January 7, 2009 By Corey McKenna
Cyber-security "requires extreme vigilance and close attention from the Department of Justice and the entire Executive Branch," Deputy Attorney General Mark R. Filip said in remarks prepared for delivery at the International Conference on Cyber Security yesterday.
Filip said the Justice Department and the rest of the federal government face three broad challenges with respect to cyber-crime: It cuts across national boundaries, it ignores bureaucracy and it targets critical infrastructure controlled by public and private entities.
Filip noted that the federal government is relatively comfortable with the division of labor occasioned by the relationship between law enforcement, the intelligence community and the military. But cyber-security vulnerabilities transcend national and bureaucratic boundaries, Filip said. "Spies and criminals from abroad can use the infrastructure of the Internet to steal information from locations in the United States without ever coming close to our shores."
Critical infrastructure is another area where responsibilities extend beyond the federal government. While the government can harden borders and government buildings on its own terms and more or less unilaterally, cyber-security is different. "The cyber-infrastructure of the U.S. government is closely linked to the national cyber-infrastructure that we all know and use," Filip said. And that infrastructure is largely made up of privately owned networks.
Filip observed that American economic security is quickly becoming linked to the country's ability to protect information in cyberspace. "Even if the government wanted to devise cyber-security policies without private input, these policies would have limited reach, and would not reach many of the most critical potential vulnerabilities in the
United States," he said. The nation's electrical grid, banking system and intellectual property held by corporations and universities are all vulnerable to cyber-attack.
The challenges of geographic and bureaucratic boundaries and the need for public/private partnerships are also the sorts of challenges that can be overcome either by creating new institutions or by subjecting them to sustained senior level attention within the executive branch, Filip said. "In the past few years we've done both. For the past few years... [cyber-security] has gotten a lot of attention among the senior ranks of the Department of Justice and the rest of the executive branch. And we're trying to build new institutions or change relevant laws to put our country on a better cyber footing."
The FBI has created a cyber-security fusion center in Pennsylvania to bring private parties and government investigators together to do the hard work of collaborating on cyber breaches and cyber threats.
The DOJ is focusing substantial energy on cooperating with other government agencies to address cyber espionage and cyber-terrorism threats. The department does this work at places like the Joint Terrorism Task Forces and the National Counterterrorism Center.
Additionally, the FBI has created InfraGard, a partnership between the government and private industry that encourages information sharing to better protect America's physical and electronic infrastructure. Through this partnership, FBI agents provide threat alerts and warnings, investigative updates and other information, while private sector partners share expertise and information that helps law enforcement track down criminals and terrorists.
While the borderless nature of the Internet does create new challenges for law enforcement, Filip said it was important to remember that U.S. laws "closely track geography and put limits on government and private action where data is resident in locations within this country."
International cooperation in fighting cyber crime is also increasing. For example, the Department of Justice chairs the G-8 High Tech Crime Group, which now includes over 50 countries. The group is designed to facilitate parallel criminal investigations with law enforcement agencies abroad and allow for quick cooperation on emerging and existing cyber-crime matters. The United States has also ratified the International Convention on Cyber-crime.
The Internet provides new opportunities for organized crime to prey on victims