Why important? - Continuity Insights

Report
CYBER THREATS
AND
RESPONSE
Continuity Insights Conference
Chicago
June 18-19, 2013
Unclassified
OBJECTIVES
•
•
•
•
Why it is important
Threats, players, and response
FBI’s Next Generation Cyber
Government and Private Sector
Partnerships
• Examples
Why important?
(End)
Growing problem…
• “China’s economic cyber espionage has not
diminished… in fact, it has grown exponentially
both in terms of its volume and damage it is
doing to our nation’s economic future”
• “The technological and national security of the
United States is at risk because some of our
most innovative ideas and sensitive information
are being brazenly stolen by these cyber
attacks.”
– Open hearing to the House Permanent Select
Committee on Intelligence, February 2013
Times have changed...
Mayhem circa 1984…
and today.
The Cyber Threat
"Technology is moving so rapidly
that… in the future, we anticipate
that the cyber threat will pose the
number one threat to our country.“
- FBI Director, March 2012
“There has been a nearly twenty (20) fold increase in
cyber-attacks against American infrastructure
targets between 2009 and 2011.“
- US military assessment, 2012
FBI Priorities
1. Protect the U.S. from terrorist attack
2. Protect the U.S. against foreign intelligence operations & espionage
3. Protect the U.S. against cyber-based attacks & high-tech crimes
4. Combat public corruption at all levels
5. Protect civil rights
6. Combat transnational/national criminal organizations and enterprises
7. Combat major white-collar crime
8. Combat significant violent crime
9. Support federal, state, local and international partners
10. Upgrade technology to successfully perform the FBI's mission
Major Players:
• State Sponsored
Actors
• Organized Criminal
Syndicates
• Terrorists
• Hacktivists
Examples of threats & attacks
• DDoS
• Account take-overs
• PII loss
-hackmageddon.com
• Credit card information
• Trade secrets loss
• Defacement
Target examples
DDoS:
What are we talking about?
• A Denial of Service attack (DoS) or Distributed
Denial of Service attack (DDoS) is a type of
Cyber attack that attempts to make a computer
or computer network unavailable to users.
• Simply put, the attack overwhelms a computer
or computer network.
Anatomy of a DDoS
Compromised
computers called Bots
or Zombies
Command &
Control Servers
Cyber
Actor
Victim Website
The new #1 threat?
“For the first time… computer-launched
foreign assaults on U.S. infrastructure…
was ranked higher in the U.S. intelligence
community’s annual review of worldwide
threats than worries about terrorism…”
- 140 attacks on Wall Street
over last six months
- August 2012 computer intrusion
at Saudi Aramco
- Local example(s)
-Los Angeles Times, March 12, 2013
FBI Cyber Division
Mission:
Coordinate, supervise and facilitate the FBI's
investigation of those federal violations in which
the Internet, computer systems, or networks are exploited.
*The FBI is the lead domestic agency
for National Security Cyber investigations.
Lanes in the road
“The FBI will often be the first responder because
of our nationwide coverage. But the investigative
team, at a minimum, should include the expertise of
both DHS and NSA.
In other words, notification of an intrusion to one
agency should be – and will be – notification to all.”
• FBI
• DHS
• USSS
• DOD
• NSA
-Robert S. Mueller, III
Partnerships Play
a Critical Role
•Cyber Task Forces
•Private sector is essential
Possess the information, expertise and knowledge
as well as building the components of cyber security
Examples:
- Domestic Security Alliance Council
- InfraGuard
Cyber Intelligence Sharing
and Protection Act of 2013
• Provides authority to the government to
provide classified cyber threat information to
the private sector
• Knocks down barriers impeding cyber threat
information sharing
– Among private sector companies
– Between private sector and the government
Next Generation Cyber Initiative
Dedicating more resources and building new tools to combat the
nation’s most serious cyber threat…
criminals, spies, and terrorists
breaking into government and
private computer networks.
FBI NextGen Cyber
• A coordinated nationwide effort
• Establish Cyber Task Forces
• Dedicating more resources
– Labs / Personnel / Scientists
• 24hr Cyber Watch Command
– Review all cyber incidents reported
– Quickly assess threats
– Assess for National Security threats
– Quick dissemination of leads
– Review malicious code
CyWatch Command
24/7 Ops Floor
Uninterrupted intake and analysis to:
– Contextualize leads
– Identify trends
– Coordinate investigative response
– Deconflict
– Link incident information provided by the field
and other government agencies
– Produce real time intelligence reporting to
investigators and analysts
Cyber Incident & Intrusion Reporting
Guardian
E-Guardian*
Local Law Enforcement
I-Guardian*
Federal
Private Sector
FBI Headquarters / 24 hours
Field Office
Cyber Task Force
Criminal
Intrusion
National
Security
RCFL
State/Local Police
*To be implemented in 2013
IC-3
Internet
Crime
Complaint
Center
Cyber Watch
FBI Chicago
General
Internet
Fraud
Other
Criminal
Squad
Reporting…
e-Guardian
– A secure, user friendly system implemented in 2008 for
to share terrorist threats, events, and suspicious activity
among state, local, and federal law enforcement
– The system was enhanced in 2013 to allow events and
suspicious activities involving computer intrusion
events to be reported to FBI CTFs.
i-Guardian
– A system being developed for trusted industry
partners to report incidents and submit malware.
Cyber Task Force
CTF Task Force Officers
– Paid Overtime
– Paid vehicle, fuel, phone and
equipment
– Paid training
– Three days/week;
Two year commitment
RCFL Task Force Members
– Three year commitment - full time
– Same paid overtime, vehicle, fuel, phone, equipment
– Full training toward CART Examiner certification
Closing thought
“We must abandon the belief that better
defenses alone will be sufficient.
We must build better relationships. And we
must overcome the obstacles that prevent
us from sharing information and, most
importantly, collaborating.”
-Robert S. Mueller, III
QUESTIONS?
Our Ad Choice Sponsor:
Points of Contact:
SA Tim Hearl
Desk: (312)829-7580
Cell: (630)270-5433
Blackberry/e-mail: [email protected]
FBI Chicago’s Cyber Task Force (CTF)
Telephone: (312)421-6700
*Email: [email protected]

similar documents