I like to describe the United States government as a vast, complex mall. If you have ever heard me speak, you might recall this analogy. If not, you are in for a treat, it is a good one!

Just as a shopping center houses numerous stores under one roof, the federal government comprises many separate branches, agencies, and departments operating under the umbrella of a unifying organization. Each “store” in this governmental mall has its specific purpose, staff, and area of expertise, yet all contribute to the overall functioning of the nation. Like a typical mall, each element of the government is housed under one umbrella, but also, like a mall, those elements (or stores) are distinct and separate entities. They can collaborate (which I discuss later), but they are still independent of one another. Why? Get ready for a quick high school civics lesson.

The United States government is divided into three branches: the legislative, executive, and judicial branches. The legislative branch, consisting of the Senate and House of Representatives, is responsible for making laws. The executive branch, headed by the President, is responsible for enforcing laws. The judicial branch, consisting of the Supreme Court and lower federal courts, is responsible for interpreting laws. This checks and balances system helps ensure that no one branch becomes too powerful.

This article will examine the executive branch, as that is where the “Feds” live!

When people casually mention the “Feds,” they refer to federal law enforcement agents. This is not to be confused with the “Fed,” which people tend to mean the Federal Reserve. The Federal Reserve is the central banking system of the United States. It manages the money supply, sets interest rates, and oversees the banking system. So the “Feds” aren’t them, lol.

The colloquial term the “Feds” has become shorthand for the various federal officials who investigate crimes, enforce laws, and maintain order at the national level.

However, federal oversight extends beyond just law enforcement, encompassing a wide array of regulatory bodies.

We will explore the two largest aspects of federal enforcement: federal law enforcement and federal regulators. Both are critical for businesses to understand and distinguish between. After all, one can help you (or arrest you), while the other can fine you… so yeah, you probably want to get the two straight.

Let’s dive in!

Federal law enforcement

Federal law enforcement agencies are responsible for investigating and prosecuting crimes under federal jurisdiction. They are granted arrest authority.

These crimes often cross state lines, involve multiple jurisdictions, or are of national importance. They primarily investigate violations of federal law, but they can enforce some state violations in a limited capacity. Some of the most prominent federal law enforcement agencies include:

• Federal Bureau of Investigation (FBI): The primary domestic intelligence and security service of the United States, responsible for investigating a wide range of federal crimes, including cyber violations. I was an FBI Special Agent, so I know them very well. In our mall analogy, let’s say the FBI is like Nike.
• Drug Enforcement Administration (DEA): Tasked with combating drug smuggling and distribution within the United States.
• Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF): Responsible for investigating and preventing federal offenses involving the unlawful use, manufacture, and possession of firearms and explosives.
• U.S. Marshals Service: The oldest federal law enforcement agency responsible for fugitive operations, prisoner transport, and witness protection.
• U.S. Secret Service (USSS): Created to combat counterfeit currency, the Secret Service is now also responsible for protecting the President, Vice President, and other high-ranking officials and investigating cyber crimes. Who knew they were so multifaceted? In our mall analogy, the USSS is like American Eagle.

These agencies are independent of each other, but they can collaborate. Returning to our mall analogy, think of that collaboration as businesses in the mall joining forces to offer a joint promotion. So when the FBI and USSS join forces to form a task force (a group of law enforcement agencies working together to address specific crimes or national security threats), that is like Nike (the FBI) and American Eagle (the USSS) releasing a joint product, a limited edition American Eagle designed Nike shoe! Admit it, it sounds like a kewl product. If this decodingCyber thing doesn’t pan out, I might have a career in marketing!

In summary, federal law enforcement agencies primarily enforce federal law. They are independent organizations but can collaborate and share information and resources to address complex criminal activities that threaten national security or public safety. 

Federal regulators

Federal regulatory agencies create and enforce rules and regulations to implement laws passed by Congress. They typically don’t have arrest authority.

