Faced with a “whack-a-mole” cybersecurity landscape of one hack after another that often “seems like a never-ending battle,” FBI Director Christopher Wray said the Bureau’s new cyber strategy “is to impose risk and consequences on cyber adversaries.”
“In plain English, we want to make it harder and more painful for hackers and criminals to do what they’re doing. And the best way for us to do that is by leveraging our unique authorities, our world-class capabilities, and our enduring partnerships, and using all three in service to the larger cyber community,” Wray said Wednesday at the DHS Cybersecurity and Infrastructure Security Agency’s National Cybersecurity Summit, held virtually because of the pandemic. “It’s a shift in mindset. We want to build on the innovation that has helped the FBI adapt and evolve to meet changing threats over the past century.”
Wray that relationships with other federal agencies, other nations, and the private sector will be critical to the strategy as the FBI will “not only pursue our own actions,” but “enable our partners to defend networks, attribute malicious activity, sanction bad behavior, and take the fight to our adversaries overseas.”
“To create opportunities for our partners in our common fight, that means we might forego a law enforcement action, like an arrest or an indictment, if we can hit the threat harder another way,” he said. “It doesn’t matter whose action leads to that impact.”
“…We might not be able to tell you precisely how we knew you were in trouble—but we can usually find a way to tell you what you need to know to prepare for, or stop, an attack. Having a pre-existing relationship with a company or university leadership invariably helps us do that faster. For private sector leaders, talking with us before a problem strikes helps you understand how we actually operate, how we protect information provided by victims who face challenges on a whole bunch of fronts in the wake of a major intrusion, and how we work hard not to disrupt their operations.”
Wray added that “ideally we can create a flow of information that runs both ways, so we can get helpful information, too.”
“We may come to a victim company knowing one IP address used to attack them, but not another. If they tell us about the second one, not only can we do more to help them, we may be able to stop the next attack, too, and we’re committed to giving you feedback on what you share with us—this is a two-way street,” he said. “We’re in this together, with all our partners. We all face the same dangers, and we won’t make any headway each off doing our own thing. Because our adversaries rely on gaps in our community, they like it when we’re not sharing information—when one player doesn’t trust the other.”
Wray spoke of “imposing risk and consequences” in the vein of “the Chinese government targeting our intellectual property to Russian targeting of our critical infrastructure to increasingly sophisticated criminal cyber syndicates and the many dangers in between.”
“We’re using our unique mix of authorities to investigate attacks and intrusions, to identify who’s responsible—all the way down to who’s on the keyboard—to collect and share intelligence and to create opportunities for our domestic and international partners,” he said. “We’re making the most of our strong presence here at home and abroad. We’ve got cyber squads with interagency partners in every FBI field office and cyber agents in embassies around the world, sharing intelligence and building partnerships with both foreign law enforcement and intelligence services.”
Partnerships with the Defense Department and CISA caught Chinese targeting of specific companies researching COVID-19 vaccines and treatments, and “on the Russia front, we and our partners at NSA uncovered and exposed highly sophisticated malware developed by Russian military intelligence.”
“We used criminal process—and close coordination with foreign partners—to get information that helped us better understand that malware, complementing the great work our fellow intelligence community colleagues at NSA had done. That information allowed us to release an unclassified report to warn the right people, and that public release was a painful disruption to a well-known adversary. It imposed a real cost on Russia, because they’d spent a lot of time and money developing the malware we outed,” the FBI director said. “Anything we can do together to get these bad guys on the backs of their heels is a victory.”
Wray said the FBI has not seen cyber attacks so far this year on voter registration databases “or on any systems involving primary voting.”
“And to our knowledge, no foreign government has attempted to tamper with U.S. vote counts,” he said. “But we’re always on watch against any threat to the foundations of our democracy.”
