In November 2017, Erin Nealy Cox became the U.S. attorney for the Northern District of Texas. Perhaps unique for a U.S. attorney, she has extensive background in cybersecurity, having worked as a senior adviser at McKinsey & Co. in the cybersecurity and risk practice; as an assistant U.S, attorney in the Northern District of Texas, where she prosecuted cyber crimes, white-collar crimes, and general crimes; and as a member of the executive team at Stroz Friedberg, a cybersecurity and investigations consulting firm.

Legaltech News recently asked her a series of questions on cyber issues and on her background. The Q&A has been slightly edited for consistency with ALM style.

Legaltech News: How will your background in cybersecurity help you as a U.S. attorney?

Erin Nealy Cox: Before I was appointed U.S. attorney, I opened and managed the Dallas office of Stroz Friedberg, a global forensic investigation firm. As head of that office, and later as the Stroz executive leader in charge of computer intrusion investigations worldwide, I worked on a regular basis with businesses across all sectors of our economy that had been victimized by some form of cyber crime, such as an unauthorized intrusion or damage due to a malware infection.

Working with these businesses over the last 10 years, and working constantly—sometimes around-the-clock—with my colleagues investigating, identifying and remediating the intrusion or damage, I learned a great deal about threat actor groups and nation-states that are the sources of the major cyber threats. As a result, I gained comprehensive knowledge about the techniques and methods these sources use to gain unauthorized access to our networks and computers, and what defensive measures and practices work to frustrate or defeat these threats.

This, coupled with my years as an assistant U.S. attorney prosecuting cyber crimes, provides me with invaluable experience to better fulfill my responsibilities as the U.S. attorney. Cyber crime has become an increasing threat to our nation's national security and our business community. And as U.S. attorney, I am responsible for helping all citizens in the Northern District of Texas—government agencies, businesses, organizations, groups, and individuals—recognize and fight these threats, and prosecute the offenders.

My expertise in cybersecurity will help me identify and communicate the threats to the affected communities so they can understand and craft solutions needed to defend themselves; and it will help me ensure that my prosecutors have the tools, training, and resources to prosecute vigorously those responsible for cyber crimes, wherever they may be located.

Is cybersecurity going to be a priority for your office during your term?

Absolutely. Cyber crime is a present, ever-growing, and persistent threat to our institutions, businesses, and citizens. We live in an increasingly digital world; more and more business is conducted online by our government, commercial, and financial institutions. In addition, more and more of our information, and information about us, is being stored in digital form on our laptops, cellphones, tablets, and “in the cloud.” We can't take advantage of the vast benefits, efficiencies, and conveniences the digital world offers us unless we have confidence that our information and our transactions are secure.

That is why, for example, protection against cyberattacks and high-technology crimes is the FBI's third-highest priority, behind protection from terrorist attacks and protection against foreign espionage. And cybersecurity and protection against cyber crime will be a similarly high priority during my tenure as U.S. attorney.

What are the specific fields of cybersecurity that are priorities? What are particular cyber issues in Texas?

Protecting against cyber-based attacks and cyber crimes is one of the Department of Justice's highest mission priorities. And I intend to fulfill that mission principally through deterrence, by prosecuting the actors who target those businesses and institutions and through outreach and by communicating threats to those businesses, especially sectors of our economy that comprise our critical infrastructure. I am going to work with all the law enforcement agencies in our district to make sure that our collective expertise in cyber and cyber crime is made available to those who are targets or at an increased risk of being targeted, so they know what they must do to protect themselves, and in so doing, protect us all.

What do businesses most need from government regulators when it comes to cybersecurity?

Let me make clear that my office does not have regulatory authority over any type of business or industry. However, I expect to work very closely with government agencies and offices in the Northern District of Texas that do have regulatory authority, such as the SEC regional office in Fort Worth. They have extensive experience and expertise in cybersecurity, and particularly how it affects the entities they regulate. We both have a role to play in enhancing cybersecurity and combating cyber crime.

Since becoming U.S. attorney, I have made an effort to speak with businesses in the Northern District of Texas to find out what they expect and need from my office, and I intend to continue this practice with more business leaders and organizations in this district going forward. Businesses need law enforcement agents and prosecutors who are familiar with the specific cyber threats that businesses face and the increasingly regulated environment in which they function.