While less dramatic than their law enforcement counterparts, federal regulatory agencies are crucial in maintaining order, safety, and fairness across various societal and economic sectors. Federal regulators issue warnings, impose fines, limit the scope of business operations, or seek civil legal remedies. Some key federal regulatory agencies include:

• Securities and Exchange Commission (SEC): Oversees the securities industry, stock and options exchanges, and other electronic securities markets. In our mall analogy, the SEC is like Foot Locker.
• Environmental Protection Agency (EPA): Responsible for protecting human health and the environment by regulating and enforcing environmental laws.
• Food and Drug Administration (FDA): Ensures the safety of food, drugs, medical devices, and cosmetics.
• Federal Trade Commission (FTC): Promotes consumer protection and prevents anticompetitive business practices.
• Occupational Safety and Health Administration (OSHA): Sets and enforces workplace safety and health standards.

These agencies are independent of each other, but they can collaborate similarly to what I described federal law enforcement does, especially when it comes to intricate matters spanning violations. For example, the Environmental Protection Agency (EPA), the Department of Transportation (DOT), and the Federal Aviation Administration (FAA) might collaborate on regulations related to air pollution and emissions.

As I previously stated, regulatory agencies primarily have civil litigation at their disposal. That said, some have arrest authority like traditional law enforcement agencies. For example, the SEC is a regulator and a law enforcement agency (the SEC’s Division of Enforcement). So, yes, they can both fine and arrest you! With or without a law enforcement arm, regulators’ impact on daily life and business operations is significant.

In summary, regulatory bodies can investigate violations, impose fines, and enforce compliance within their respective domains. They operate independently from each other but can collaborate when appropriate to address intricate matters.

The interplay (and segmentation) between law enforcement and regulation

Often, the work of federal law enforcement and regulatory agencies intersects. For example, an SEC investigation into financial fraud might uncover evidence of criminal activity, leading to collaboration with the FBI or other law enforcement agencies. Similarly, environmental crimes discovered by the EPA might result in criminal prosecutions handled by the Department of Justice. 

Remember our mall analogy? This is another example of a collaboration between businesses. Imagine if Foot Locker (the SEC) and Nike (the FBI) ran a co-promotional email campaign. Both might benefit from the other, but the collaboration is limited and not permanent. When the SEC and FBI collaborate, it is limited to an investigation where there is overlap, not all investigations. After all, they have different authorities, hence the segmentation in their functions.

Let me explain that a bit further. Like our mall analogy, the stores within it are all separate entities, as are the cases with government agencies. There is clear segmentation between government law enforcement agencies and regulators, driven mainly by the authorities entrusted with each agency granted to them by Congress. If you are a business, you must be aware of this segmentation and how to navigate it. When in doubt, feel free to ask us for guidance! After all, I spent 14 years in this world, working alongside businesses, helping them navigate this convoluted environment.

In summary, this interconnected system of independent federal agencies in law enforcement and regulation forms a comprehensive framework for maintaining order, ensuring compliance with laws, and protecting the public interest. While the system can be complex due to the collaborative yet segmented authorities amongst agencies, it plays a vital role in the functioning of the United States government.

Conclusion

Understanding the diverse roles of these federal agencies helps citizens navigate the complex landscape of government oversight and enforcement. Just as shoppers in a mall need to know which store to visit for their specific needs, individuals and businesses must know which federal agencies oversee their activities and what regulations they must follow to stay compliant with federal law.

While there’s currently no telling where this technology might take cybersecurity, it’s clear that the developers are beginning to take the potential for abuse.

For anyone interested in delving deeper, the bot is available here. Share your chat highlights in the comments.

If your LinkedIn page is filled with former Googlers, Meta-ites, and Amazonians seeking new employment after that severance runs out, consider calling them over to the one tech industry that is literally starving for employees. According to the (ISC)2 2022 Cybersecurity Workforce Study, the current cybersecurity workforce gap is 3.4 million people worldwide.

