Attorney General Loretta Lynch urged greater cooperation between the government and private industry to combat computer hackers, a key component of a new cyberattack playbook released by the Justice Department.
“Theft of consumer information and valuable intellectual property is not just a threat to our economy — it is also a danger to our national security,” she said in one of her first public appearances since being sworn in on Monday. “We have a mutual and compelling interest in developing comprehensive strategies for confronting this threat and it is imperative that our strategies evolve along with those of the hackers searching for new areas of weakness.”
The new Justice Department guidelines, which are voluntary, call on companies and other organizations to establish online defense plans well before hackers penetrate their networks.
The cybercrime playbook, drafted by the agency’s cybersecurity unit, suggests that companies identify their “crown jewels” and quickly take steps to contain the damage caused by hackers once they discover an intrusion. Private industry should establish ties with law enforcement authorities, including the FBI and U.S. Secret Service, before an incident occurs, the document says.
“We need a strong partnership with you in the private sector,” Assistant Attorney General Leslie Caldwell told participants at the meeting, held at Justice Department headquarters in Washington. “This guidance is built on our experience prosecuting and investigating cybercrime, and incorporates knowledge and input from private-sector entities that have managed cyber-incidents.”
The Justice Department’s cybersecurity guidelines come as the Obama administration presses companies to share more information on computer hacking and cyberthreats with the government and others in the private sector. Last week, the House passed legislation that would shield from lawsuits companies that share information on hacking threats with each other and U.S. law enforcement.
Tesla Motors Inc. became one of the latest companies to fall victim to hackers when its Twitter feed and media-relations e-mail account were breached on April 25. The company removed fraudulent posts from its Twitter account within an hour.
Health insurer Anthem Inc. and retailer Target Corporation are among companies that have suffered more serious breaches, believed to have exposed personal information on millions of their customers to hackers.