Primary tabs

Key to Changes

This text is Revised text

This word has been added to the text

This text is Last Published text

This word has been removed from the text

Modifed styling with no visual changes

FY 16-17: Agency Priority Goal

Combating Cyber Threats

Priority Goal

Identify and pursue cyber threat actors. By September 30, 2017, the Department of Justice will conduct 1,000 computer intrusion program disruptions or dismantlements while successfully resolving 90 percent of both national security and criminal cyber cases.

Themes:

National Defense Administration of Justice

DOJ.gov

XML

CSV

Expand All

Performance Indicators

Number of computer intrusion program disruptions or dismantlements

Disruption: Interrupting or inhibiting a threat actor from engaging in criminal or national security related activity. A disruption is the result of direct actions and may include but is not limited to the arrest; seizure of assets; or impairing the operational capabilities of key threat actors.

Dismantlement: The targeted organization’s leadership, financial base and supply network has been destroyed, such that the organization is incapable of operating and/or reconstituting itself.

Data for this indicator is collected on a quarterly basis and described in the quarterly progress update field, but the measure is targeted on an annual basis as shown in this indicator field.

Indicator target and actual value information
Fiscal Year Quarter	Period Ending (Month, Year)	Target Value	Actual Value	Explanation of Actual
2014-Q4	September, 2014	100	2492
2015-Q4	September, 2015	500	513
2016-Q4	September, 2016	500	267	The Department was not able to meet the annual target for FY 2016. While the FBI had expected to reach the annual target of 500 computer intrusion program disruptions and dismantlements, the total for FY 2016 was only 267. The FBI cannot target or predict the number of computer intrusion program disruptions and dismantlements that will occur in any given year, due to the nature of operational campaigns. Regarding favorably resolved cases, the U.S. Attorney’s Offices (USAOs) favorably resolved 130 of 149 cases or 87%, which was below the annual target of 90%. Cases dismissed by USAOs in order to promote the interest of justice can have a significant impact on the percentage, as they are not categorized as favorably resolved matters for purposes of this calculation. In the assessment of an individual case, a USAO may choose to dismiss felony charges for a variety of reasons, including, but not limited to, dismissal of a felony charge(s) in lieu of a defendant’s negotiated plea to a misdemeanor charge(s), or dismissal of an indictment in order to conserve Government resources due to the inability of law enforcement to locate overseas individuals for arrest despite lengthy attempts to do so. In FY 2016, several cases were dismissed without prejudice in the interests of justice, and these dismissals reduced the favorable percentage below 90% (annual target). In FY 2016, the Department continued to execute its cyber mission by identifying, pursuing, and defeating cyber threats and adversaries targeting U.S. interests. For example, in April 2016, Charles Harvey Eccleston, a former U.S. Department of Energy (DOE) employee, was sentenced in DC federal court to a term of 18 months in prison stemming from an attempted e-mail “spear phishing” attack in 2015 that targeted dozens of DOE employees. Eccleston held a top secret security clearance with access to DOE’s network.
2017-Q4	September, 2017

Indicator Statement:

Number of computer intrusion program disruptions or dismantlements

Indicator Overview:

Dismantlement: The targeted organization’s leadership, financial base and supply network has been destroyed, such that the organization is incapable of operating and/or reconstituting itself.

Data for this indicator is collected on a quarterly basis and described in the quarterly progress update field, but the measure is targeted on an annual basis as shown in this indicator field.

Unit Of Measurement: Number of disruptions or dismantlements

Indicator Reporting Frequency: Annually

Indicator Direction: INCREASING

Percentage of cyber defendants whose cases were favorably resolved

The total number of guilty defendants (defendants who pled guilty plus defendants who were found guilty) divided by the total number of terminated defendants.

The Executive Office for United States Attorneys (EOUSA) maintains the Legal Information Office Network System (LIONS), a case management database that allows each USAO to maintain, track, and report information on their workload. LIONS data is used in response to statistical information requests from Congress and the public, and to produce the Attorney General’s Annual Report and the United States Attorneys’ Annual Statistical Report. The broadest category of cases under the “cyber crime” umbrella in LIONS is coded as “Computer Crime” (Code 03F), which is defined as:

“Fraud and related activity involving violations of 18 U.S.C. § 1030 (computers) or § 2701 et seq. (stored communications), computer “bulletin boards” and other schemes in which a computer or related data processing item is the target of the offense, such as computer intrusions, viruses and other attacks on computer systems or networks, and other fraud and theft (not including intellectual property theft) cases in which high technology or computers play a central role, such as cases involving internet fraud or threats, and thefts of computer chips or parts, including violations of 18 U.S.C. §§ 875(c)) (interstate threats), 1029 (access device fraud), 1343 (wire fraud), and 2314 (interstate transportation of stolen property).”

