The Department of Justice faces a different combination of hacking threats from criminals and foreign governments than other U.S. federal organizations because of the department’s dual law enforcement and counterintelligence missions, the department’s top cybersecurity official said Tuesday.
The “threat profile” facing DOJ stems from the sensitive case work department officials pursue against criminal hackers and foreign spies, according to Nickolous Ward, the department’s chief information security officer.
“That’s where organized crime might be more interested in us, when we’re going after cybercrimes,” Ward told CyberScoop at the Security Transformation Summit presented by Fortinet and produced by FedScoop and StateScoop.
“Or, from the counterintelligence aspect, if we’re looking at nation-states, they’re certainly interested in if we’re investigating them,” Ward added.
In the last 18 months, the department has unsealed a number of hacking charges in federal court, whether for alleged state-sponsored cyber espionage or lone criminal activity. Last month, a Russian national pleaded not guilty to allegations that he operated two hacking forums where members bought and sold payment data worth roughly $20 million. Russian embassy officials were on hand for the hearing.
Each of those cases is of interest to the foreign governments and hacking groups implicated, who might be willing to use their capabilities to research a case. Ward and his team are charged with keeping them from breaking into the DOJ systems housing the case information.
On stage at the summit, Ward reflected on the challenge of protecting the department’s 250,000 “endpoints,” which are devices like mobile phones.
“Our attack surface has expanded dramatically with more mobile [devices],” he said. “5G [networking technology] is going to make that even more prevalent.”
The Marine Corps veteran also spoke of the risk of DOJ contractors getting breached by hackers.
“We trust all these different vendors to store our data,” Ward said generally. “And how do we know that they’re protecting it properly?”
The answer, Ward told CyberScoop, is strict security measures for contractors handling DOJ data.
“We’ve … had a long history of doing supply chain risk management including procurement language in all of our contracts,” Ward said. While conceding that that language hasn’t been updated since around 2015, Ward said the department was also participating in other supply-chain security initiatives.
The department’s contracting work includes buying software exploits to help with investigations. In June, Sen. Ron Wyden, D-Ore., wrote to the department asking what it was doing to protect those exploits from being compromised by adversaries.
Six months later, the department has yet to respond to Wyden, according to a spokesperson for the senator.
By press time, a DOJ spokesperson had not responded to a question from CyberScoop on whether the department plans to reply to the letter.
For his part, Ward said he was unaware of the missive. Asked if he knew of any possible breaches of the department’s exploit-writing contractors, Ward said, “not off the top of my head.”