CISA kicked off today it’s 3rd Annual National Cybersecurity Summit. This year, the annual event is being held virtually as a series of webinars every Wednesday through October 7.
The first day of the cybersecurity summit was focused on key cyber insights from CISA and its partners, including what they have seen occur, their predictions for the future and how organizations can better prepare.
CISA collects 7.2 terabytes of data everyday. The agency monitors nearly 3 million endpoints and receives nearly 100 malware submissions on a daily basis. This gives the agency unparalleled visibility into all aspects of cybersecurity, ranging from attacker activity, to technological developments, to the evolution of relevant law and more. CISA believes these insights can help the community better understand and prepare for cyber challenges.
“That data, that information is incredibly rich and has so much potential. So our job is to extract insight and provide you with information on how you can best defend yourself,” said CISA Director Chris Krebs. “That’s really what we do at CISA. We’re the nation’s risk advisors.”
As part of the cybersecurity summit, FBI Director Christopher Wray shed light on the agency’s new cyber strategy.
“Our strategy, in a nutshell, is to impose risk and consequences on cyber adversaries,” Wray said. “In plain English, we want to make it harder and more painful for hackers and criminals to do what they’re doing. And the best way for us to do that is by leveraging our unique authorities, our world-class capabilities, and our enduring partnerships, and using all three in service to the larger cyber community.”
Collaborating with the agency’s counterparts in the federal government, foreign entities and organizations in the private sector, is a major component of the FBI’s strategy. For example, the FBI might forego a law enforcement action, like an arrest or an indictment, if it means creating an opportunity for the agency and it’s partners to better address the threat in another way.
“This isn’t a problem any one of us alone can address, no matter where we sit,” Wray said. “We want to make sure we’re doing everything we can to help our partners do what they need to do. That means using our role as the lead federal agency with law enforcement and intelligence responsibilities to not only pursue our own actions, but to enable our partners to defend networks, attribute malicious activity, sanction bad behavior, and take the fight to our adversaries overseas.”
Part of that collaboration involves the National Cyber Investigative Joint Task Force. The NCIJTF includes more than 30 agencies from the intelligence community and law enforcement. The task force is responsible for coordinating multi-agency campaigns to combat the most significant cyber threats and adversaries.
“We’ve pushed a significant amount of our own operational and analytical capabilities into the NCIJTF to strengthen its role as a core element of this nation’s cyber strategy, and this year we invited senior executives from other agencies to lead new threat-focused mission centers there,” Wray said.
The FBI also created the National Defense Cyber Alliance to work with the defense industry. The alliance allows experts from the FBI and cleared defense contractors to share intelligence in real time.
“That includes information we’ve obtained from sensitive sources,” Wray said. “We might not be able to tell you precisely how we knew you were in trouble—but we can usually find a way to tell you what you need to know to prepare for, or stop, an attack.
“Ideally, we can create a flow of information that runs both ways, so we can get helpful information, too.”
Wray also highlighted how the agency is addressing some of the most dangerous threats on the cyber front. According to Wray, the FBI identified Chinese targeting of specific companies researching COVID-19 vaccines and treatments. The agency also helped uncover highly sophisticated malware developed by Russian military intelligence.
“From the Chinese government targeting our intellectual property, to Russian targeting of our critical infrastructure, to increasingly sophisticated criminal cyber syndicates and the many dangers in between,” Wray said. “Given the gravity of these threats, the government employs a whole cyber ecosystem. And at the FBI, we play a central, core role in that ecosystem. That’s where the idea of ‘imposing risk and consequences’ comes into play.
The FBI’s Cyber Action Team is tasked with rapid response. It’s Counterintelligence Division is charged with combating a wide range of foreign intelligence threats on U.S. soil. The agency’s Counterterrorism Division is responsible for anticipating cyber attacks from terrorists. And it’s Criminal Investigative Division works to thwart massive online criminal schemes and syndicates.
“We’re using our unique mix of authorities to investigate attacks and intrusions, to identify who’s responsible—all the way down to who’s on the keyboard—to collect and share intelligence and to create opportunities for our domestic and international partners,” Wray said. “We’re making the most of our strong presence here at home and abroad. We’ve got cyber squads with inter-agency partners in every FBI field office and cyber agents in embassies around the world, sharing intelligence and building partnerships with both foreign law enforcement and intelligence services.”
Now the FBI is focused on preventing foreign election interference. The agency is working with election officials, campaigns, party committees, and social media companies to share information and enhance resiliency. Thanks to information from the FBI’s Foreign Influence Task Force Twitter and Facebook took down accounts associated with a Russian influence campaign trying to hire unwitting U.S. journalists and place political ads.
“We haven’t seen cyber attacks to date this year on voter registration databases, or on any systems involving primary voting. And to our knowledge, no foreign government has attempted to tamper with U.S. vote counts,” Wray said. “But we’re always on watch against any threat to the foundations of our democracy.”
The 2020 CISA cybersecurity summit will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7.