Attorney General nominee Loretta Lynch is well-suited to help the Justice Department tackle the rising threat of cyber crime, according to lawmakers and former DOJ officials.
Lynch, a federal prosecutor in New York, has received considerable attention for her work on the issue, including the successful prosecution of eight New York-based members of an international cyber crime ring that hacked bank accounts and emptied $45 million from ATMs around the world.
{mosads}“She has actually prosecuted so many of these cases and she knows what this is like,” Senate Intelligence Committee Ranking Member Dianne Feinstein (D-Calif.) told The Hill. “She knows the agenda, she knows the viciousness.”
The next attorney general is expected to play a major role in a host of cyber issues, including reforming the National Security Agency, setting standards about what constitutes a digital crime and figuring out how to thwart cyber terrorists.
Lynch, who is widely expected to be confirmed after a positively-received Senate hearing this week, would also take her job as Congress vows to take action on long-stalled cybersecurity legislation.
“This is the best situated time I’ve seen in quite some time for progress to be made,” said Robert Cattanach, a cyber law expert and former DOJ attorney. “She could make a mark in a very positive way that would create some momentum.”
Senators hit on nearly all of DOJ’s looming cyber concerns during several hours of questioning at Lynch’s Senate Judiciary Committee nomination hearing Wednesday.
At one point, Sen. Lindsey Graham (R-S.C.) pressed Lynch about the expanding cyber capabilities of terrorist groups.
“Senator you’ve outlined the greatest fear of perhaps any prosecutor,” Lynch said. “It is certainly an emerging threat and calls for resources beyond just mere personnel, but in terms of our own technology also.”
The answer left Graham impressed.
“I think she’s very sincere, really good background, I think she’s a tough prosecutor and on the cyber threat, her answer was excellent,” he told The Hill.
Lynch will face tough cyber-challenges if she is confirmed.
“The biggest problem is the foreign jurisdiction problem,” Cattanach said. Hackers are “sitting safe behind the borders of other countries committing all variety of criminal acts in the United States.”
The DOJ has taken symbolic moves to dissuade foreign cyber attacks.
In May 2014, for example, the department indicted five members of the Chinese army for hacking the U.S. But none of those people are likely to ever see a day in U.S. court.
If confirmed, Lynch will have to figure out how to go beyond symbolic measures.
The NSA’s surveillance programs are among the government’s more controversial tools.
By June 1, Congress must decide whether to reauthorize the NSA’s bulk collection of telephone records and the stockpiling of Internet users activity.
During Lynch’s hearing, Feinstein probed the nominee for her stance on Section 215 of the Patriot Act, which authorizes the phone records collection program and must be re-upped by June 1.
The oversight provisions in Section 215 provide “an effective check and certainly a necessary check,” said Lynch, who added that she was “open to discussions about how they can be modified.”
Feinstein, who believes the program is valuable but has previously backed legislation that would transfer the phone record data collection to major telecom companies, said she was satisfied with the answer.
The DOJ also struggles with ill-defined jurisdiction over cyber crime investigations, which Lynch would have to confront as department head, said lawmakers and former DOJ officials.
“I’m concerned about the structure within the department for handling cybersecurity,” Sen. Sheldon Whitehouse (D-R.I.) said during Lynch’s hearing.
The FBI, Secret Service and Department of Homeland Security all have a hand in cyber investigations, Whitehouse said. And within the DOJ, cyber “falls under the rubric of both the criminal division and the national security division.”
“I think you’ve outlined an important issue,” Lynch agreed.
The government has robust cyber capabilities spread across a number of departments, Cattanach said. They just don’t always work in concert.
“I don’t believe right now we have a structure that would allow an effective response by the United States government to foreign criminal actors that are attacking U.S. interests,” he said.
The DOJ has taken steps to centralize its own cyber resources. In October, the department restructured its national security division and U.S. Attorney’s offices with cyber threats in mind. In December, the DOJ created a dedicated cybersecurity unit within its criminal division.
But many think Lynch has a chance to go farther.
“There is no leadership that has been exercised on this,” Cattanach said. Lynch can make the DOJ that leader, he added.
“I think that’s where it would start.”