Many cases concerning “cyber crime” may not necessarily be captured under the LIONS Computer Crime code, as there is not a single statue to prosecute criminal cyber conduct and as cyber cases tend to involve other related criminal conduct under which the matter could be coded.

Indicator target and actual value information
Fiscal Year Quarter	Period Ending (Month, Year)	Target Value	Actual Value	Explanation of Actual
2011-Q1	December, 2010	90	89.66
2011-Q2	March, 2011	90	94.34
2011-Q3	June, 2011	90	87.88
2011-Q4	September, 2011	90	91.94
2012-Q1	December, 2011	90	90.91
2012-Q2	March, 2012	90	91.67
2012-Q3	June, 2012	90	93.48
2012-Q4	September, 2012	90	90.70
2013-Q1	December, 2012	90	93.02
2013-Q2	March, 2013	90	100.00
2013-Q3	June, 2013	90	98.15
2013-Q4	September, 2013	90	93.48
2014-Q1	December, 2013	90	97.44
2014-Q2	March, 2014	90	87.93
2014-Q3	June, 2014	90	93.33
2014-Q4	September, 2014	90	89.80
2015-Q1	December, 2014	90	93.02
2015-Q2	March, 2015	90	89.29
2015-Q3	June, 2015	90	95.45
2015-Q4	September, 2015	90	85.19
2016-Q1	December, 2015	90	88.89	As with all cases handled by United States Attorneys Offices, each case was individually evaluated throughout the judicial process, including the decision to initiate charges. Depending upon the total number of cases resolved during any given quarter, a one case differential can significantly impact the favorable percentage. Case statistics were compiled by the Executive Office for United States Attorneys (EOUSA) using a case management database. Many cases concerning “cybercrime” may not necessarily be captured under this number, as there is not a single statute to prosecute criminal cyber conduct. In addition, cyber cases tend to involve other related criminal conduct under which the matter could be coded in the EOUSA case management database. USAOs will continue to individually assess each case brought for criminal prosecution in a manner that promotes the ends of justice.
2016-Q2	March, 2016	90	83.33	As with all cases handled by USAOs, each was individually evaluated throughout the judicial process, including the decision to initiate charges. Depending upon the total number of cases resolved during any given quarter, a one case differential can significantly impact the favorable percentage. Cases dismissed by USAOs in order to promote the interest of justice can also have a significant impact on the percentage, as they are not categorized as favorably resolved matters for purposes of this calculation. In the assessment of an individual case, a USAO may choose to dismiss felony charges for a variety of reasons, including, but not limited to, dismissal of a felony charge(s) in lieu of a defendant’s negotiated plea to a misdemeanor charge(s), or dismissal of an indictment in order to conserve Government resources due to the inability of law enforcement to locate overseas individuals for arrest despite lengthy attempts to do so. In FY 2016 Q2, several cases were dismissed without prejudice in the interests of justice, and these dismissals reduced the favorable percentage below 90%. Case statistics were compiled by the Executive Office for United States Attorneys (EOUSA) using a case management database. Many cases concerning “cybercrime” may not necessarily be captured under this number, as there is not a single statute to prosecute criminal cyber conduct. Cyber cases tend to involve other related criminal conduct under which the matter could be coded in the EOUSA case management database. USAOs will continue to individually assess each case brought for criminal prosecution in a manner that promotes the ends of justice.As with all cases handled by USAOs, each was individually evaluated throughout the judicial process, including the decision to initiate charges. Depending upon the total number of cases resolved during any given quarter, a one case differential can significantly impact the favorable percentage. Cases dismissed by USAOs in order to promote the interest of justice can also have a significant impact on the percentage, as they are not categorized as favorably resolved matters for purposes of this calculation. In the assessment of an individual case, a USAO may choose to dismiss felony charges for a variety of reasons, including, but not limited to, dismissal of a felony charge(s) in lieu of a defendant’s negotiated plea to a misdemeanor charge(s), or dismissal of an indictment in order to conserve Government resources due to the inability of law enforcement