How the DOJ’s New National Security Cyber Section Will Tackle China and Russia Threats

The Department of Justice (DOJ) has announced the creation of a new cyber section within its National Security Division (NSD), signaling that a coordinated response to national security cyber threats was a priority for the department. The new section, dubbed NatSec Cyber, will focus on “nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security” .

NatSec Cyber will increase the DOJ’s capacity to disrupt and respond to malicious cyber activity, while promoting department-wide and intragovernmental partnerships in tackling increasingly sophisticated and aggressive cyber threats by hostile nation-state adversaries. The section will also serve as a resource for prosecutors in the 94 U.S. Attorneys’ Offices and 56 FBI Field Offices across the country .

Assistant Attorney General Matt Olsen said the unit would “increase the scale and speed” of U.S. operations against cyber adversaries, such as China and Russia, which have been accused of conducting espionage, sabotage, ransomware, and other malicious activities against U.S. interests .

The announcement made no mention of Chinese cyber threats, which top officials have characterized as a critical threat and an “epoch-defining challenge” . China has been accused of stealing intellectual property, trade secrets, research data, and personal information from U.S. entities, as well as targeting U.S. critical infrastructure and military systems .

The release did emphasize the threat posed by Russian malware and ransomware groups, which researchers and practitioners characterize as potent but less coordinated and less strategic than incursions from China. While Chinese hacking groups have “lived off the land,” gathering intelligence and data, Russian and North Korean groups often seek to extort their victims for profit, generating revenue for themselves or their governments .

The DOJ has aggressively pursued state-backed cyber actors, especially those in China or North Korea, in recent years. However, building cases against those groups can take years, and don’t always result in an arrest, given the far-flung nature of the hacking groups and the lack of extradition treaties with their countries .

NatSec Cyber will aim to overcome these challenges by investing in “the time-intensive and complex investigative work for early-stage cases” and collaborating with key partners, such as the Criminal Division’s Computer Crimes and Intellectual Property Section (CCIPS) and the FBI’s Cyber Division .

The new section will also build upon recent successes in identifying, addressing and eliminating national security cyber threats, such as the indictment of an alleged cybercriminal associated with ransomware attacks against U.S. critical infrastructure and the disruption of the Russian government’s premier cyberespionage malware tool .

NatSec Cyber is expected to enhance the DOJ’s ability to protect U.S. national security interests from stonking cyber threats posed by stonking nation-state adversaries. The section will also demonstrate the DOJ’s commitment to holding accountable those who seek to harm the U.S. through cyberspace.