- Home
- Agencies
- Department of Agriculture
- Department of Housing and Urban Development
- General Services Administration
- Department of Commerce
- Department of the Interior
- National Aeronautics and Space Administration
- Department of Defense
- Department of Justice
- National Science Foundation
- Department of Education
- Department of Labor
- Office of Personnel Management
- Department of Energy
- Department of State
- Small Business Administration
- Environmental Protection Agency
- Department of Transportation
- Social Security Administration
- Department of Health and Human Services
- Department of the Treasury
- U.S. Agency for International Development
- Department of Homeland Security
- Department of Veterans Affairs
- Goals
- Initiatives
- Programs
Primary tabs
FY 16-17: Agency Priority Goal
Combating Cyber Threats
Priority Goal
Goal Overview
A range of cyber activities also constitutes a growing threat to our national security and economic stability. An increasing number of sophisticated state and non-state actors have both the desire and the capability to steal sensitive data, trade secrets, and intellectual property for military and competitive advantage. Insiders pose an additional threat to engage in insider-enabled cyber theft and sabotage. The other major national security threat in cyberspace is cyber-enabled terrorism. Although the United States has not yet encountered terrorist organizations using the Internet to launch a full-scale cyber attack, the Department believes that it is a question of when, not if, they will attempt to do so. The cyber threat demands ready and fluid means of sharing information and coordinating actions and responses. The Department’s cyber strategy involves an all-tools approach, inclusive of investigation and prosecution, and with a focus on the disruption of the threat, regardless of the particular tool used. The Department has significant and growing national security responsibilities in the area of cyber security, and retains primary authority over the investigation and prosecution of cybercrimes, including those that have national security implications. These investigations most frequently arise in instances where an agent of a foreign government seeks to infiltrate or harm a sensitive or important piece of U.S. cyber infrastructure. Finally, the Department has increasing legal and policy duties assisting interagency and legislative cyber initiatives to protect American critical infrastructure, networks, businesses, and computer users in a manner consistent with the law.
This goal aligns with Administration cybersecurity priorities. The goal was established in coordination with OMB policies and guidance, to include the Cybersecurity Strategy and Implementation Plan, the Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements, and the Cybersecurity Cross-Agency Priority Goal.
Strategies
Under the FBI's Next Generation Cyber initiative, FBI Cyber Division has realigned its focus on intrusions into government and private computer networks. To facilitate its mission of countering cyber threats, the FBI has focused its resources on targeting and disrupting the top cyber threat actors, leveraging its workforce, and developing and utilizing the latest technology to counter emerging trends. A cyber threat actor is any nation-state, organized group, or individual who engages in unauthorized computer (or computer network) access or attacks in violation of U.S. law. In order to protect government and private computer networks from cyber intrusion, the FBI Cyber Division has focused resources on effectively disrupting and/or dismantling threat actors. Disruptions are milestones in the process of dismantling a group or organized criminal enterprise. Disruptions force an organization to adopt unfamiliar or labor-intensive patterns or use less experienced personnel, thereby slowing the pace of their activities and creating opportunities for additional disruptions, and building momentum for the ultimate goal of the dismantlement of the organization. Dismantlements refer to the destruction of a targeted organization’s leadership, financial base, and supply network such that the organization is incapable of operating and/or reconstituting itself.
Effective October 1, 2014, the FBI Cyber Division implemented significant changes in how it manages Cyber National Security (CyNS) investigations through the Cyber Threat Team (CTT) model. Prior to October 1, 2014, FBI Cyber Division prioritized four broadly defined CyNS computer intrusion threats, each of which could be worked by every field office. Through the CTT model, FBI Cyber Division has prioritized narrowly defined computer intrusion sets. Cyber Threat Teams, consisting of up to six field offices, are designated to focus on these narrowly defined threats. The CTT model has enabled the FBI to effectively address priority cyber national security threats by maximizing the benefits of a well-coordinated threat-centric model, while eliminating duplication of efforts. The FBI also continues to raise awareness among both public and private partners about the threat of insiders illicitly acquiring valuable secrets and intellectual property through extensive outreach efforts and the development of strategic partnerships with both public and private sector organizations.
