Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Cyber incidents: How best to work with law enforcement
Cyber Security: A Peer-Reviewed Journal,
1
(2),
102-115
(2017)
Abstract
Cyber intrusions now affect businesses and organisations of all sizes and in all sectors and industries. The United States Department of Justice employs a whole-ofgovernment approach to investigate, disrupt and deter malicious cyber activity. We work with other law enforcement agencies; the intelligence community; civil, administrative and regulatory agencies; and the military to draw upon each partner’s unique expertise and resources, and to use whichever combination of tools will be most effective in responding to and countering a particular threat. Meeting the cyberthreat requires the help and cooperation of the private sector as well. When deciding whether to notify law enforcement of a cyber incident, organisations weigh the anticipated benefits of a proactive approach against legal, business, reputational and other practical concerns. This paper explains why working with law enforcement is the smart choice before, during and after a cyber intrusion or attack. We can help victims understand what happened; we can share context and information about related incidents; we can ensure a proper investigation and preservation of evidence; we can assist victims in dealing with regulators; and we are uniquely situated to work with other parts of the federal government to respond with possible criminal prosecution, economic sanctions, diplomatic pressure, intelligence operations and military action. Although primarily directed towards victim organisations, we hope this paper helps answer questions that all organisations’ leadership and counsel may have as they decide how their response may affect their business or mission, whether they are witnesses (eg internet service providers) or victims.
Keywords: cyber security; cyber incident response; government cyber response; law enforcement cyber response; cyber information sharing; cyber intrusion; cyberattack
The full article is available to subscribers to the journal.
Author's Biography
David H. Laufman serves as Chief of the Counterintelligence and Export Control Section (CES) in the National Security Division at the US Department of Justice (DOJ). CES has supervisory responsibility within DOJ for the investigation and prosecution of offences concerning US export controls and economic sanctions, atomic energy and counterproliferation, espionage, economic espionage, foreign agent registration and disclosure, and cyber intrusions and attacks by nation states and their proxies. He previously served both as a federal prosecutor and at DOJ’s highest operational and policy levels. As Chief of Staff to the Deputy Attorney General from 2001 to 2003, he assisted in the day-to-day management of DOJ and helped to coordinate DOJ’s responses to the terrorist attacks on 11th September, 2001. From 2003 to 2007, he served as Assistant US Attorney in the Eastern District of Virginia, where he prosecuted terrorism, export control and other national security offences. From 2010 to 2011, he served as a Special Trial Attorney to the Fraud Section at DOJ, where, on detail from the Special Inspector General for Iraq Reconstruction (SIGIR), he investigated and prosecuted procurement fraud and corruption related to US economic assistance to Iraq. He also has extensive experience in the field of economic sanctions. From 2000 to 2001, he served as Staff Director and Deputy Chief Counsel to the Judicial Review Commission on Foreign Asset Control, a congressionally mandated body that examined the administration of US laws governing the imposition of economic sanctions by the Office of Foreign Assets Control of the US Department of the Treasury. While serving as Chief of Staff to the Deputy Attorney General from 2001 to 2003, he also served as DOJ’s representative to the National Security Council’s Policy Coordinating Committee on Terrorist Financing, a sensitive interagency body that formulated intelligence, law enforcement policy and tactics regarding the designation of individuals and organisations suspected of financing Al-Qaeda and other terrorist organisations.
Sean Newell is a Deputy Chief with the US Department of Justice (DOJ) National Security Division (NSD), Counterintelligence and Export Control Section (CES), where he manages DOJ’s strategic and tactical efforts to investigate, disrupt and deter malicious cyber activities conducted by nation states and their proxies, including their targeting of the private sector and critical infrastructure. Most notably, he is a member of the prosecution teams that obtained the May 2014 indictment of five members of China’s People’s Liberation Army in United States v. Wang Dong et al., the January 2016 indictment of seven Iranians who participated in the distributed denial-of-serivce attack (DDoS) attacks against the US financial sector in United States v. Ahmed Fathi et al., and the February 2017 indictment of two officers in the Russian Federal Security Service (FSB) and two criminal hackers for their role in the intrusion into Yahoo, Inc. and the resulting theft of information regarding over 500m Yahoo accounts in United States v. Dmitry Dokuchaev et al. He also represents the DOJ on inter-agency policy committees concerning cyber security.
Stephen Reynolds serves as the Deputy Chief for Cyber Law and Policy in the Justice Department’s National Security Division. In that role, he provides legal and policy advice relating to cyber security and efforts to deter, mitigate and prosecute malicious cyber activity by nation state actors or their proxies, or that otherwise involves national security. Prior to joining NSD, he served as a Deputy Chief and the National Security Coordinator for the US Attorney’s Office in Connecticut, where he was a federal prosecutor for 15 years. In that capacity, he developed experience in investigative processes including the use of federal grand juries, subpoenas, search warrants, court orders and court-authorised electronic surveillance. He tried many criminal cases to verdict, including a six-week RICO/VCAR murder trial, a domestic terrorism trial and an espionage trial. He also supervised Connecticut’s National Security Cyber Specialists, its Cyber Working Group, and its investigations and prosecutions of matters involving economic espionage, the theft of trade secrets, cyber intrusions and cybercrime. In 2012, he received an Assistant Attorney General’s Exceptional Service Award, and in 2011, he received the Attorney General’s Distinguished Service Award. Prior to joining the US Attorney’s Office, he worked in private practice at Day, Berry and Howard in Hartford, Connecticut. He also served as a law clerk to United States District Judges Stefan R. Underhill and Alan H. Nevas of the US District Court for the District of Connecticut. He received his JD from Cornell and his BA from Hamilton College.
Mike Buchwald is a career attorney in the Office of Law and Policy in the National Security Division at the US Department of Justice, focusing on technology issues, including cyber security. He is also a member of the department’s Threat Analysis Team on the cyber security risk from the Internet of Things. He represents DOJ in a variety of inter-agency and external meetings. Previously, he served as Counsel and Deputy Staff Director for Oversight and Policy on the Senate Intelligence Committee. He also served as the designated committee staffer to brief Senator Dianne Feinstein on daily national security issues when she served as chairman and vice-chairman of the committee. Before joining the senate committee, he was an attorney at the international law firm of O’Melveny and Myers LLP where he specialised in criminal, congressional and internal investigations of corporations and non-profit entities as a member of the White-Collar Defense and Strategic Counseling groups. After law school, he clerked for a federal judge in California, where he was born and raised. Before law school he worked as a legislative assistant to Senator Feinstein for three years. He earned his JD from UVA Law School and his BA Cum Laude with Distinction in history from Yale University. He is a member of Phi Beta Kappa and a term member of the Council on Foreign Relations. He is admitted to practise law in both Washington, DC and California.
