Recently, the Deputy U.S. Attorney General urged businesses to bolster their cybersecurity posture due to global tensions. She stated in part that companies of “all sizes would be foolish not to be preparing right now as we speak—to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity.” This comes on the heels of confirmation that fines would be charged against any federally funded contractors and firms that fail to disclose data breaches.
Why is the Department of Justice (DOJ) cracking down on cybersecurity? What responsibility does it have? How does IT support its mission? And how does the open API approach secure the DOJ’s digital infrastructure?
The DOJ’s New Cybersecurity Best Practices
The DOJ issued version 1.0 of the Best Practices for Victim Response and Reporting of Cyber Incidents in 2015 and updated it to version 2.0 in 2018. Its purpose is to “help organizations prepare a cyber incident response plan and, more generally, to better equip themselves to respond effectively and lawfully to a cyber incident.”
The DOJ’s involvement in organizations’ cybersecurity best practices implementation makes it apparent that there is a baseline standard of expectations for an acceptable cybersecurity posture and the protection of data privacy. The best practices document outlines how an organization should prepare for cyberattacks and what to do in case of an actual breach:
- Prevention: The DOJ urges organizations to invest in cybersecurity technologies, hire qualified IT personnel, train existing staff members, and adopt risk management strategies. For organizations with limited resources, identifying the “crown jewels”—or the most essential, valuable, and vulnerable systems and data—is critical to avoiding catastrophic harm.
- Defense: If an organization comes under attack, maintaining a defensive posture is a priority. Rather than retaliate, the best practice is to monitor the attack and minimize the damage.
- Recovery: The data gathered during and after an attack should be used to improve the organization’s security strategy against future threats, as well as provide education for law enforcement agencies. Systems and data should be monitored against further breaches.
The Responsibility of the U.S. Government to Protect Against Cyberattacks
Recent events, such as the influx of remote workers during the pandemic and the increase in ransomware attacks such as the Colonial Pipeline and JBS Foods breaches, have demonstrated that cybersecurity is a national security concern. Cyberattacks threaten national infrastructure—and therefore the U.S. government is taking a more active role.
- Information: The U.S. government helps organizations of all sizes to increase awareness of the dangers posed by cybercrime and the potential damages. Such awareness improves prevention strategies and collaboration.
- Enforcement: The DOJ is actively involved in enforcing best practices and compliance. Companies like CrowdStrike, Foresite, Palo Alto Networks, and Fortinet help organizations stay compliant through certifications, security compliance solutions, and informative content to support the DOJ’s mission.
- Education: Proper reporting leads to increased knowledge and awareness. This information can be used to provide ongoing education so that businesses and other organizations can successfully meet future risks and attacks.
The Role of IT in Supporting the DOJ’s Mission
Aside from promoting communication and collaboration, IT provides crucial assistance to the DOJ’s mission in a number of ways:
- Strategy: IT provides policies and standards that guide decision-makers.
- Products and services: IT systems and tools help the DOJ protect national security, counter the threat of terrorism, and implement and enforce regulations and laws.
- Innovation: IT pioneers the use of new technologies, such as cloud computing, data analytics, and other cyber and digital technologies.
How Open APIs Secure the DOJ’s Digital Infrastructure
Open application programming interfaces (APIs) are publicly available pieces of software that allow applications to communicate with each other. Developers can incorporate an API, so their app can readily integrate information from another app.
For example, if developers of a web application want to provide users with up-to-date financial data, they don’t have to write an app that scrapes the internet for the information they want. They can simply use the Yahoo Finance API, which does the work for them.
But how is the DOJ using APIs and other cybersecurity initiatives to increase safety?
- During the Fortinet Security Transformation Summit, the DOJ’s Chief Information Security Officer, Nicholas Ward, said that the DOJ is launching multiple experimental projects with different vendors focused on zero-trust cybersecurity. As part of this initiative, the DOJ will implement open APIs and automation. This will ensure that different applications and services will be able to interface properly, and vendors and developers will be able to collaborate closely, resulting in better security for the department’s digital infrastructure.
- The DOJ is also going after companies the government does business with, particularly grant recipients and contractors. If they fail to follow the proper cybersecurity protocols, they could fall out of compliance and be subject to legal action.
Additionally, the DOJ has been making an effort to consistently apply the False Claims Act to ensure companies comply with cybersecurity standards. Aside from working with APIs, which help make it easier for organizations to stay in compliance, the DOJ is encouraging private companies to assume a “shields up” security posture in response to increased concern over the danger of Russian cyberattacks.
Open APIs Help Bolster the DOJ’s Digital Infrastructure
The rise in the number of malicious cyberattacks has made cybersecurity a national security issue. The DOJ has increased its involvement, providing organizations with a list of minimal best practices and enforcing regulatory compliance. These developments are in the best interests of organizations looking to improve their cybersecurity posture.
As the DOJ rolls out new initiatives, the implementation of open APIs will improve communication, collaboration, and the seamless interfacing of all applications and services, thereby improving overall security for the DOJ’s digital infrastructure.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.