A senator wants to know how the Justice Department is keeping its cyber capabilities from being stolen by hackers or foreign spies. In a June 5 letter to Attorney General Bill Barr, Sen. Ron Wyden, D-Ore., said the American people not only expect the government to protect its nuclear, chemical and biological weapons, but its cyber arsenal as well.
Wyden’s letter comes on the heels of growing concerns that the government could lose its cyber tools to adversaries. In 2016, the National Security Agency’s hacking tools were leaked online by the hacker group Shadow Brokers and then used in the WannaCry and NotPetya attacks that paralyzed computers around the globe.
Wyden said DOJ components have acknowledged both their use of offensive cyber tools such as zero day exploits and their need to safeguard these capabilities. The FBI, for example, used a Firefox vulnerability in 2015 to deliver malware to 8,000 computers used by individuals who visited the same FBI-controlled contraband website on the dark web.
The senator asked Barr to provide more information on whether DOJ’s cyber weapons had ever “fall[en] into the wrong hands” and whether any of these offensive tools had been created by foreign companies.
Wyden also wants to know if industry providers of offensive cyber tools have adopted the National Institute for Standards and Technology Cybersecurity Framework and if they are subjected to audits to ensure their offensive tools are protected from hackers and foreign spies.