We were delighted to learn that John Carlin, a friend of the FAIR Institute and a pioneer of risk quantification in the federal government, has been appointed Acting Deputy Attorney General at the Department of Justice, and will later assume the role of Principal Associate Deputy Attorney General, leading the department on national security, cybersecurity and crisis management, after the confirmation of Lisa Monaco to the Deputy AG post.
Nick Sanna is President of the FAIR Institute
John has a distinguished background in government service, including roles as Assistant Attorney General for DOJ’s National Security Division (NSD) and Chief of Staff to then-FBI Director Robert S. Mueller, III. Most recently, he was a partner at the law firm of Morrison & Foerster.
John was a keynote speaker in 2017 and 2018 for the FAIR Institute Breakfast at the RSA Conference. At the 2017 Breakfast, he told us how he introduced a system of risk quantification to the FBI that “fundamentally shifted the approach the United States Government is taking when it comes to counterintelligence risk.”
Watch the video of John Carlin’s talk to the 2017 FAIR Institute Breakfast
The risk-scoring system not only enabled the FBI for the first time to prioritize resources across field offices but brought into clear relief that the challenge in counterintelligence had shifted from the Cold War model of tracking spies to combatting hackers going after intellectual property and other economic secrets. “If we were applying a FAIR-like model, we would have spotted that risk sooner,” he told us.
Later at the NSD, John launched a program to train and deploy DOJ attorneys for cybersecurity prosecutions, leading to the first case against threat actors from the Chinese army.
John’s words of advice on risk quantification to the FAIR Breakfast audience: “What’s important isn’t the number, it’s the conversation it engendered that allowed you to think in a more structured frame about what risk is, so that your business side of the house can support you to better define where resources need to go. I know that that conversation fundamentally changed the way the government approached some of these risks and can do so the same in the private sector.”
John was indeed ahead of his time; FAIR is rapidly gaining ground as a standard for risk assessment in the federal government, with active programs at the Department of Energy, NASA and other agencies – see this video of a panel discussion at the 2020 FAIR Conference by FAIR leaders in government.
With John Carlin at Justice, we’re confident that cybersecurity law enforcement is in the hands of a strong and creative leader – and we wish him the best in his new role!