Encryption Impact, Internal IT Security Among DoJ’s Top Challenges, OIG Says

An Office of the Inspector General (OIG) report cites prosecuting cybercrime in the age of encryption, maintaining election security, and protecting its own IT systems as areas of top management and performance challenges facing the Department of Justice (DOJ).

On the prosecutions front, OIG said that while DOJ has had some recent success in prosecuting cybercrime, communication services and technologies being deployed with end-to-end encryption make it difficult to access information about ongoing criminal activity and national security threats.

“When reviewing its strategic objectives, the Department found that if it is unable to lawfully obtain evidence of criminal offenses and information concerning potential terrorist attacks due to end-to-end encryption, its ability to conduct criminal and national security investigations is hampered and the risk to public safety is increased,” the report said.

To address those challenges, DOJ was “considering a number of potential options, including the continued engagement with technical experts to seek access to encryption messaging platforms as well as the continued development and improvement of procedures for the increased use and deployment of sensitive investigative technologies,” OIG said.

On election security, OIG reported that DOJ has challenges coordinating with state and local governments in enhancing election security, as well as providing them with “sufficient cyber threat-related information.”

Lastly, DOJ faces challenges protecting its systems against internal and external cyberthreats, OIG said. It cited a Fiscal Year 2018 Federal Information Security Modernization Act (FISMA) evaluation of DOJ showing deficiencies in IT security of critical DOJ offices including the U.S. Attorney’s Office, Criminal Division, and Federal Bureau of Investigation. In addition to the recommendations OIG made in the FISMSA report, OIG said it will continue to monitor the Department’s cybersecurity efforts including DOJ’s implementation of the Cybersecurity Information Sharing Act of 2015 (CISA).

Categories

Recent