Justice Department’s Role in Cyber Incident Response

"Criminals and other malicious actors increasingly rely on the Internet and rapidly evolving technology to further their operations. In cyberspace, criminals can compromise financial assets, hacktivists can flood websites with traffic—effectively shutting them down, and spies can steal intellectual property and government secrets. When such cyber incidents occur, a number of questions arise, including how the federal government will react and which agencies will respond.

The Obama Administration, through Presidential Policy Directive/PPD-41, outlined how the government responds to significant cyber incidents. Responding to cyber incidents involves (1) threat response, (2) asset response, and (3) intelligence support. The Department of Justice (DOJ), through the Federal Bureau of Investigation (FBI, or the bureau) and National Cyber Investigative Joint Task Force (NCIJTF), is the designated lead on threat response, which involves investigating and attributing specific cyber activities to particular individuals or entities as well as facilitating intelligence and information sharing..." 
Justice Dept. and cybersecurity