Fighting Global Cybercrime

The FBI is on what Wray termed “combat tempo,” with a 24/7 cyber command post, continued outreach to potential targets to warn them about looming threats, and a focus on disrupting malicious cyber activity.

“When it comes to the threat of destructive attack, the adversary’s access is the problem,” he said, so the FBI is focused on acting as early as possible against a threat, launching operations as soon as the researching of targets or attempts to gain an initial foothold on a network are detected.

Attributing and holding nations accountable for their own actions as well as those of mercenaries they support, use, and protect is a also a priority, he said, and involves balancing the need for rapid outreach to warn and aid victims of cyberattacks against the need to develop a specific picture of who’s responsible—information critical to the broader effort to degrade, disrupt, and deter a cyber adversary.

“As broad as Russia’s potential cyber accesses across the country may be, they pale in comparison to China’s,” Wray said. China is studying the Ukraine conflict intently, he said, to improve their own capabilities to deter or hurt the U.S. in connection with an assault on Taiwan.

“The Chinese government is methodical,” he said, hacking in support of long-term economic goals and operating on a larger scale. “They’ve got a bigger hacking program than all other major nations combined. They’ve stolen more American personal and corporate data than all nations combined. And they’re showing no sign of tempering their ambition and aggression.

“Even their hacks that may seem noisy and reckless actually fit into a long-term, strategic plan to undermine U.S. national and economic security.”

China’s efforts are not limited to cyber, he said, noting that the FBI has apprehended Chinese agents out in the U.S. heartland targeting agricultural innovation.

Iran and North Korea also continue to carry out sophisticated intrusions targeting U.S. victims.

“In the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks I’ve seen—right here in Boston—when they decided to go after Boston Children’s Hospital,” he said.

When the FBI detected the potential threat, Wray said, the cyber squad in the FBI Boston Field Office raced to notify the hospital, getting them the information needed to quickly identify and mitigate the attack.

“Quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it,” he said. “It’s a great example of why we deploy in the field the way we do, enabling that kind of immediate, before-catastrophe-strikes response.”

Hospitals—and many other providers of critical infrastructure—are major targets today, Wray said. “If malicious cyber actors are going to purposefully cause destruction or are going to hold data and systems for ransom, they tend to hit us somewhere that’s going to hurt. That’s why we’ve increasingly seen cybercriminals using ransomware against U.S. critical infrastructure sectors.

“Ransomware gangs love to go after things we can’t do without. We’ve seen them compromise networks for oil and gas pipelines, grade schools, 9-1-1 call centers. They also go after local governments.”

The FBI, Wray said, has learned that “in cyber, as with other parts of our work countering criminal organizations, we can impose costs on cybercriminals by focusing on three things: the people, their infrastructure, and their money,” by working with like-minded countries to identify who’s responsible for the most damaging ransomware schemes and take them out of the game, by taking down cybercriminals’ technical infrastructure to disrupts their operations, and by going after their resources, seizing virtual wallets and returning stolen funds.

“We believe in using every tool we’ve got to impose risk and consequences and to remove bad guys from cyberspace. That includes leveraging every partnership we have.”

Wray said the FBI, as both a law enforcement and intelligence service, pulls in information about hostile cyber activity from a wide range of sources including incident response firms, victims, and others in the private sector; partnerships with CISA, the Treasury, and other sector risk management agencies; foreign intelligence surveillance, global partners, and many more.

Following Wray’s remarks, in conversation with BCCS co-organizer Kevin Powers, CISA executive director Brandon Wales outlined how the agency leads the nation’s strategic efforts to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services.

In the next session, Powers spoke with HYCU CEO Simon Taylor, who discussed GetRScore, a new web-based resource that provides a free assessment of a company’s ability to repel and recuperate from a ransomware attack. “R-Score” is the culmination of a collaboration between HYCU and cybersecurity and data privacy protection experts and leaders, including FireEye Mandiant, Carahsoft, SADA, and Rackspace, and BC’s Powers.

The emphasis on collaboration that is a hallmark of FBI operations and of the BCCS also reflects a guiding principle of Boston College’s M.S. in Cybersecurity Policy and Governance program.

“Not every place has a program as robust and sophisticated as the [cybersecurity] program we have with BC,” Wray said during a Q&A at the event.

An approved training provider for the U.S. Department of Homeland Security’s National Initiative for Cybersecurity Careers and Studies, the program aims to prepare professionals to design, develop, and implement cybersecurity strategies that defend against and ensure recovery from cyberattacks and to bridge the communication gap between information technology security professionals and key business stakeholders.