In October 2017, Deputy Attorney General Rod J. Rosenstein addressed attendees at three cybersecurity summits: the Cambridge Cyber Summit, the Global Cyber Security Summit, and the 2017 North American International Cyber Summit.  At all three conferences, Rosenstein focused on three areas: (1) the “scope of the cybersecurity threat” that confronts the United States, (2) the challenges the government faces in countering these threats, and (3) the “ways that law enforcement can help, before, during, and after a cyber incident.”  Rosenstein first discussed the scope of the cybersecurity threat.  As an example, Rosenstein pointed to large data breaches of private companies holding sensitive financial data and intellectual property.  In addition to data breaches, Rosenstein discussed “ransomware” attacks, distributed denial of services attacks (“DDoS”), and critical infrastructure attacks.  Rosenstein described the “WannaCry” ransomware incident that affected over 230,000 computers in 150 countries by targeting computers, encrypting data, and demanding ransom payments in bitcoin.  Second, Rosenstein discussed the challenges the government encounters in addressing cybersecurity threats.  He pointed to the continued growth of “dark markets.”  Dark markets facilitate crime by providing access to “narcotics trafficking . . . illegal firearms sales, identity theft, child exploitation and computer hacking.”  Rosenstein also described the “dark markets” as part of a broader problem called “Going Dark.”  Specifically, Rosenstein described the “Going Dark” issue as the increasing use of “warrant-proof” encryption, which “frustrates traditional law enforcement efforts to collect evidence needed to protect public safety and solve crime.”  Rosenstein then described the “balance of privacy and security” and discussed how companies should consider these concerns when designing their encryption systems.  Finally, Rosenstein pointed to the different ways law enforcement can help.  Rosenstein described the benefits the government can provide such as sharing information about related incidents, providing advice about upgrading cyber defenses, ensuring proper investigation and preservation of evidence, and potentially pursuing “economic sanctions, diplomatic pressure, and intelligence operations.”  Rosenstein concluded by affirming the DOJ’s commitment to improving and promoting cybersecurity.

DOJ Press Release (Cambridge Cyber Summit)

DOJ Press Release (Global Cyber Security Summit)

DOJ Press Release (2017 North American International Cyber Summit)