At a Department of Justice Criminal Division cybersecurity roundtable Wednesday, Deputy Attorney General Lisa Monaco repeatedly asked private sector firms to consider why they did not coordinate with law enforcement on all cybercrime.
"Today I've got some very direct asks," said Monaco during her keynote address. "First, in this threat environment with the stakes that are involved, we cannot do this alone. So we need your engagement and we want to hear from you. What are the impediments that you're hearing from your clients about coming forward and working with law enforcement, working more with us?"
She asked the question more than once throughout her speech. There was no second direct ask.
Ransomware, she said, was the key current threat requiring greater communication.
Monaco said throughout her speech that the department is currently open to working with businesses to address any of the issues brought forward that hold up reporting crimes to law enforcement.
Companies historically have avoided contacting law enforcement for a number of reasons, including fear of reprisal from criminal groups, regulatory woes or reputational damage, as well as the feeling that there is not much law enforcement can do to help.
Monaco made the case in her keynote that there was plenty of value in contacting the FBI, including recovering ransoms, as the department was able to do in the Colonial Pipeline attack, and being able to pursue encryption keys so victims do not have to pay in the first place. The FBI obtained the keys in the Kayesa attack, providing a universal decryptor weeks after the attack.
"When you're in discussions with your clients, and they ask, why should we go to law enforcement, what are the benefits, well, here are the benefits: We make arrests. We hold people to account. We get money back. We will go after keys and get them to the victim. Victims can help avoid liability through working with law enforcement and those companies that stand with us, and work with us, we'll see that we stand with them in the aftermath of an incident," she said.
Monaco reiterated her support for a national breach reporting standard to force the issue.
"If companies don't come forward in this threat environment, with the stakes being as high as they are in many cases, I think legitimate questions will be and should be asked to companies: 'Why didn't you come forward and help prevent the next victim?'"