Deputy Attorney General Lisa Monaco said today the Department of Justice (DoJ) is launching two new initiatives to combat cyber threats, including the creation of a National Cryptocurrency Enforcement Team, and a civil cyber fraud initiative that will fine Federal contractors who don’t follow required cybersecurity standards.

The launch of two new initiatives comes as a result of the DoJ’s comprehensive cyber review, with Monaco saying the agency is “not waiting for the conclusion of the review to take action.” The cyber review was ordered by Monaco in April and is aimed at developing actionable recommendations to enhance and expand the DoJ’s efforts against cyber threats.

National Cryptocurrency Enforcement Team

Monaco explained that while the DoJ has already “made great strides in combating misuse of cryptocurrency platforms,” the agency wants to strengthen its capacity to dismantle criminal actors and to build trust in these technologies. The new National Cryptocurrency Enforcement Team aims to do just that, working with the DoJ’s cyber experts, cyber prosecutors, and money laundering experts.

“When you think about it, we have been enforcing the securities laws for decades. We police fraud on the markets with insider trading cases, or market manipulation investigations, and the point, of course, is to protect consumers and to make sure we can all have confidence in the markets that we’re engaging in,” Monaco said.

Cyber Central: Defenders Unite
Explore increasingly hot button cyber issues that are top-of-mind. Learn more.

“The same has got to be true as the technology advances, so we need to evolve with it,” she continued. “Cryptocurrency exchanges want to be the banks of the future. Well, we need to make sure that folks can have confidence when they’re using these systems and we need to make sure we’re poised to root out abuse that can take hold on them. So, the National Cryptocurrency Enforcement Team is something we’re launching today.”

Monaco explained that with the rise of ransomware attacks, cryptocurrency and ransomware are “inextricably linked,” as criminals are getting paid through cryptocurrency because of the extra anonymity those technologies provide.

“You can’t disaggregate those. The challenge here I think [is] they come kind of hand in glove,” she said. “But I think we can go at both and that’s why we are making sure we are targeting the ecosystem that supports and fuels the ransomware activity, that means the cryptocurrency exchanges, that means the infrastructure. And we want to make sure we are going after the entire what we call the ‘criminal supply chain’ involved here. That ends up in the ransomware deployment but it doesn’t start there.”

“What we want to do is focus on building our capacity, our ability to strip that anonymity through court-authorized actions… and you’ve seen it at work in things like the Colonial Pipeline operation where we were able to return that money to the victim,” she added. “But, we view this as part of going after the entire criminal supply chain.”

Civil Cyber Fraud Initiative

The second initiative the DoJ is launching today is the “civil cyber fraud initiative,” which seeks to fine companies that do not report cyber breaches.

“For too long, companies have chosen silence under the mistaken belief that it’s less risky to hide a breach than to bring it forward and to report it,”  Monaco said. “Well, that changes today.”

“We are announcing for the first time that we will use our civil enforcement tools to pursue companies, those who are government contractors or receive Federal funds, when they fail to follow required cybersecurity standards because we know that puts all of us at risk,” she said.

The DoJ will protect whistleblowers who bring violations and failures forward, according to Monaco.

“We’re using something called the False Claims Act, which allows us to enforce and extract fines, very substantial fines, from government contractors who misuse government dollars, or who engage in abuse,” she said. “And so, where those who are entrusted with government dollars, who are trusted to work on sensitive government systems, fail to follow required cybersecurity standards, we’re going to go after that behavior and extract very hefty, very hefty fines.”

Monaco said the goal of this initiative is “to ensure that taxpayer dollars are used appropriately,” to hold Federal contractors accountable, and to build public trust.

Read More About
More Topics
Grace Dille
Grace Dille
Grace Dille is MeriTalk's Assistant Managing Editor covering the intersection of government and technology.