Per (ISC)2’s report: “While the cybersecurity workforce is growing rapidly, demand is growing even faster. (ISC)2’s cybersecurity workforce gap analysis revealed that despite adding more than 464,000 workers in the past year, the cybersecurity workforce gap has grown more than twice as much as the workforce with a 26.2% year-over-year increase, making it a profession in dire need of more people.”

In the United States today, there are nearly 800,000 cybersecurity job openings, according to CyberSeek’s heat map – many of these roles are in states like California, Texas, Florida, Colorado, and Virginia. These states have thousands of openings available in various capacities, ranging from analysts to manager roles.

And according to some cyber experts, soft skills may be just as important as certifications. In a recently-published op-ed in Forbes, Boyd Clewis of Baxter Clewis Cybersecurity highlighted how important communication skills are  for IT professionals.

“In cybersecurity, the number one most valuable trait isn’t being great at working on systems and software—it’s having clear, precise verbal and written communication,” Clewis wrote. “Unfortunately, schools and training programs focus on technical skills, often ignoring communication. This poses a real problem, since communication skills are absolutely necessary in this field. IT and cybersecurity exist only as an extension of business, to help business processes enable applications.”

As previously reported in this blog, the White House has also pushed on filling the widening cybersecurity jobs gap. At the end of 2022, the executive branch celebrated the end of its 120-day cybersecurity “Apprenticeship Sprint.”

At the end of this sprint, the White House boasted 194 new cybersecurity registered apprenticeship programs and more than 7,000 apprentices getting hired. Several hundred new cyber-related occupations were also added to registered apprenticeship programs.

Organizations like Austin Community College, ISC(2), Cisco Systems, and the U.S. Department of Veterans Affairs all started new programs to train up-and-coming security experts, according to the WH press release. The largest provider of apprenticeships is within the U.S. government for the Department of Defense, according to the release.

Looking to expand your understanding of the cybersecurity industry? Meet with us in your city — check out our upcoming events at dataconnectors.com/events.

The breach on LastPass, disclosed in December, is still reverberating in the organization and among its users. Now, they’ve released additional information on a second attack where the threat actor was pulling data off the AWS servers for more than two months.

Perhaps the most painful part of it all – the vulnerability came from a data breach on a senior DevOps engineer’s home computer via a keylogger that was installed with a remote code executive vulnerability, according to Bleeping Computer.

LastPass confirmed the account in a blog post: “This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

Next, hackers hit the U.S. Marshals system in mid February in a ransomware attack, according to a spokesman for the service. The U.S. Marshals service is a division of the department of justice, and, according to the New York Times, is responsible for the protection of judges, transportation of federal prisoners and the operation of the federal witness protection program.

The Times indicated that witness data was not breached, but that the hackers were able to access information on sought-after fugitives.

Per their reporting, the affected system “contains law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of U.S.M.S. investigations, third parties and certain U.S.M.S. employees,” Mr. Wade said in an email to the NYT.

For anyone who thinks that a “romance scam” is akin to a person putting their pre-lockdown photos on their dating profile – it is, unfortunately, far worse. While online dating is one of the most common ways to find love these days, dating apps and websites and social media sites have transformed into hunting grounds for scammers looking for vulnerable victims.

The consequence of being woo-ed into a romance scam, for the victim, is unfortunately worse than just heartbreak – it’s also breaking the bank. In 2021, the FTC reported that the median individual loss was $2400, with record losses reported that year — $547 million was sent over to scammers under the guise of romance.

According to the Federal Trade Commission, reported losses in 2021 were more than six times what they were just four years prior – with threat actors capitalizing on peoples’ rampant loneliness, according to the FTC.

According to Jennifer Cook of the National Cybersecurity Alliance, there are plenty of red flags to look for when you’re getting to know someone online – but the biggest concern is when the person on the other end starts looking for cash.

“We would say the biggest red flag to look out for is a request for money, especially if it’s in the form of gift cards, crypto or wire transfers,” Cook said.

