The United States Department of Justice (DoJ) has published a report by the Attorney General’s Cyber-Digital Task Force, detailing how they intend to counter the growing list of threats. As might be expected given recent concerns, the opening chapter deals with ‘malign foreign influence’ whilst subsequent chapters cover the following topics.
- The categorization of cyber schemes by objective (damage to computer systems; data theft; fraud/carding schemes; cyber-enabled crimes threatening personal privacy; and cyber-enabled crimes threatening critical infrastructure) and method (social engineering; malware; botnets; and criminal infrastructure).
- The means the US authorities will use to detect, deter and disrupt threats.
- The ways of responding to incidents.
- The recruitment and development of staff required to counter the threats.
- Plans for the future.
There is much of value in the 156-page report. However, that means the report covers too much territory to fairly summarize its contents after my brief read through. Here are some key points that will deserve later elaboration.
- Bad foreigners will be defeated if Americans (and good foreigners) work together more closely. For all the verbiage in the report about foreign influence on elections and social harmony, no innovative solutions are proposed. The task force concludes that working together is the key to everything, whether they mean getting different government departments to coordinate their efforts, getting the government to collaborate with (or control) private industry, and working with overseas allies. But even though the mantra is better coordination, when the report details specific examples, such as how the FBI runs collaborative sessions with private sector CISOs, the numbers of people involved so far have been surprisingly meager.
- The DoJ really does not like secure communications encryption. The report quotes former US President Barack Obama, Australian Cybersecurity Minister Angus Taylor and former UK Home Secretary Amber Rudd in its bid to argue law enforcement agencies must have the power to crack communications encryption when they see fit. Oddly, the report asserts the DoJ should collect “accurate metrics and case examples that demonstrate the scope and impact of the problem”, which seemingly implies all these politicians already know that encryption is too dangerous to leave uncracked but none was presented with enough data to justify their opinion.
- The DoJ is very worried about ‘sextortion’. A surprisingly large amount of the report is dedicated to preventing sexual and pornographic content from being exploited against the will of the subject. I do not worry about such things because my sex life is not that interesting, but perhaps the scale of the DoJ’s concern can be explained by observing they ultimately report to politicians.
You can download the DoJ report from here.