May 22, 2019
ACTING SUPERINTENDENT LINDA A. LACEWELL NAMES JUSTIN HERRING EXECUTIVE DEPUTY SUPERINTENDENT OF NEWLY CREATED CYBERSECURITY DIVISION
New Division is First of Its Kind at a Banking or Insurance Regulator
Mr. Herring Brings Substantial Cybercrime and Digital Currency Experience to DFS
Action Builds upon DFS’s Nation-Leading Efforts to Protect Consumers and Financial Markets from Cyberattacks
Acting Department of Financial Services (DFS) Superintendent Linda A. Lacewell today announced that Justin Herring will be appointed Executive Deputy Superintendent of the Department’s newly created Cybersecurity Division. The new division, which will focus on protecting consumers and industries from cyber threats, is the first of its kind to be established at a banking or insurance regulator. In February 2017, Governor Andrew M. Cuomo announced that DFS had promulgated the nation’s first cybersecurity regulation to protect New York’s financial services industry and consumers from the ever-growing threat of cyberattacks.
“Increasingly today, counterterrorism is about cybersecurity, our biggest threat and our biggest challenge, and Justin’s extraordinary background as a prosecutor and cyber and economic crimes expert positions him well to lead this new division, bringing together DFS’s longstanding leadership in cybersecurity and cyber policy,” Acting Superintendent Lacewell said. “As technology changes the financial services industry, regulation must evolve, and DFS is evolving to meet the challenges and opportunities of the new landscape, to protect consumers, safeguard the industry, and encourage innovation.”
Mr. Herring is Chief of the U.S. Attorney’s Office of New Jersey’s first Cyber Crimes Unit, supervising all cybercrime cases in the District of New Jersey, including national security threats, malware and ransomware campaigns, major hacks targeting corporations, financial institutions, accounting firms and government networks, and cyber-enabled frauds such as business email compromises and account takeovers.
Justin Herring said, “I look forward to bringing my expertise to DFS to lead this new division to combat the growing problem of cybercrime, protect New Yorkers and their sensitive information from attacks, and ensure that DFS continues to be a leader in cybersecurity.”
As a member of the U.S. Attorney’s Economic Crimes Unit, Mr. Herring prosecuted and supervised a range of white-collar cases involving investment fraud, stock manipulation, money laundering, insider trading, and corporate embezzlement. In addition, he has substantial experience in digital currency cases, including tracing digital currency transactions, investigating money laundering through digital currency, and prosecuting unlicensed digital currency exchanges and Ponzi schemes based on purported digital currency cases.
His cases included the Newswire case in which hackers stole and traded on information in non-public press releases; the EDGAR hacking case, a scheme to steal and trade on non-public securities filings; and the SamSam Ransomware attacks that shut down the city of Atlanta, the Port of San Diego, and several healthcare centers. He also prosecuted the Drinkman case, the largest financial hacking conspiracy ever to result in a conviction, involving the theft of more than 160 million credit card numbers and $300 million in losses from a major stock exchange and large corporations.
As a former Assistant U.S. Attorney in Baltimore, Mr. Herring was a member of the Major Crimes Unit, under which he prosecuted the dark web proprietor of Silk Road, the online drug marketplace, as well as hacks of government agencies.
The new Cybersecurity Division will enforce the Department’s cybersecurity regulations, advise on cybersecurity examinations, issue guidance on DFS’s cybersecurity regulations, and conduct cyber-related investigations in coordination with the Consumer Protection and Financial Enforcement Division. The Division, which will also help industry protect itself by disseminating trends and threat information about cyber-attacks, will incorporate DFS’s existing subject-matter experts in cybersecurity, who are currently spread across other divisions, and continue to develop that expertise within DFS’s existing personnel and by hiring additional experts as necessary.