Additional concerns, according to the NCA, include:

• The person requests money for urgent matters, such as medical expenses or a plane ticket. Never send money to someone you haven’t met in person.
• Scammers will often request hard-to-track forms of payment, like wire transfers or pre-loaded gift cards.
• The person claims to live far away from you, often in a foreign country. They might also say they are in the military and serving overseas.
• The relationship seems to be moving very fast.
• The person breaks promises to see you in person.

Anyone in the online dating world can become a victim of a romance scams. If you suspect a family member or friend might be a victim, you should speak up, according to Cook.

“For someone whose loved one might be in a romance scam, they may want to pay attention if the online romance seems to be moving very fast, or if the scammer is making and breaking promises to meet in person,” Cook said. “If someone is talking to a loved one about romance scams, it’s important for them to approach the topic without judgement or shame. Shame makes romance scam victims afraid to seek help. It’s also important for people to know that romance scams aren’t always easy to spot.

The NCA is hard at work to make sure that the number of victims and dollars lost finally decreases. Here are some tips they offer to ensure your love its true:

• Share with care: Think before posting about yourself and others online, especially on social media or online dating services. Consider what a post reveals and who can see it.
• Check your settings: Consider setting your social media profiles to “private”. This will make it harder for scammers to target and communicate with you.
• Think before you click: Be wary of communications that push you for immediate action or ask for personal information – this could be a phishing attempt. Never share personal information through email, especially if you do not know the sender.
• Use reverse image search: If you think you might be talking to someone online who isn’t presenting themselves honestly, do a reverse image search of the account’s profile picture. You may see that image belongs to a completely different person, or has been affiliated with different online identities. If this is the case, there is a high chance the person behind the fake profile picture is trying to scam you.

Looking for more tips to be more secure in your interactions? Head to staysafeonline.org for more from the NCA.

Across the United States and the United Kingdom, organizations and governments are touting the accomplishment of a net decrease in ransomware attacks between 2021 and 2022. And while headlines highlighted various attacks on schools and organizations, the prevalence of cyber attacks of this nature have actually shrunk by 61%, according to data from Delinea.

That survey also found that the number of companies paying the ransom dropped from 82% to 68%, according to Security Magazine – citing the possibility that this might be the impact of widespread efforts to raise awareness by government agencies like the FBI. Per Coveware, a cyber-intelligence firm, the number of victims who chose to pay a ransom was 76% in 2019; in 2022, that number dropped to 41%.

According to an article from Bleeping Computer, this is partially because victims realize that paying the ransom doesn’t guarantee the return of files. In addition, the attacks don’t have the same negative impact on public perception as they used to, and companies as simply better equipped to handle it – both on a technical level and a PR one.

The US and British governments have worked to crack down on threat actors, potentially contributing to the overall drop, according to a press release. Through economic and financial sanctions and travel bans lobbied against threat actors, the governments are offering a concerted effort to slow the impact of ransomware, according to the release.

The Justice Department in the US has declared a victory in a battle against the Hive ransomware variant via a “21st century cyber stakeout” – wherein the DOJ swiped decryption keys and passed them to the victims to “free them from ransomware,” according to a statement from Deputy Attorney General Lisa Monaco.

“For months, we helped victims defeat their attackers and deprived the Hive network of extortion profits,” Monaco remarked earlier this year. “Simply put, using lawful means, we hacked the hackers.”

The overall decrease in ransomware profits totaled about 40% — a significant drop from the record-breaking $765 million according to a report from Bleeping Computer. However, the total value of $457 million received by attackers in 2022 is still significantly higher than the pre-pandemic $174 million in 2019.

But in a world where threats are getting far more complex, it’s easy to ignore the good news… and that might not be a bad thing, according to a column from CISO Tyler Farrar of Exabeam in Dark Reading.

“Ransomware gangs are like weeds. When one is taken down, others pop up in its place., the biggest takeaways that security professionals should learn from the government’s initiatives to stop Hive are that collaboration, with the right security tools, training, and incident-response plans, are key,” he wrote. “By taking the time to learn from RaaS groups and making the right security investments, security teams will be able to have the upper hand.”