Another key indicator of success in combating cyber threats is the successful resolution of both national security-related and criminal cyber cases. The Department has many tools available to combat cyber crimes – cyber threats could be disrupted using civil enforcement, regulatory enforcement, supply chain efforts, or other operations, and the offenses charged may not be limited to cybercrimes. The Department also works to disrupt cyberattacks as a method of addressing ongoing intrusions, thefts of sensitive data, and attacks on the integrity and availability of systems. Department attorneys regularly collaborate with agencies within the intelligence and defense communities with respect to both defensive and offensive cyber security operations, and coordinate with foreign partners to secure mutual legal assistance treaties, communicate effectively, and ensure that evidence will be admissible in court.
Progress Update
The Department was not able to meet the annual target for FY 2016. While the FBI had expected to reach the annual target of 500 computer intrusion program disruptions and dismantlements, the total for FY 2016 was only 267. The FBI cannot target or predict the number of computer intrusion program disruptions and dismantlements that will occur in any given year, due to the nature of operational campaigns. Regarding favorably resolved cases, the U.S. Attorney’s Offices (USAOs) favorably resolved 130 of 149 cases or 87%, which was below the annual target of 90%. Cases dismissed by USAOs in order to promote the interest of justice can have a significant impact on the percentage, as they are not categorized as favorably resolved matters for purposes of this calculation. In the assessment of an individual case, a USAO may choose to dismiss felony charges for a variety of reasons, including, but not limited to, dismissal of a felony charge(s) in lieu of a defendant’s negotiated plea to a misdemeanor charge(s), or dismissal of an indictment in order to conserve Government resources due to the inability of law enforcement to locate overseas individuals for arrest despite lengthy attempts to do so. In FY 2016, several cases were dismissed without prejudice in the interests of justice, and these dismissals reduced the favorable percentage below 90% (annual target). In FY 2016, the Department continued to execute its cyber mission by identifying, pursuing, and defeating cyber threats and adversaries targeting U.S. interests. For example, in April 2016, Charles Harvey Eccleston, a former U.S. Department of Energy (DOE) employee, was sentenced in DC federal court to a term of 18 months in prison stemming from an attempted e-mail “spear phishing” attack in 2015 that targeted dozens of DOE employees. Eccleston held a top secret security clearance with access to DOE’s network.
Milestone: Support non-prosecution disruption tools with FBI investigations and DOJ legal support and information sharing, as appropriate (e.g., Treasury sanctions, Commerce designations, and diplomatic engagements, deterrence/avoidance). In FY 2016 and FY2017, NSD and CRM will promote the use of these alternate tools to USAOs and increase cross-government communication and collaboration through interagency working groups and training efforts. (NSD/CRM)
- Quarterly Milestone for FY16Q4: By the end of FY 2016, in collaboration with partner agencies, DOJ will have evaluated at least 2 matters for designation referral under E.O. 13694 (or its successors) or Department of Commerce authorities.
During FY 2016 Q4 the National Security Division (NSD) continued to work with the FBI and U.S. Attorney’s Offices around the United States to identify, disrupt, and deter top national security cyber threats, including actors engaged in cyber-enabled economic espionage and theft of trade secrets and other malicious activities designed to steal information from or cause damage to U.S.-based computers. In support of this effort, NSD has collaborated with FBI and the Department of Treasury’s Office of Foreign Assets Control (OFAC) to identify and propose targets for designation under E.O. 13694. However, as of the end of FY 2016 Q5, no such designations have occurred. NSD nonetheless continues to support the use of E.O. 13694 in appropriate circumstances. For example, in October 2016, NSD will provide AUSA’s belonging to DOJ’s National Security Cyber Specialist (NSCS) Network with training regarding the process for proposing, evaluating, designating, and defending the designation of malicious cyber actors or entities under E.O. 13694 as part of DOJ’s “all tools” approach to the national security cyber threat.
The Criminal Division has achieved this milestone.
Milestone: Increase outreach efforts to FBI field offices, USAOs, victims, and targeted private and public sector entities in order to raise criminal and national security cyber threat awareness, build partnerships, and promote enhanced network defenses in order to disrupt and deter national security and criminal cyber threats. In FY2016 and FY2017, CRM and NSD will develop and disseminate investigative guidance, success stories and lessons learned to increase victim willingness to cooperate in investigations and disruptions. (CRM/NSD)
- Quarterly Milestone for FY16/Q4: Evaluate impact of outreach/roundtable sessions conducted during FY2016 and identify sectors and regions for targeted outreach during FY2017; by the end of FY16, NSD will have visited the five FBI field offices managing the investigation of Cyber Division priority threats and will have published case summaries on its internal website and via the NSCS network.
