AUBURN, Ala. – Leaders from the Federal Bureau of Investigation unveiled the organization’s revised strategies for dealing with cyber attacks at an hour-long virtual event hosted by Auburn University’s McCrary Institute on Thursday morning.
FBI Cyber Division Assistant Director Matt Gorham and FBI Deputy Assistant Directors Tonya Ugoretz and Clyde Wallace joined McCrary Institute Director Frank Cilluffo live on YouTube for the panel discussion, outlining the bureau’s evolving policies for dealing with online attacks. The agents stressed the importance of streamlining cohesion with other agencies—both foreign and domestic, as well as governmental and from the private sector—and made an official promise to victims of cyber crimes to pursue and indict perpetrators who have victimized them.
“We will always treat victims with dignity and respect, protecting their privacy and data and rigorously adhering to the U.S. Constitution, applicable laws, regulations and policies and the FBI’s core values,” Gorham said, stating his division’s official mission. “I think it’s important for victims to know they can trust us when they call us and we are going to treat them like a victim and ensure that they have the rights that come with that status and we’re going to work with them to protect them. We bring all resources the U.S. government has to bear, working with our partners in this space.”
The panelists talked adamantly about “changing the risk calculus” of cyber criminals to more effectively deter and punish those who act out against others and doing so by a more calibrated and fine-tuned approach.
“I think the biggest changes you’ll see from us is a clear focus on imposing risk and consequences,” Gorham said. “What we’re talking about today is doubling down on imposing risk and consequences and ensuring that we’re doing that in a collaborative way with our partners to have a maximum impact.”
Cilluffo moderated the session and began the discussion with remarks about its participants and the role of the FBI in keeping American citizens safe from cyber threats.
“It’s a privilege for Auburn University to host this, and I can tell you for a fact that the three people we have here are some of the hardest-working and most dedicated public servants our country has,” Cilluffo said. “The U.S. Government is ramping up its efforts across the inter-agency to enhance our cyber posture, and the FBI plays an absolute critical role in ensuring our national and economic security, encountering cyber crime and encountering foreign counter-intelligence sorts of issues. They’re at the crux of our strategy as we look to ways to incur consequences on bad actors and impose costs on bad behavior.”
Gorham said investigation is at the forefront of what the FBI does and how it handles cyber attacks.
“At our core, we’re an investigative body,” Gorham said. “Regardless of what sort of tool we want to use to impose some sort of risk and consequence on our cyber adversaries, attribution is key. So, that really is the focus of our activity in the center of that ecosystem.
“Our goal is to impose risk and consequence on our cyber adversaries through our unique authorities, world-class capabilities and enduring partnerships building on a century of innovation.”
Gorham spoke about what fuels the bureau’s desire to identify and eliminate illegal online activity.
“The FBI has been investigating crimes and collecting intelligence for over 100 years, and as the threats have evolved, so has our strategy,” Gorham said. “The FBI’s mission is to protect the American people and uphold the constitution. The reason we do what we do is we want to ensure that the American public has safety, security and confidence in a digitally connected world.
“The FBI is working 24/7 in tandem with our partners around the federal government and in the private sector to break down walls and attack the cyber threats as a united front.”
Wallace spoke in depth about the bureau’s revised operation model regarding collaboration with other agencies, specifically via the vehicle of the National Cyber Investigative Joint Task Force, or NCIJTF, which was created in 2008.
“The bureau is doubling down on driving resources back into the NCIJTF to get out into this complex ecosystem and bring everyone together so we can synchronize all of our efforts going forward,” Wallace said. “We have over 33 agencies and subcomponents of the DOD that are stacked up and co-located here at our facility so we can work together on a daily basis as we prioritize our threats and build subject matter expertise teams around those individual threats.
“Going forward, the NCIJTF is pulling together all our domestic and foreign partners, our capabilities, our authorities, our planning efforts through synchronized prioritization. The NCIJTF is perfectly situated to enable this way forward against our most significant cyber adversaries.”
Cilluffo put the bureau’s policy changes in perspective.
“This is much more than boxes and org charts,” Cilluffo said. “This is getting our agencies sharp and focused on a threat that obviously transcends any particular agency.”
Ugoretz talked about the changing atmosphere of threats that has been magnified by the coronavirus outbreak.
“It’s a complex-threat environment where our greatest concerns involve foreign actors using global infrastructure to compromise U.S. networks,” she said. “We’ve seen both cyber criminals and foreign states using cyber intrusions to exploit the vulnerabilities that have been exposed by the COVID-19 pandemic.
“We’ve seen China’s most effective and prolific cyber actors focusing their efforts to target our research institutions, our universities and the places where we hope our public servants are focusing their efforts on developing safe and effective vaccines. These individuals and institutions have also had to devote time and effort to defending their networks against sophisticated cyber actors.”
Ugoretz also mentioned a growing number of tools and resources, a more deeply entrenched infrastructure and the increased prevalence of individuals and groups who perpetrate cyber crimes as factors that have intensified the nation’s biggest threats. The result has been a more complex network of criminal activity, one that has been a challenge to the FBI and its partnering agencies.
“Given that complexity, no one government agency is going to have a solution to the problem,” Gorham said. “In fact, government alone is not going to have a solution, and we very much have to have the private sector involved, and we very much have to have international partners. The way we operate in cyberspace is very much a team sport, and partnering is key to what we do.”
Auburn and the FBI hosted a virtual recruitment event for the university’s students. In 2019, the FBI announced a $1 billion investment to build out a second headquarters in Huntsville, a plan that will potentially add thousands of additional jobs to the area’s overall employment.
The entire panel discussion is available for viewing on YouTube.
(Courtesy of Auburn University)