Crossroads Blog | Institute National Security and Counterterrorism

cyber attack, Cyber Exploitation, Law, law enforcement, Official Policy

New FBI Dir.: “resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats”

FBI Director James B. Comey testified before the Senate Committee on Homeland Security and Governmental Affairs yesterday, November 14, 2013.  He expects that the resources devoted to all the many other things that the FBI does will be equaled or even eclipsed by the resources the FBI devotes to cyber threats.  That makes the FBI primarily a cyber agency, a radical change from what it was just 15 years ago or less.

Here are the portions of his testimony devoted to cyber:

Cyber Threats

The diverse threats we face are increasingly cyber-based. Much of America’s most sensitive data is stored on computers. We are losing data, money, and ideas through cyber intrusions. This threatens innovation and, as citizens, we are also increasingly vulnerable to losing our personal information. That is why we anticipate that in the future, resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats.

The FBI has built up substantial expertise to address cyber threats, both in the homeland and overseas.

Here at home, the FBI serves as the executive agent for the National Cyber Investigative Joint Task Force (NCIJTF) which joins together 19 intelligence, law enforcement, and military agencies to coordinate cyber threat investigations. The FBI works closely with our all our partners in the NCIJTF, including the National Security Agency (NSA) and the Department of Homeland Security (DHS). We have different responsibilities, but we must work together on cyber threat investigations to the extent of our authorities and share information among the three of us, following the principle that notification of an intrusion to one agency will be notification to all.

While national-level coordination is important to securing the nation, teamwork at the local level is also essential. After more than a decade of combating cyber crime through a nationwide network of interagency task forces, the FBI has evolved its Cyber Task Forces (CTFs) in all 56 field offices to focus exclusively on cyber security threats. In addition to key law enforcement and homeland security agencies at the state and local level, each CTF partners with many of the federal agencies that participate in the NCIJTF at the Headquarters level. This promotes effective collaboration and deconfliction of efforts at both the local and national level.

Through the FBI’s legal attaché offices around the globe and partnerships with our international counterparts, we are sharing information and coordinating cyber investigations more than ever. We have special agents working alongside our foreign police department partners; they work to identify emerging trends and key players in the cyber crime arena.

It is important to note that we are also coordinating closely with our federal partners on the policy that drives our investigative efforts. Although our agencies have different roles, we also understand that we must work together on every significant intrusion and to share information among the three of us, following the principle that notification of an intrusion to one agency will be notification to all.

In addition to cooperation within the government, there must be cooperation with the private sector. The private sector is the key player in cyber security. Private sector companies are the primary victims of cyber intrusions. And they also possess the information, the expertise, and the knowledge to address cyber intrusions and cyber crime in general. In February 2013, the Bureau held the first session of our National Cyber Executive Institute, a three-day seminar to train leading industry executives on cyber threat awareness and information sharing.

One example of an effective public-private partnership is the National Cyber Forensics and Training Alliance, a proven model for sharing private sector information in collaboration with law enforcement. Located in Pittsburgh, the alliance includes more than 80 industry partners from a range of sectors, including financial services, telecommunications, retail and manufacturing. The members of the alliance work together with federal and international partners to provide real-time threat intelligence, every day.

Another initiative the FBI participates in, the Enduring Security Framework, includes top leaders from the private sector and the federal government. This partnership illustrates that the way forward on cyber security is not just about sharing information, but also about solving problems together.

We intend to build more bridges to the private sector in the cyber security realm. We must fuse private-sector information with information from the intelligence community and develop channels for sharing information and intelligence quickly and effectively.

In the last several years, the distribution of malicious software through networks of infected computers, or botnets, by online criminals has emerged as a global cyber security threat. As a response, the FBI developed Operation Clean Slate, a broad team effort to address this significant threat. Operation Clean Slate is the FBI’s comprehensive public-private approach to eliminate the most significant botnet activity and increase the practical consequences for those who use botnets for intellectual property theft or other criminal activities.

In April 2013, the FBI implemented this plan and identified the Citadel botnet as the highest priority botnet threat. Citadel is a type of malware known as a banking trojan. This type of malicious software is designed to facilitate unauthorized access to computers to steal online banking credentials, credit card information, and other personally identifiable information (PII).

Focusing on the Citadel malware, Operation Clean Slate identified the specific actors: the coders who create the botnet, the herders who aggregate victim computers, and the users who utilize the botnet. We also identified intended or actual victims of the botnet.

The FBI and its global partners then took action against Citadel. Through court-ordered authorizations and leveraging industry partnerships, more than 1,400 controlling components of the botnet were disrupted, essentially ceasing its operations. Once these controlling components were rendered inoperable, it is estimated Operation Clean Slate freed more than 2.1 million robot computers from this malicious network.

The FBI must continue to develop and deploy creative solutions in order to defeat today’s complex cyber threat actors. Instead of just building better defenses, we must also build better relationships, overcoming the obstacles that prevent us from sharing information and, most importantly, collaborating.

Leave a Reply

Bitnami