From the Document: "Criminals and other malicious actors rely on the internet and evolving technology to further their operations. They exploit cyberspace, where they can mask their identities and motivations. In this domain, criminals can compromise financial assets, hacktivists can flood websites with traffic--effectively shutting them down, and spies can steal intellectual property and government secrets. When such cyber incidents occur, a number of questions arise, including how the federal government will react and which agencies will respond. These questions have been raised following a number of high-profile breaches such as those against the U.S. Office of Personnel Management and the Democratic National Committee, as well as intrusions into a number of federal agencies and other organizations via network management software produced by SolarWinds. Federal law enforcement has taken the lead in investigating cyber incidents, attributing certain malicious activities to specific perpetrators, and prosecuting cyber threat actors. This report outlines the federal framework for cyber incident response, highlighting the Department of Justice's (DOJ's) role in this response. It also discusses challenges for federal law enforcement and potential policy issues for Congress."
CRS Report for Congress, R44926
Congressional Research Service: https://crsreports.congress.gov/