local organizations to opportunistic criminal attacks.
With those clean-up operations hardly complete, the U.S. government is now dealing with another suspected Chinese hacking operation exploiting the Pulse Connect Secure virtual private networking software that has compromised at least five agencies.
Russia and China have denied involvement in the activity.
The Justice Department also in April set up a task force on ransomware that will identify links between criminals and foreign governments, the Wall Street Journal reported.
Against the steady tide of threats, the FBI has embraced a more aggressive cybersecurity strategy that involves working closely with U.S. intelligence agencies and allies to take down hacking infrastructure.
Earlier this month, the FBI used a court order to remove malicious code from hundreds of U.S. computers running the Microsoft Exchange Server email program. Monaco said U.S. law enforcement officials would “absolutely” use that tactic more in the future.
“We have got to get innovative and aggressive and we have to work collaboratively and cooperatively with our partners and with the private sector if we are going to keep pace with what the malicious actors are doing,” Monaco said.