The FBI has its hands full with cyber-related investigations stemming from domestic and international threats.
Joe Demarest, assistant director for the FBI’s Cyber Division, estimates about 20 to 30 percent of the bureau’s workload is focused on cybersecurity, and that percentage is growing. More than 1,200 individuals work in the Cyber Division, he said.
“Cyber is one of the top priorities for the FBI,” Demarest told attendees Tuesday at Cybersecurity 2015: Beyond the Breach, a conference in Washington, D.C., hosted by security firm Symantec and Bloomberg Government.
Demarest said the FBI’s cybersecurity efforts focus on the following five primary actors:
Nation states such as China, Russia and Iran. The recent hack on Sony Pictures has put the spotlight on North Korea as well. The U.S. is said to have proof that the totalitarian state was involved.
Cyber terrorists, who are seeking to build capabilities and skills to take attacks from cyberspace to the physical world.
Organized crime groups that are attacking the U.S. by the thousands every day, motivated by fraud and other crimes.
Insider threats, which Demarest says represent the biggest threat. The individual could be an incidental insider or someone intending to cause great harm.
Hacktivists motivated to disrupt network operations of their victims. The Ferguson Police Department in Missouri fell victim to hacktivism when a hacking group claimed to have released hours of police dispatch tapes about the shooting death of teenager Michael Brown on social media.
Demarest stressed the persistence of cyberthreats and the lengthy reconnaissance process attackers use to scope out a network before they strike. Major hacks are months in the making and attackers are generally burrowed in the network for at least 10 months, he said.
The key to defending against such attacks is robust communication between the government and private companies. In government, “we need to classify a lot less,” said Sen. Sheldon Whitehouse of Rhode Island. In addition, companies must move past the feeling of shame and secrecy about security incidents, he said.
Leslie Caldwell, assistant attorney general in the Justice Department’s Criminal Division, said the department is creating a new cybersecurity unit to facilitate greater outreach with the private sector. Housed in the department’s computer crime and intellectual property section, the unit will offer legal guidance for electronic surveillance investigations and coordinate with Congress on cybersecurity legislation, The Hill reported.
Caldwell said she hopes to gain the trust of private sector companies that are leery of sharing information with government agencies in light of revelations about the National Security Agency’s data collection program. The investigative work conducted by the Justice Department is pursuant to court orders and court supervision, she said, noting that industry collaboration is key to fighting cybercrime.
Caldwell acknowledged an erosion of trust and demonization of government, partly because of former government contractor Edward Snowden. “I would like to see a little more feeling of trust,” she said.