Robert S. Mueller, III
Audience members listen to panelists at the International Conference on Cyber Security in New York Photo: FBI
Thank you, Father McShane, and my thanks to Fordham University for once again co-hosting this conference with the FBI. I am honored to share the stage with my good friends Keith Alexander and John Brennan.
Keith and John have already covered much of the key terrain in their remarks. But in closing today, I do want to address three points on the future of cyber security. This, from the perspective of the FBI.
First—the absolute necessity of focusing on the individuals behind the keyboards.
Second—the continued value of traditional law enforcement capabilities in identifying these persons and stopping them.
And finally—the crucial role the private sector must play in this fight and how we can improve government and private sector collaboration.
The People Behind the Keyboards
In recent years, we have seen a proliferation of adversaries in the cyber arena. As you have discussed this week, these criminals are constantly discovering and exploiting vulnerabilities in our software and our networks. They have also become increasingly professional: They are organized…they network…and they share tools, stolen data, and know-how.
In the years to come, we will encounter new intrusion methods, hacking techniques, and other unpleasant surprises. And in response, our nation will continue to develop—as we must—the technical skills and tools to prevent these intrusions and limit their damage.
But we will not be able to eliminate all vulnerabilities. True cyber security is more than defending against the ones and the zeros.
We must remember that behind every intrusion is a person responsible for that intrusion—a warm body behind the keyboard, whether he or she sits in Tehran or Tucson; Shanghai or Seattle; Bucharest or the Bronx.
Our ultimate goal must be to identify and deter the persons behind these keyboards. And once we identify them—be they state actors, organized criminal groups, or 18-year-old hackers—we must devise a response that is effective, not just against that specific attack, but for all similar circumstances.
So indeed it is fitting that we have the directors of our three respective agencies here today. To find the intruders behind the keyboards overseas, we absolutely need the considerable skills of Keith’s experts at NSA. But we also need the human intelligence capabilities of John’s team at the CIA. And you will not be surprised to hear me say that we also need the investigative and intelligence resources of the FBI.
Traditional Tools
We often think of cyber investigations as unique in nature. And most of them do require a certain technical expertise.
But our effectiveness in cyber investigations rests on the same techniques we have used in cases throughout the FBI’s history—physical surveillance, forensics, cooperating witnesses, sources, and court-ordered wire intercepts.
Let me share with you an example of how this works.
The combination of technical skills and traditional investigative techniques recently led the FBI to the hacker known as Sabu—one of the co-founders of LulzSec.
This case began when our Los Angeles Division collected IP addresses that were used to hack into the database of a TV game show. One of these led to an individual who had failed to anonymize his IP address. Our New York Office used confidential human sources, search warrants, and physical surveillance to identify and locate this man, who was only known then by his online moniker, Sabu.
When our agents went to arrest him, they gave him a choice: Go to jail now, or cooperate.
Sabu agreed to cooperate, continuing to use his online identity. His cooperation helped us to build cases that led to the arrest of six other hackers linked to groups such as Anonymous and LulzSec. It also allowed us to identify hundreds of security vulnerabilities—which helped us to stop future attacks and limit harm from prior intrusions.
At its beginning, any investigation into an intrusion is a search for intelligence that will enable us to define that particular threat. The FBI’s dual role as both a national security and a law enforcement agency is instrumental in this work.
We in the Bureau have Cyber Task Forces in each of our 56 field offices, as well as several Cyber Action Teams that can be deployed at a moment’s notice. When a major intrusion is discovered, we can have investigators on the scene almost immediately. That allows us to analyze logs and conduct interviews. If the intrusion appears to pose a national security threat, our partners at NSA will play a role as well. Being on the scene quickly also allows us to preserve evidence for prosecution as an option.
A good example of how this works took place two years ago at a water treatment plant in Illinois. A water pump had failed, and in their initial investigation, the employees identified traffic from Russia that had accessed the company’s network. Accordingly, they thought this traffic might be related to the pump’s failure.
The FBI responded, along with DHS, by sending a Cyber Action Team. After investigation, we determined that the pump had not failed because of malicious or unauthorized computer traffic from overseas—it was simply a faulty pump. The investigation disclosed that the traffic from Russia was in fact one of the plant’s contractors, who had logged in remotely to the plant’s system while traveling with his family in Russia.
In this case, our law enforcement capabilities allowed us to more quickly rule out any threat. But these same capabilities will be crucial in attributing responsibility for a major intrusion, and determining the right response.
The Importance of the Private Sector
Let me turn now to the critical role the private sector must play in cyber security—something that Keith and John have also noted.
