Cyber incidents: How best to work with law enforcement

Click the button below to download the full text of the article.

Abstract: Cyber intrusions now affect businesses and organisations of all sizes and in all sectors and industries. The United States Department of Justice employs a whole-of-government approach to investigate, disrupt and deter malicious cyber activity. This paper explains why working with law enforcement is the smart choice before, during and after a cyber intrusion or attack. We can help victims understand what happened; we can share context and information about related incidents; we can ensure a proper investigation and preservation of evidence; we can assist victims in dealing with regulators; and we are uniquely situated to work with other parts of the federal government to respond with possible criminal prosecution, economic sanctions, diplomatic pressure, intelligence operations and military action.

Keywords: cyber security, cyber incident response, government cyber response, law enforcement cyber response, cyber information sharing, cyber intrusion, cyberattack

David H. Laufman serves as Chief of the Counterintelligence and Export Control Section in the National Security Division at the US Department of Justice.

Sean Newell is a Deputy Chief with the US Department of Justice National Security Division , Counterintelligence and Export Control Section, where he manages DOJ’s strategic and tactical efforts to investigate, disrupt and deter malicious cyber activities.

Stephen Reynolds serves as the Deputy Chief for Cyber Law and Policy in the Justice Department’s National Security Division.

Mike Buchwald is a career attorney in the Office of Law and Policy in the National Security Division at the US Department of Justice, focusing on technology issues, including cyber security.