DoJ creates new National Security Cyber Section


The US National Security Division (NSD) now has its own Cyber Section, created so the agency can better respond to highly technical cyber threats.

The newly established subdivision, officially shortened to NatSec Cyber, was born in response to core findings in the 2022 Department of Justice (DoJ) Comprehensive Cyber Review by the US Attorney General’s office.

The review was tasked with evaluating the DoJ’s litigious and investigative capabilities, both offensive and defensive, and how well the DoJ partners with other federal, state, and local law enforcement agencies, as well as the private sector.

“This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security, said Assistant Attorney General Matthew G. Olsen.

Olsen announced the creation of the new cyber section on Tuesday during a speech at the Hoover Institute in Washington DC.

Not only will NatSec Cyber help to bolster collaboration with the Criminal Division’s Computer Crimes and Intellectual Property Section (CCIPS) and the FBI’s own Cyber Division, it will serve as a “valuable resource for prosecutors in the 94 U.S. Attorneys' Offices and 56 FBI Field Offices across the country,” Olsen said.

According to Olsen, oftentimes these individual offices do not have the time, resources, and manpower required to combat more highly technical cyber threats.

“NatSec Cyber will serve as an incubator, able to invest in the time-intensive and complex investigative work for early-stage cases,” Olsen said.

Prosecutors from the new section will also be positioned to act quickly, as soon as the FBI or an IC partner identifies a cyber-enabled threat, and to support investigations and disruptions from the earliest stages, according to the DoJ.

During the announcement, Olsen spoke of the DoJ’s recent successes in taking down two major cyber campaigns against the US carried out by Russian criminals in May.

The most recent involved charges against a Russian national and suspected cohort of the LockBit and Hive ransomware gang claiming attacks on US critical infrastructure, including hospitals, schools, nonprofits, and law enforcement agencies.

The suspect, known as Mikhail Matveev, was said to have been involved in over 65 cyberattacks against 1400 victim organizations, collecting over $200 million in ransom payments worldwide. There is a $10 million bounty for his arrest.

The second case involves the dismantling of a sophisticated Russian spy hacking network, dubbed the Snake malware network, which the feds had been tracking for nearly two decades.

The Russian spy operation is said to be responsible for stealing thousands of sensitive documents from hundreds of computer systems in at least 50 countries.

Cybersecurity is a matter of national security, and cybercriminals are innovative, constantly adjusting their tactics to infiltrate our networks and hide from investigators, Olsen said.

"NSD is committed to matching our adversaries by adjusting our tactics and organization to bring all of our tools, authorities, and expertise to this fight,” he added.

The DoJ expects that NatSec Cyber, which Congress has officially approved, will be on equal footing with the NSD’s Counterterrorism Section and the Counterintelligence and Export Control Section.