In recent weeks, Justice has begun training more than 300 lawyers in Washington and nearly 100 more across the county in the legal and technical skills needed to confront the increase in cyber threats to national security.
Justice officials would not release the cyber security review, but they said its conclusions led to the major realignment.
“We are very vulnerable,” John Carlin, the principal deputy in Justice’s national security division, said in an interview. “Terrorists groups are saying publicly want they want to do – knock down the stock exchange and disrupt the electrical grid. We need to be more focused on this threat and we need to be ready.”
Justice lawyers are grappling with two distinct categories of national security threats from the Internet. One danger is from terrorists plotting full-scale cyber attacks and the other comes from hackers, cyber criminals and foreign governments stealing trade secrets from the private sector and sensitive classified information from the military and government agencies.
“Other than a weapon of mass destruction going off in one of our major cities, this is the most significant threat to our economy and national security,” said Shawn Henry, who just retired as the FBI’s top cyber sleuth, and now works with companies infiltrated by foreign intelligence services. “The amount of electronic espionage going on is unprecedented.”
In a key advance, a law enforcement individual said, federal investigators have developed the ability to monitor computer screens in real-time as data is being stolen by foreign countries, which will help with counter-espionage investigations. The individual spoke on the condition of anonymity because of the classified nature of the investigations.
“This threat is real, it’s present, it’s growing and it touches virtually everything we do from counterterrorism to counterespionage to our intelligence operations,” said Assistant Attorney General for National Security Lisa Monaco. “Just as we realigned our counterterrorism efforts after 9/11, we are realigning our cyber efforts to meet this challenge.”
Justice’s increased focus on cyber espionage and terrorism is being spearheaded by its national security division, which was created in 2006 as one of the government’s post-Sept. 11 reforms. The idea behind NSD, the first new Justice division since 1957, was to create a single unit of intelligence lawyers and criminal prosecutors to work with U.S. attorneys’ offices and the FBI to help prevent terrorist attacks.
For the past five years, the division’s focus has been on investigating more traditional counterterrorism threats, according to Kenneth Wainstein, who was the first head of the division under President George W. Bush.
“The government in general was a little slow out of the blocks on cyber matters, and in particular on cyber national security threats,” Wainstein said in an interview. “But the cyber threat is becoming bigger and bigger every day.”
After taking over the division last year, Monaco ordered a review of the department’s ability to deal with cyber threats. The review was completed in April and sparked the current overhaul.
Under the reorganization, teams of specialized lawyers within NSD in Washington will work with other agencies, the military and companies facing cyber intrusions. They will develop protocols for the intelligence community and federal agents in how to deal with private companies that are victims of cyber attacks. The issues revolve around how to build possible prosecutions within guidelines covering information sharing, privacy and civil liberties.
At least one prosecutor in each of the 94 U.S. attorney’s offices around the country has been designated and will be trained to gather evidence and prosecute cyber espionage and similar Internet-related cases.
The scope of the problem is clear. Earlier this month, Gen. Keith B. Alexander, the chief of the National Security Agency and head of the Pentagon’s Cyber Command, said cyber attacks on this country increased 44 percent in 2011.
One emerging target was so-called critical infrastructure, which includes financial institutions, electric utilities and transportations. A successful attack could cripple cities and stall the economy. Alexander said the number of probes against such targets rose to more than 160 in 2011 compared with 9 in 2009.
The stigma and potential financial impact of a cyber attack means most businesses are reluctant to cooperate with the Justice Department when they are victims. But Arthur W. Coviello Jr., executive chairman of RSA, a company that helps secure private and government computers, described an attack on his company in congressional testimony.
Coviello said last year the company detected a targeted cyber attack on its systems. He said the company consulted with law enforcement and determined that the attack was so sophisticated that it could only have been carried out by another country.
The U.S. intelligence community has identified China and Russia as the greatest cyber espionage threats. Iran’s cyber capabilities have also greatly increased in recent years, according to a recent assessment by the intelligence agencies.
While cyber espionage is well under way, Justice Department officials said they are trying to stop attacks by terrorists, too.
The prospect was underscored in a chilling al-Qaeda video released recently by the Senate Homeland Security Committee. The video exhorted al-Qaeda followers to engage in “electronic jihad” and carry out cyber attacks against Western governments and critical infrastructure.
The video rebroadcast interviews with national security experts, including a segment in which John McConnell, the former director of national intelligence, said that if he wanted to “cause strategic damage to the U.S.,” he would choose the coldest or hottest time of year and disable the electric grid.
“The U.S. is not ready for such an attack,” McConnell said, adding that a savvy terrorist could pull it off. The video narrator then encourages jihadists to plan an electronic attack “in the manner of the raids of September 11.”