Know Thyself. What is a SWOT Analysis? SWOTSWOT trengths eaknesses pportunities hreats.
C YBER T HREATS AND R ESPONSE
-
Upload
nash-mclaughlin -
Category
Documents
-
view
60 -
download
4
description
Transcript of C YBER T HREATS AND R ESPONSE
CYBER THREATS AND
RESPONSE
Unclassified
Continuity Insights ConferenceChicago
June 18-19, 2013
• Why it is important• Threats, players, and response• FBI’s Next Generation Cyber• Government and Private Sector
Partnerships• Examples
OBJECTIVES
(End)
Why important?
• “China’s economic cyber espionage has not diminished… in fact, it has grown exponentially both in terms of its volume and damage it is doing to our nation’s economic future”
• “The technological and national security of the United States is at risk because some of our most innovative ideas and sensitive information are being brazenly stolen by these cyber attacks.”
– Open hearing to the House Permanent Select Committee on Intelligence, February
2013
Growing problem…
Times have changed...
Mayhem circa 1984…
and today.
"Technology is moving so rapidly that… in the future, we anticipate that the cyber threat will pose the number one threat to our country.“
- FBI Director, March 2012
The Cyber Threat
“There has been a nearly twenty (20) fold increase in cyber-attacks against American infrastructure targets between 2009 and
2011.“
- US military assessment, 2012
1. Protect the U.S. from terrorist attack2. Protect the U.S. against foreign intelligence operations & espionage3. Protect the U.S. against cyber-based attacks & high-tech crimes4. Combat public corruption at all levels 5. Protect civil rights 6. Combat transnational/national criminal organizations and enterprises 7. Combat major white-collar crime 8. Combat significant violent crime 9. Support federal, state, local and international partners 10. Upgrade technology to successfully perform the FBI's mission
FBI Priorities
• State Sponsored Actors
• Organized Criminal Syndicates
• Terrorists • Hacktivists
Major Players:
Examples of threats & attacks• DDoS • Account take-overs• PII loss
• Credit card information• Trade secrets loss• Defacement
-hackmageddon.com
Target examples
What are we talking about?• A Denial of Service attack (DoS) or Distributed
Denial of Service attack (DDoS) is a type of Cyber attack that attempts to make a computer or computer network unavailable to users.
• Simply put, the attack overwhelms a computer or computer network.
DDoS:
Victim Website
Command & Control Servers
Compromised computers called Bots
or Zombies
CyberActor
Anatomy of a DDoS
“For the first time… computer-launched foreign assaults on U.S. infrastructure… was ranked higher in the U.S. intelligence community’s annual review of worldwide threats than worries about terrorism…”
-Los Angeles Times, March 12, 2013
- 140 attacks on Wall Street over last six months
- August 2012 computer intrusion at Saudi Aramco
- Local example(s)
The new #1 threat?
Mission: Coordinate, supervise and facilitate the FBI's
investigation of those federal violations in whichthe Internet, computer systems, or networks are exploited.
FBI Cyber Division
*The FBI is the lead domestic agency for National Security Cyber investigations.
• FBI• DHS• USSS• DOD• NSA
Lanes in the road
“The FBI will often be the first responder because of our nationwide coverage. But the investigative
team, at a minimum, should include the expertise of both DHS and NSA.
In other words, notification of an intrusion to one agency should be – and will be – notification to all.”
-Robert S. Mueller, III
Partnerships Play a Critical Role
• Cyber Task Forces
• Private sector is essentialPossess the information, expertise and knowledge
as well as building the components of cyber security
Examples: - Domestic Security Alliance Council
- InfraGuard
• Provides authority to the government to provide classified cyber threat information to the private sector
• Knocks down barriers impeding cyber threat information sharing
– Among private sector companies– Between private sector and the government
Cyber Intelligence Sharing and Protection Act of 2013
Dedicating more resources and building new tools to combat the nation’s most serious cyber threat…
criminals, spies, and terroristsbreaking into government and
private computer networks.
Next Generation Cyber Initiative
FBI NextGen Cyber
• A coordinated nationwide effort
• Establish Cyber Task Forces
• Dedicating more resources– Labs / Personnel / Scientists
• 24hr Cyber Watch Command – Review all cyber incidents reported
– Quickly assess threats
– Assess for National Security threats
– Quick dissemination of leads
– Review malicious code
Uninterrupted intake and analysis to:– Contextualize leads
– Identify trends
– Coordinate investigative response
– Deconflict
– Link incident information provided by the field and other government agencies
– Produce real time intelligence reporting to investigators and analysts
CyWatch Command
24/7 Ops Floor
GuardianFederal
IC-3
Cyber Incident & Intrusion ReportingE-
Guardian*Local Law Enforcement
I-Guardian*
Internet Crime
Complaint Center
Private Sector
Cyber Task ForceNational Security
Cyber WatchFBI Headquarters / 24 hours
General Internet Fraud
*To be implemented in 2013
OtherCriminal Squad
State/Local Police
Criminal Intrusion RCFL
FBI Chicago Field Office
e-Guardian– A secure, user friendly system implemented in 2008 for
to share terrorist threats, events, and suspicious activity among state, local, and federal law enforcement
– The system was enhanced in 2013 to allow events and suspicious activities involving computer intrusion events to be reported to FBI CTFs.
i-Guardian– A system being developed for trusted industry
partners to report incidents and submit malware.
Reporting…
CTF Task Force Officers– Paid Overtime
– Paid vehicle, fuel, phone and equipment
– Paid training
– Three days/week; Two year commitment
RCFL
Cyber Task Force
Task Force Members– Three year commitment - full time
– Same paid overtime, vehicle, fuel, phone, equipment
– Full training toward CART Examiner certification
-Robert S. Mueller, III
“We must abandon the belief that better defenses alone will be sufficient.
We must build better relationships. And we must overcome the obstacles that prevent us from sharing information and, most importantly, collaborating.”
Closing thought
Our Ad Choice Sponsor:
QUESTIONS?
FBI Chicago’s Cyber Task Force (CTF)Telephone: (312)421-6700
*Email: [email protected]
Points of Contact:
SA Tim HearlDesk: (312)829-7580Cell: (630)270-5433
Blackberry/e-mail: [email protected]