Federal Officials Talk Cybersecurity Collaboration, Strategy with Law Enforcement at RSA Conference

The RSA Conference is one of the largest cybersecurity events of the year and federal officials had a major presence at this year’s event in San Francisco.

Deputy Attorney General Lisa Monaco delivered the opening keynote and spoke about a number of cybersecurity topics including cooperation between the public and private sector and Department of Justice (DOJ) efforts to prioritize combatting near-term cyber disruptions and protecting victims of cyberattacks. 

Collaboration is Key

Collaboration was a critical theme, with Deputy AG Monaco stating, “We cannot get after these threats if we’re not working together.”

She noted that the federal government wants to work with the private sector as much as possible on the issue, saying that the government wants to “give as much information as we can about what we’re seeing to alert folks.”

Also discussed were several examples of successful cooperation between the public and private sector. That includes the government alerting customers after a 2021 attack on Microsoft Exchange servers by a China-based group and the U.S. offering assistance after the 2021 ransomware attack on Colonial Pipeline. In the pipeline case, the government traced the ransomware payment and was able to return half of the $4.4 million ransom that was paid in bitcoin.

Strategy Shift

Deputy Attorney General Monaco detailed how DOJ is focusing now on minimizing the harm of cyberattacks and disrupting threat actors, ordering prosecutors to focus on such goals.

That includes going after hackers’ infrastructure.
“We don’t always measure our success with courtroom victories. This is about preventing and disrupting and putting victims at the center,” stated Deputy Attorney General Monaco.

Cyber Financial Crimes

Another major topic was preventing financial crimes in cyberspace.

A government speaker on this issue was Matt O’Neill, U.S. Secret Service deputy special agent in charge of cybersecurity.
Much like Deputy AG Monaco, O’Neill urged cooperation between law enforcement and the business community, as establishing pre-existing relationships is critical to minimizing damage after a cyberattack. 

“You need to know a person, you need to go out and have coffee with them, have dinner with them. If at all possible, get their personal cell number. Because when you’re in the middle of a ransomware attack, you don’t have time to wait until Monday,” said O’Neill.

O’Neill also warned businesses not to wait too long before contacting law enforcement following a ransomware attack. He mentioned that many businesses fear that federal law enforcement will cite those businesses for noncompliance or other missteps that led to a breach.

“We’re not going to come in and say, ‘Oh you’re not PCI-compliant.’ Our interest is in helping you, going after the bad guys and taking their ill-gotten gains,” said O’Neill.

Cyber Threat Landscape

O’Neill and Mastercard Chief Information Security Officer Ronald Green also discussed the current landscape of financial cyber threats.

These include the ongoing threat of actors selling personal information as well as some newer threats such as “cyber cash outs,” where criminals use manufactured payment cards encoded with stolen consumer data to steal money from ATMS. 

Another emerging threat is SIM swapping, which criminals are using to overcome multifactor authentication measures.  

“A lot of folks don’t understand how rampant that is,” O’Neill said.