Kristin Finklea, Justice Department's Role in Cyber Incident Response (CRS Report R44926) (Aug. 23, 2017) (full-text).
Criminals and other malicious actors increasingly rely on the Internet and rapidly evolving technology to further their operations. They exploit cyberspace, where they can mask their identities and motivations. In this domain, criminals can compromise financial assets, hacktivists can flood websites with traffic — effectively shutting them down, and spies can steal intellectual property and government secrets.
When such cyber incidents occur, a number of questions arise, including how the federal government will react and which agencies will respond. These questions have been raised following a number of high profile breaches such as those against the U.S. Office of Personnel Management, the Democratic National Committee, and Yahoo. Federal law enforcement has taken the lead in investigating cyber incidents, attributing certain malicious activities to specific perpetrators, and prosecuting cyber threat actors.
This report outlines the federal framework for cyber incident response, highlighting the Department of Justice's (DOJ's) role in this response. It also discusses challenges for federal law enforcement and potential policy issues for Congress.