Presentation on theme: "C YBER T HREATS AND R ESPONSE Unclassified Continuity Insights Conference Chicago June 18-19, 2013."— Presentation transcript:
C YBER T HREATS AND R ESPONSE Unclassified Continuity Insights Conference Chicago June 18-19, 2013
Why it is important Why it is important Threats, players, and response Threats, players, and response FBI’s Next Generation Cyber FBI’s Next Generation Cyber Government and Private Sector Partnerships Government and Private Sector Partnerships Examples Examples O BJECTIVES
“China’s economic cyber espionage has not diminished… in fact, it has grown exponentially both in terms of its volume and damage it is doing to our nation’s economic future” “The technological and national security of the United States is at risk because some of our most innovative ideas and sensitive information are being brazenly stolen by these cyber attacks.” – Open hearing to the House Permanent Select Committee on Intelligence, February 2013 Growing problem…
Times have changed... Mayhem circa 1984… and today.
"Technology is moving so rapidly that… in the future, we anticipate that the cyber threat will pose the number one threat to our country.“ - FBI Director, March 2012 The Cyber Threat “There has been a nearly twenty (20) fold increase in cyber-attacks against American infrastructure targets between 2009 and 2011.“ - US military assessment, 2012
1. Protect the U.S. from terrorist attack 2. Protect the U.S. against foreign intelligence operations & espionage 3. Protect the U.S. against cyber-based attacks & high-tech crimes 4. Combat public corruption at all levels 5. Protect civil rights 6. Combat transnational/national criminal organizations and enterprises 6. Combat transnational/national criminal organizations and enterprises 7. Combat major white-collar crime 8. Combat significant violent crime 9. Support federal, state, local and international partners 10. Upgrade technology to successfully perform the FBI's mission FBI Priorities
State Sponsored Actors Organized Criminal Syndicates Terrorists Hacktivists Major Players:
Examples of threats & attacks DDoS DDoS Account take-overs Account take-overs PII loss PII loss Credit card informationCredit card information Trade secrets lossTrade secrets loss DefacementDefacement -hackmageddon.com
What are we talking about? A Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) is a type of Cyber attack that attempts to make a computer or computer network unavailable to users.A Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) is a type of Cyber attack that attempts to make a computer or computer network unavailable to users. Simply put, the attack overwhelms a computer or computer network.Simply put, the attack overwhelms a computer or computer network. DDoS:
Victim Website Command & Control Servers Compromised computers called Bots or Zombies Cyber Actor Cyber Actor Anatomy of a DDoS
“For the first time… computer-launched foreign assaults on U.S. infrastructure… was ranked higher in the U.S. intelligence community’s annual review of worldwide threats than worries about terrorism…” -Los Angeles Times, March 12, 2013 - 140 attacks on Wall Street over last six months - August 2012 computer intrusion at Saudi Aramco - Local example(s) The new #1 threat?
Mission: Coordinate, supervise and facilitate the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited. FBI Cyber Division *The FBI is the lead domestic agency for National Security Cyber investigations.
FBI DHS USSS DOD NSA Lanes in the road “The FBI will often be the first responder because of our nationwide coverage. But the investigative team, at a minimum, should include the expertise of both DHS and NSA. In other words, notification of an intrusion to one agency should be – and will be – notification to all.” -Robert S. Mueller, III
Partnerships Play a Critical Role Cyber Task Forces Private sector is essential Possess the information, expertise and knowledge as well as building the components of cyber security Examples: - Domestic Security Alliance Council - InfraGuard
Provides authority to the government to provide classified cyber threat information to the private sector Knocks down barriers impeding cyber threat information sharing –Among private sector companies –Between private sector and the government Cyber Intelligence Sharing and Protection Act of 2013
Dedicating more resources and building new tools to combat the nation’s most serious cyber threat… criminals, spies, and terrorists breaking into government and private computer networks. Next Generation Cyber Initiative
FBI NextGen Cyber A coordinated nationwide effort Establish Cyber Task Forces Dedicating more resources –Labs / Personnel / Scientists 24hr Cyber Watch Command –Review all cyber incidents reported –Quickly assess threats –Assess for National Security threats –Quick dissemination of leads –Review malicious code
Uninterrupted intake and analysis to: –Contextualize leads –Identify trends –Coordinate investigative response –Deconflict –Link incident information provided by the field and other government agencies –Produce real time intelligence reporting to investigators and analysts CyWatch Command 24/7 Ops Floor
Guardian Federal IC-3 Cyber Incident & Intrusion Reporting E-Guardian* Local Law Enforcement I-Guardian* Internet Crime Complaint Center Private Sector Cyber Task Force National Security Cyber Watch FBI Headquarters / 24 hours General Internet Fraud *To be implemented in 2013 Other Criminal Squad State/Local Police Criminal Intrusion RCFL FBI Chicago Field Office
e-Guardian –A secure, user friendly system implemented in 2008 for to share terrorist threats, events, and suspicious activity among state, local, and federal law enforcement –The system was enhanced in 2013 to allow events and suspicious activities involving computer intrusion events to be reported to FBI CTFs. i-Guardian –A system being developed for trusted industry partners to report incidents and submit malware. Reporting…
CTF Task Force Officers –Paid Overtime –Paid vehicle, fuel, phone and equipment –Paid training –Three days/week; Two year commitment RCFL Cyber Task Force Task Force Members –Three year commitment - full time –Same paid overtime, vehicle, fuel, phone, equipment –Full training toward CART Examiner certification
-Robert S. Mueller, III “We must abandon the belief that better defenses alone will be sufficient. We must build better relationships. And we must overcome the obstacles that prevent us from sharing information and, most importantly, collaborating.” Closing thought