1 / 26

C YBER T HREATS AND R ESPONSE

C YBER T HREATS AND R ESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified. O BJECTIVES. Why it is important Threats, players, and response FBI’s Next Generation Cyber Government and Private Sector Partnerships Examples. (End). Why important?.

pules
Download Presentation

C YBER T HREATS AND R ESPONSE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CYBER THREATS AND RESPONSE Continuity Insights Conference Chicago June 18-19, 2013 Unclassified

  2. OBJECTIVES Why it is important Threats, players, and response FBI’s Next Generation Cyber Government and Private Sector Partnerships Examples

  3. (End) Why important?

  4. Growing problem… • “China’s economic cyber espionage has not diminished… in fact, it has grown exponentially both in terms of its volume and damage it is doing to our nation’s economic future” • “The technological and national security of the United States is at risk because some of our mostinnovative ideas and sensitive information are being brazenly stolen by these cyber attacks.” • – Open hearing to the House Permanent Select Committee on Intelligence, February 2013

  5. Times have changed... Mayhem circa 1984… and today.

  6. The Cyber Threat "Technology is moving so rapidly that… in the future, we anticipate that the cyber threat will pose the number one threat to our country.“ - FBI Director, March 2012 “There has been a nearly twenty (20) fold increase in cyber-attacks against American infrastructure targets between 2009 and 2011.“ - US military assessment, 2012

  7. FBI Priorities 1.   Protect the U.S. from terrorist attack 2.   Protect the U.S. against foreign intelligence operations & espionage 3. Protect the U.S. against cyber-based attacks & high-tech crimes 4.   Combat public corruption at all levels 5.   Protect civil rights 6.   Combat transnational/national criminal organizations and enterprises  7.   Combat major white-collar crime 8.   Combat significant violent crime 9.   Support federal, state, local and international partners 10.  Upgrade technology to successfully perform the FBI's mission

  8. Major Players: • State Sponsored Actors • Organized Criminal Syndicates • Terrorists • Hacktivists

  9. Examples of threats & attacks • Credit card information • Trade secrets loss • Defacement -hackmageddon.com DDoS Account take-overs PII loss

  10. Target examples

  11. DDoS: What are we talking about? • A Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) is a type of Cyber attack that attempts to make a computer or computer network unavailable to users. • Simply put, the attack overwhelms a computer or computer network.

  12. Anatomy of a DDoS Compromised computers called Bots or Zombies Command & Control Servers Victim Website Cyber Actor

  13. The new #1 threat? “For the first time… computer-launched foreign assaults on U.S. infrastructure… wasranked higher in the U.S. intelligence community’s annual review of worldwide threats than worries about terrorism…” - 140 attacks on Wall Street over last six months - August 2012 computer intrusion at Saudi Aramco - Local example(s) -Los Angeles Times, March 12, 2013

  14. FBI Cyber Division Mission: Coordinate, supervise and facilitate the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited. *The FBI is the lead domestic agency for National Security Cyber investigations.

  15. Lanes in the road “The FBI will often be the first responder because of our nationwide coverage. But the investigative team, at a minimum, should include the expertise of both DHS and NSA. In other words, notification of an intrusion to one agency should be – and will be – notification to all.” -Robert S. Mueller, III • FBI • DHS • USSS • DOD • NSA

  16. Partnerships Play a Critical Role • Cyber Task Forces • Private sector is essential • Possess the information, expertise and knowledge • as well as building the components of cyber security • Examples: • - Domestic Security Alliance Council • - InfraGuard

  17. Cyber Intelligence Sharing and Protection Act of 2013 • Provides authority to the government to provide classified cyber threat information to the private sector • Knocks down barriers impeding cyber threat information sharing • Among private sector companies • Between private sector and the government

  18. Next Generation Cyber Initiative Dedicating more resources and building new tools to combat the nation’s most serious cyber threat… criminals, spies, and terrorists breaking into government and private computer networks.

  19. FBI NextGen Cyber • A coordinated nationwide effort • Establish Cyber Task Forces • Dedicating more resources • Labs / Personnel / Scientists • 24hr Cyber Watch Command • Review all cyber incidents reported • Quickly assess threats • Assess for National Security threats • Quick dissemination of leads • Review malicious code

  20. CyWatch Command 24/7 Ops Floor • Uninterrupted intake and analysis to: • Contextualize leads • Identify trends • Coordinate investigative response • Deconflict • Link incident information provided by the field and other government agencies • Produce real time intelligence reporting to investigators and analysts

  21. CyberIncident & IntrusionReporting General Internet Fraud Guardian I-Guardian* E-Guardian* Federal Local Law Enforcement Private Sector IC-3 Internet Crime Complaint Center Cyber Watch FBI Headquarters / 24 hours FBI Chicago Field Office OtherCriminal Squad Cyber Task Force Criminal Intrusion National Security RCFL State/Local Police *To be implemented in 2013

  22. Reporting… • e-Guardian • A secure, user friendly system implemented in 2008 for to share terrorist threats, events, and suspicious activity among state, local, and federal law enforcement • The system was enhanced in 2013 to allow events and suspicious activities involving computer intrusion events to be reported to FBI CTFs. • i-Guardian • A system being developed for trusted industry partners to report incidents and submit malware.

  23. Cyber Task Force CTF • Task Force Officers • Paid Overtime • Paid vehicle, fuel, phone and equipment • Paid training • Three days/week; Two year commitment RCFL • Task Force Members • Three year commitment - full time • Same paid overtime, vehicle, fuel, phone, equipment • Full training toward CART Examinercertification

  24. Closing thought “We must abandon the belief that better defenses alone will be sufficient. We must build better relationships. And we must overcome the obstacles that prevent us from sharing information and, most importantly, collaborating.” -Robert S. Mueller, III

  25. QUESTIONS? Our Ad Choice Sponsor:

  26. Points of Contact: SA Tim Hearl Desk: (312)829-7580 Cell: (630)270-5433Blackberry/e-mail: timothy.hearl@ic.fbi.gov FBI Chicago’s Cyber Task Force (CTF) Telephone: (312)421-6700 *Email: chicago_cyberwatch@ic.fbi.gov

More Related