During FY 2016 Q4, the National Security Division (NSD) continued to build on outreach relating to national security cyber threats, particularly in our outreach to past and potential victims of national security cyber intrusions across a large number of business sectors and to FBI field offices. Such outreach in Q4 included approximately 40 public speaking engagements to large live and virtual audiences and private meetings and roundtable discussions. Additionally, in FY 2016, NSD attorneys visited approximately eleven field offices managing investigations of Cyber Division priority threats (or otherwise met with such field office personnel during the course of meetings at nearby U.S. Attorney’s Offices). In Q4, NSD also evaluated the success of its outreach efforts over the prior three quarters, which targeted a variety of sectors, at a wide range of corporate levels (e.g. C-suite; General Counsels; Boards of Directors; Security Officers), and in over 20 states and most U.S. geographic regions. In evaluating these efforts, NSD concluded that through numerous speaking engagements at large-scale venues, roundtable discussions and meetings, NSD successfully delivered NSD's message to the private sector that public-private information sharing and early reporting of cyber incidents will aid both victims and the government in responding to cyber threats. NSD further determined that outreach efforts should increase focus on general counsel level audiences and NSD has identified certain national security threats (e.g. economic espionage) and certain targeted sectors (such as the medical sector and research universities and hospitals) in which to increase targeted outreach efforts in FY 2017. Such outreach efforts should also focus on recently-identified private sector concerns regarding real and perceived barriers to working with law enforcement. In FY 2017, NSD will work with the CRM Division to prepare guidance to address these concerns.
Further, NSD ensures that its successful efforts to counter national security cyber threats receive publicity, in order to deter other actors who may be contemplating similar activities and to show the public that DOJ and FBI are committed to investigating, disrupting, and deterring the national security cyber threat. Accordingly, in FY 2016 Q4, NSD worked with the Office of Public Affairs to publish three press releases related to successful disruptions, including a guilty plea from one actor and a 20-year prison sentence for another.
The Criminal Division has appropriately evaluated the impact of the outreach and roundtable sessions conducted during FY2016 and is currently planning appropriate sector outreach during FY2017, subject to budgetary constraints. These outreach sectors are expected to include continuing outreach relating to information sharing under the Cybersecurity Information Sharing Act of 2015 as well as to key sectors, such as the growing sectors relating to the “Internet of Things.”
Next Steps
• Milestone: Support non-prosecution disruption tools with FBI investigations and DOJ legal support and information sharing, as appropriate (e.g., Treasury sanctions, Commerce designations, and diplomatic engagements, deterrence/avoidance). In FY 2016 and FY2017, the National Security Division (NSD) and Criminal Division (CRM) will promote the use of these alternate tools to United States Attorneys Offices (USAOs) and increase cross-government communication and collaboration through interagency working groups and training efforts. (NSD/CRM)
Quarterly milestones are:
• FY16Q2:During FY 2016 Q2 the National Security Division (NSD) continued to work with the FBI and U.S. Attorney’s Offices around the United States to identify, disrupt, and deter top national security cyber threats, including actors engaged in cyber-enabled economic espionage and theft of trade secrets and other malicious activities designed to steal information from or cause damage to U.S.-based computers. In support of this effort, NSD, in coordination with FBI, has sought to enlist the private sector’s assistance in sharing cyber threat and intrusion information with the Department and the FBI, which will provide the supporting bases for the Department’s prosecution and non-prosecution disruption efforts. To that end, NSD developed and delivered remarks and briefings for top sectors targeted by national security threat actors, including private sector general counsels, outside counsels, the agricultural sector, auto sector, biotechnology sector, financial sector, manufacturing sector, academia, and the insurance industry. Additionally, multiple NSD components continued to provide active support to “whole-of-government” efforts to disrupt and deter national security cyber threats through other agencies’ authorities.
• FY16Q3: Deliver briefings to USAOs in districts heavily represented by high-threat sectors.