I do believe that in the future, the cyber threat will equal or even eclipse the terrorist threat. And just as partnerships have enabled us to address the terrorist threat, partnerships will enable us to address the cyber threat.
But the array of partners critical to defeating the cyber threat is different. In this case, the private sector is the essential partner.
The private sector is, of course, a primary victim of cyber intrusions. Yet those of you in the private sector also have the expertise and the knowledge to be an integral partner in defeating this threat. You build the components of cyber security—the hardware, the software, and the networks—and you drive future technology. Without you, we cannot combine innovation and security.
The challenge we now face is to build more effective partnerships.
We in the FBI are working with the private sector to share threat information and to better protect our critical infrastructure. For example, the Domestic Security Alliance Council, with chief security officers from approximately 250 companies, represents every critical infrastructure and business sector. Another partnership is InfraGard, which promotes the sharing of information about threats to critical infrastructure. Today InfraGard has 58,000 members nationwide from government, the private sector, academia, and law enforcement.
While these outreach programs are helpful, we must do more. We must shift to a model of true collaboration—a model of working side-by-side as a matter of course.
We must build structured partnerships between the relevant government agencies on the one hand, and within the private sector on the other hand. Then, we must develop means for sharing information and intelligence more quickly and effectively between these two spheres.
The National Cyber Investigative Joint Task Force is one example of an effective partnership in the federal sphere. Nineteen separate agencies participate. It serves as a national focal point for and coordinator of cyber threat information, intelligence, and investigations.
In the private sector, we have the National Cyber Forensics and Training Alliance, located in Pittsburgh. This alliance is a wholly private entity and includes more than 80 industry partners from a variety of sectors. It has access to more than 700 subject matter experts, and passes real-time threat intelligence to its federal and international partners every day.
These entities are steps in the right direction. But we must build on them, to expand the channels of information sharing and collaboration.
Only by sharing intelligence swiftly will we be able to forecast coming attacks—and deter future ones. By fusing private-sector information with information from the intelligence community, we can produce a complete picture of cyber threats—one that benefits all of us.
* * *
When it comes to securing our networks, we are still in the early stages of a long struggle. As Winston Churchill once said during World War II, we have only reached “the end of the beginning.” And in this battle, our foes often seem to have all the advantages—they attack when, where, and how they want, and our weak points are many.
We cannot stop every attack. But we also know that by working together, with persistence, we can secure our networks and deter those who seek to harm us.
We can stem the loss of intellectual property that saps America’s economic strength.
We can prevent financial catastrophes, physical damage, and the loss of valuable national security secrets.
And we can preserve the sense of trust and security that is essential in our increasingly connected world.
Thank you.
- Director
- Federal Bureau of Investigation
- International Conference on Cyber Security 2013, Fordham University
- New York, NY
- August 08, 2013
Remarks prepared for delivery.
Industry-Focused Cyber Intrusion Reporting Platform Launched
In an effort to enhance the FBI’s ability to mitigate and prevent serious cyber threats, the FBI has launched a secure portal allowing industry partners to quickly and safely report actual and attempted cyber intrusion incidents. Called iGuardian, the information portal is similar to eGuardian, a sensitive but unclassified platform for our law enforcement partners to provide potential terrorism-related threats and suspicious terrorism-related activity reports.
While eGuardian is available for law enforcement users through Law Enforcement Online, iGuardian was developed specifically for trusted industry partners within critical infrastructure sectors (telecommunications, defense, banking and finance, and energy) and is available over the InfraGard network. InfraGard is our public-private coalition of more than 55,000 vetted industry partners and already uses a secure portal to share information and receive alerts from federal agencies and each other. iGuardian will provide an additional method through which the FBI can receive information.
Industry is being asked to submit specific information on computer intrusions of any kind, including malware infections, website defacements, and denial of service attacks. Access to the iGuardian system currently requires an InfraGard membership. A telephone help desk has been set up to assist companies with the iGuardian application and submission process, and a frequently asked questions page has been posted for members on the InfraGard website.
iGuardian will greatly speed up the process of submitting intrusion information to the FBI—it just takes a few minutes to fill out and submit the iGuardian form. Within minutes of submitting the form, agents and analysts will be able to quickly triage the submissions, notify previously unknown intrusion victims, and assign leads as appropriate to field offices for further investigation. The information in iGuardian will also give us a big-picture look at the threat from terrorists, nation-states, and criminal groups conducting complex cyber network operations against the U.S.
Later this year, partners will be able to submit actual malware to the FBI for quick analysis. Future iGuardian enhancements will include the ability of our industry partners to submit incidents and tips on threats and hazards affecting their companies, like intellectual property rights issues, theft of trade secrets, and potential terrorism-related matters.
***Source: FBI