to locate overseas individuals for arrest despite lengthy attempts to do so. In FY 2016 Q2, several cases were dismissed without prejudice in the interests of justice, and these dismissals reduced the favorable percentage below 90%. Case statistics were compiled by the Executive Office for United States Attorneys (EOUSA) using a case management database. Many cases concerning “cybercrime” may not necessarily be captured under this number, as there is not a single statute to prosecute criminal cyber conduct. Cyber cases tend to involve other related criminal conduct under which the matter could be coded in the EOUSA case management database. USAOs will continue to individually assess each case brought for criminal prosecution in a manner that promotes the ends of justice.
2016-Q3	June, 2016		83.3	For FY 2016 Q3, United States Attorney’s Offices (USAOs) favorably resolved 20 of 24 cases (83.33%). As with all cases handled by USAOs, each was individually evaluated throughout the judicial process, including the decision to initiate charges. Depending upon the total number of cases resolved during any given quarter, a one case differential can significantly impact the favorable percentage. Cases dismissed by USAOs in order to promote the interest of justice can also have a significant impact on the percentage, as they are not categorized as favorably resolved matters for purposes of this calculation. In the assessment of an individual case, a USAO may choose to dismiss felony charges for a variety of reasons, including, but not limited to, dismissal of a felony charge(s) in lieu of a defendant’s negotiated plea to a misdemeanor charge(s), or dismissal of an indictment in order to conserve Government resources due to the inability of law enforcement to locate overseas individuals for arrest despite lengthy attempts to do so. In FY 2016 Q3, several cases were dismissed without prejudice in the interests of justice, and these dismissals reduced the favorable percentage below 90%. Case statistics were compiled by the Executive Office for United States Attorneys (EOUSA) using a case management database. Many cases concerning “cybercrime” may not necessarily be captured under this number, as there is not a single statute to prosecute criminal cyber conduct. Cyber cases tend to involve other related criminal conduct under which the matter could be coded in the EOUSA case management database. USAOs will continue to individually assess each case brought for criminal prosecution in a manner that promotes the ends of justice. In addition, in FY 2016 Q3, the Criminal Division (CRM) recorded one action taken regarding dark web or deep web, and the National Security Division (NSD) recorded 107 actions taken in support of disrupting or dismantling national security actors and/or networks.
2016-Q4	September, 2016	90	86.7	The Department was not able to meet the annual target for FY 2016. Regarding favorably resolved cases, the U.S. Attorney’s Offices (USAOs) favorably resolved 130 of 149 cases or 87%, which was below the annual target of 90%. Cases dismissed by USAOs in order to promote the interest of justice can have a significant impact on the percentage, as they are not categorized as favorably resolved matters for purposes of this calculation. In the assessment of an individual case, a USAO may choose to dismiss felony charges for a variety of reasons, including, but not limited to, dismissal of a felony charge(s) in lieu of a defendant’s negotiated plea to a misdemeanor charge(s), or dismissal of an indictment in order to conserve Government resources due to the inability of law enforcement to locate overseas individuals for arrest despite lengthy attempts to do so. In FY 2016, several cases were dismissed without prejudice in the interests of justice, and these dismissals reduced the favorable percentage below 90% (annual target). In FY 2016, the Department continued to execute its cyber mission by identifying, pursuing, and defeating cyber threats and adversaries targeting U.S. interests. For example, in April 2016, Charles Harvey Eccleston, a former U.S. Department of Energy (DOE) employee, was sentenced in DC federal court to a term of 18 months in prison stemming from an attempted e-mail “spear phishing” attack in 2015 that targeted dozens of DOE employees. Eccleston held a top secret security clearance with access to DOE’s network.
2017-Q1	December, 2016
2017-Q2	March, 2017
2017-Q3	June, 2017
2017-Q4	September, 2017