• FY16Q4: By the end of FY 2016, in collaboration with partner agencies, DOJ will have evaluated at least 2 matters for designation referral under E.O. 13694 (or its successors) or Department of Commerce authorities.
• FY17Q1: Evaluate impact of threat briefings in reducing threats or in increasing the usage of disruption tools besides prosecution.
• FY17Q2: Develop educational materials on use of the all-tools approach.
• FY17Q3: Disseminate educational materials through National Security Cyber Specialist, Computer Hacking/Intellectual Property, and National Security/Anti-Terrorism Advisory Council Coordinator networks and through interagency working groups.
• FY17Q4: By the end of FY 2017, DOJ will have collaborated with partner agencies in at least 2 other efforts to disrupt national security cyber threat actors.
• Milestone: Increase outreach efforts to FBI field offices, USAOs, victims, and targeted private and public sector entities in order to raise criminal and national security cyber threat awareness, build partnerships, and promote enhanced network defenses in order to disrupt and deter national security and criminal cyber threats. In FY2016 and FY2017, CRM and NSD will develop and disseminate investigative guidance, success stories and lessons learned to increase victim willingness to cooperate in investigations and disruptions. (CRM/NSD)
Quarterly milestones are:
• FY16/Q2: NSD continued to build on outreach relating to national security cyber threats during FY 2016 Q2, particularly in our outreach to past and potential victims of national security cyber intrusions across a large number of business sectors and their legal counsel. As in FY 2016 Q1, such outreach included public speaking engagements to large live and virtual audiences and private meetings, including keynote remarks, roundtable and panel discussions, facilitation of FBI threat briefings, and one-on-one meetings with private sector representatives from a variety of sectors, including general counsels, outside counsels, the agricultural sector, auto sector, biotechnology sector, financial sector, manufacturing sector, academia, and the insurance industry. In FY 2016 Q2, NSD continued to ensure that National Security Cyber Specialist (NSCS) representatives in the U.S. Attorney’s Offices had the most recent outreach materials regarding national security cyber intrusions. NSD further disseminated information concerning successful national security cyber investigations and prosecutions to the NSCS network, so that the NSCS representatives could draw on such successes in their local outreach efforts. Additionally, in FY 2016 Q2, NSD delivered joint remarks with SolarWorld Americas at a widely-attended industry conference, which described the value of DOJ’s assistance in dealing with cyber intrusions committed against that company by members of China’s People’s Liberation Army.
• FY16/Q3: Have participated in or supported at least five outreach/roundtable sessions conducted by or in coordination with U.S. Attorneys’ Offices or federal law enforcement agencies during FY2016; NSD will work with OPA to publish a highlighted example of a successful disruption effort on the main DOJ website.
• FY16/Q4: Evaluate impact of outreach/roundtable sessions conducted during FY2016 and identify sectors and regions for targeted outreach during FY2017; by the end of FY16, NSD will have visited the five FBI field offices managing the investigation of a Cyber Division “National Threat Priority” or “Band II” threat and will have published case summaries on its internal website and via the NSCS network.
• FY17/Q1: Identify private sector organizations representing key sectors for targeted outreach in FY2017; disseminate success stories and/or lessons learned at the NSCS conference.
• FY17/Q2: Distribute revised materials for FY2017 outreach and roundtable sessions to U.S. Attorneys’ Offices.
• FY17/Q3: Have participated in or supported at least five outreach/roundtable sessions conducted by or in coordination with U.S. Attorneys’ Offices or federal law enforcement agencies representing targeted regions and sectors during FY2017.
• FY17/Q4: Evaluate impact of outreach/roundtable sessions conducted during FY2017 and identify sectors and regions for targeted outreach during FY2018.
Expand All
Performance Indicators
Number of computer intrusion program disruptions or dismantlements
Percentage of cyber defendants whose cases were favorably resolved
Other Indicators
Number of actions taken in support of disrupting or dismantling national security actors and/or networks
Number of actions taken regarding dark web or deep web
Contributing Programs & Other Factors
• Federal Bureau of Investigation (DOJ component) – Cyber Division
• National Security Division (DOJ component)
• Criminal Division (DOJ component) – Computer Crime and Intellectual Property Section
• United States Attorneys’ Offices (DOJ component)
• U.S. Intelligence Community, law enforcement community partners, and potential private sector targets of cyber attacks.
No Data Available