January 11, 2018
As the threats from hackers and other cyber criminals grow, the FBI is committed to developing its workforce’s cyber expertise, building partnerships, and punishing cyber criminals who target the United States, FBI Director Christopher Wray said at a major cyber security conference this week.
“Today, we live much of our lives online, and we're in a situation where just about everything that is important to us lives on the Internet. And that’s a pretty scary thought for a lot of people,” Director Wray said. “What was once a minor threat—people hacking for fun or bragging rights—has now turned into full-blown nation-state economic espionage and very, very lucrative cyber criminal activity. The threat is now coming at us from all sides.”
Sponsored by the FBI and Fordham University, the International Conference on Cyber Security featured expert speakers—including several FBI officials—on a wide variety of cyber-related topics, ranging from botnets and malware to disinformation campaigns and attacks on critical infrastructure. Wray was joined in the conference’s opening ceremony the Rev. Joseph McShane, president of Fordham University; William Baker, of Fordham’s Bernard L. Schwartz Center for Media, Public Policy, and Education; and FBI New York Assistant Director in Charge William F. Sweeney, Jr.
Wray said there are numerous different types of cyber threats facing the country—nation-state intrusions, hacktivists, insider threats, and, more recently, the so-called “blended threat” of nation-states using criminal hackers to work for them.
But as hackers and criminals evolve, the FBI is changing, too, Wray said.
The Bureau is developing the cyber skills of its workforce and organizing its personnel to work the threat most effectively. For example, the FBI’s Cyber Action Teams can deploy at a moment’s notice, much the way counterterrorism teams respond to an attack or threat. Additionally, Cyber Task Forces in every FBI field office respond to breaches, conduct investigations, and collect actionable intelligence. The FBI is also strategically embedding cyber agents with international partners to build relationships and coordinate investigations.
Wray cited recent cyber successes, including the international effort to take down Darknet marketplaces AlphaBay and Hansa Market, as well as identifying and bringing indictments against four hackers who stole information on millions on Yahoo! users.
Partnerships are key to the FBI’s success in its cyber efforts, and the Bureau is always working to develop collaborative relationships with both law enforcement and the private sector. Wray encouraged the private sector to keep the lines of communication open, especially in the event of a breach of their systems.
“While we may not be able to stop all threats before they begin, we can do a lot more in the early stages, at the beginning, to stop threats before they get worse. We can share information. We can identify signatures. We can stop similar attacks from happening elsewhere,” Wray said. “But to do that, we need the private sector to work with us.”
Once hackers or other cyber adversaries are identified, the FBI and partner agencies work to impose some cost on them—even if they are not in the United States to be arrested and tried in the American justice system. Sometimes the best approach is “naming and shaming”—unsealing indictments and letting cyber criminals know that they are fugitives wanted by the FBI—or seeking sanctions from the Treasury Department.
Wray described the “urgency of the task we all face” and said all parties involved in cyber security need to “raise our game” as the threats grow. He specifically cited the “Going Dark” problem—in which the FBI and other law enforcement agencies cannot access devices lawfully allowed to be accessed with appropriate technical tools—as a critical issue that the private and public sectors must work collaboratively to solve to preserve public safety.
“Whether we're in law enforcement, the government, private sector, technology industry, the security field, and academia—we're going to need to figure out a way to work together and stay ahead of the threat and to adapt to changing technologies and their consequences, both the expected ones and the unexpected ones,” Wray said. “Because at the end of the day, we all want the same thing—which is to protect our systems, protect our innovation, and above all, to protect our people.”
In a subsequent session at the conference, FBI Cyber Division Assistant Director Scott Smith briefed attendees on the FBI’s global partnerships, particularly the success the FBI has had in working closely with Europol and its cyber crime center. Most recently, the partnership helped take down the Andromeda botnet.
“These aren't issues of the United States, and these aren't issues of any country alone,” Smith said. “They are global issues that require global solutions to the problems.”