Indicator Statement:

Percentage of cyber defendants whose cases were favorably resolved

Indicator Overview:

The total number of guilty defendants (defendants who pled guilty plus defendants who were found guilty) divided by the total number of terminated defendants.

Unit Of Measurement: Percentage

Indicator Reporting Frequency: Quarterly

Indicator Direction: STABLE

Other Indicators

Number of actions taken in support of disrupting or dismantling national security actors and/or networks

This measure is designed to capture NSD's efforts to disrupt national security cyber actors, dismantle their networks, and disrupt those who seek to direct or benefit from a cyber actor’s activities, even if those efforts do not ultimately result in criminal charges and prosecution. It includes significant steps that NSD may take to advance that goal, recognizing that: (a) in most national security cyber cases, NSD cannot take disruptive action unilaterally, without further coordination concerning the equities of other departments and agencies; and (b) NSD’s decision to take actions with a short-term disruptive effect must often be evaluated in light of potential intelligence loss. Such actions include, but are not limited to, initiation of criminal cases or matters, obtaining legal process in furtherance of an investigation or technical operation (e.g., a botnet takedown), obtaining criminal charges, assisting other agencies with their disruptive actions, legislative initiatives, and private industry outreach.

This measure is being baselined in FY 2016.

Indicator target and actual value information
Fiscal Year Quarter	Period Ending (Month, Year)	Actual Value	Explanation of Actual
2016-Q1	December, 2015	218	In FY 2016 Q1, the National Security Division (NSD) recorded 218 actions taken in support of disrupting or dismantling national security actors and/or networks; this indicator captures NSD's efforts to disrupt national security cyber actors, dismantle their networks, and disrupt those who seek to direct or benefit from a cyber actor’s activities, even if those efforts do not ultimately result in criminal charges and prosecution.
2016-Q2	March, 2016	194	In FY 2016 Q2, the National Security Division (NSD) recorded 194 actions taken in support of disrupting or dismantling national security actors and/or networks; this indicator captures NSD's efforts to disrupt national security cyber actors, dismantle their networks, and disrupt those who seek to direct or benefit from a cyber actor’s activities, even if those efforts do not ultimately result in criminal charges and prosecution.
2016-Q3	June, 2016	107	For FY 2016 Q3, United States Attorney’s Offices (USAOs) favorably resolved 20 of 24 cases (83.33%). As with all cases handled by USAOs, each was individually evaluated throughout the judicial process, including the decision to initiate charges. Depending upon the total number of cases resolved during any given quarter, a one case differential can significantly impact the favorable percentage. Cases dismissed by USAOs in order to promote the interest of justice can also have a significant impact on the percentage, as they are not categorized as favorably resolved matters for purposes of this calculation. In the assessment of an individual case, a USAO may choose to dismiss felony charges for a variety of reasons, including, but not limited to, dismissal of a felony charge(s) in lieu of a defendant’s negotiated plea to a misdemeanor charge(s), or dismissal of an indictment in order to conserve Government resources due to the inability of law enforcement to locate overseas individuals for arrest despite lengthy attempts to do so. In FY 2016 Q3, several cases were dismissed without prejudice in the interests of justice, and these dismissals reduced the favorable percentage below 90%. Case statistics were compiled by the Executive Office for United States Attorneys (EOUSA) using a case management database. Many cases concerning “cybercrime” may not necessarily be captured under this number, as there is not a single statute to prosecute criminal cyber conduct. Cyber cases tend to involve other related criminal conduct under which the matter could be coded in the EOUSA case management database. USAOs will continue to individually assess each case brought for criminal prosecution in a manner that promotes the ends of justice. In addition, in FY 2016 Q3, the Criminal Division (CRM) recorded one action taken regarding dark web or deep web, and the National Security Division (NSD) recorded 107 actions taken in support of disrupting or dismantling national security actors and/or networks. The FBI had 45 computer intrusion program disruptions and dismantlements during FY 2016 Q3. Through the Q3, the total number of disruptions and dismantlements is now 198. The FBI expects to reach the annual target of 500 computer intrusion program disruptions and dismantlements during FY 2016. The FBI cannot target or predict the number of computer intrusion program disruptions and dismantlements that will occur in any given quarter, given the nature of operational campaigns.
2016-Q4	September, 2016	120
2017-Q1	December, 2016
2017-Q2	March, 2017
2017-Q3	June, 2017
2017-Q4	September, 2017

Indicator Statement:

Number of actions taken in support of disrupting or dismantling national security actors and/or networks

Indicator Overview:

This measure is being baselined in FY 2016.

Unit Of Measurement: Number of actions taken

Indicator Reporting Frequency: Quarterly

Indicator Direction: INCREASING

Number of actions taken regarding dark web or deep web

Deep Web or Dark Web refer to content that exists on darknets, or networks which overlay the public internet and require specific access devices, software, or configurations to access and are often used for illegal or criminal activity. Deep Web is not indexed by search engines, and the darknets which constitute the Dark Web include small, friend-to-friend or peer-to-peer networks, as well as large, popular networks operated by public organizations and individuals.

"Matters taken" includes prosecutions initiated or referrals made to other prosecuting entities related to Dark Web or Deep Web actors or activities, including private forums, encrypted hidden services, and botnets.

Indicator target and actual value information
Fiscal Year Quarter	Period Ending (Month, Year)	Actual Value	Explanation of Actual
2011-Q4	September, 2011	4	Note: this indicator is not targeted.
2012-Q4	September, 2012	1	Note: this indicator is not targeted.
2013-Q4	September, 2013	4	Note: this indicator is not targeted.
2014-Q4	September, 2014	1	Note: this indicator is not targeted.
2015-Q4	September, 2015	16	This spike reflects the launching of a new effort to disseminate investigative leads developed by Operation Onymous to law enforcement agencies nationwide. Operation Onymous was a coordinated international takedown in November 2014 of hundreds of dark web marketplaces and forums located in the U.S. and Europe where criminals sold drugs, stolen credit card data, and other contraband. In addition to arrests made during the takedowns, law enforcement seized numerous servers and other information regarding vendors and buyers on these marketplaces. The takedown resulted in investigative leads relating to individuals who participated in these marketplaces, leading in large part to the observed increase. CCIPS played a significant role in helping to create and manage the process by which these investigative leads were developed. Note: this indicator is not targeted.
2016-Q4	September, 2016	1
2017-Q4	September, 2017