C YBER T HREATS AND R ESPONSE

26
CYBER THREATS AND RESPONSE Unclassified Continuity Insights Conference Chicago June 18-19, 2013

description

C YBER T HREATS AND R ESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified. O BJECTIVES. Why it is important Threats, players, and response FBI’s Next Generation Cyber Government and Private Sector Partnerships Examples. (End). Why important?. - PowerPoint PPT Presentation

Transcript of C YBER T HREATS AND R ESPONSE

Page 1: C YBER  T HREATS  AND  R ESPONSE

CYBER THREATS AND

RESPONSE

Unclassified

Continuity Insights ConferenceChicago

June 18-19, 2013

Page 2: C YBER  T HREATS  AND  R ESPONSE

• Why it is important• Threats, players, and response• FBI’s Next Generation Cyber• Government and Private Sector

Partnerships• Examples

OBJECTIVES

Page 3: C YBER  T HREATS  AND  R ESPONSE

(End)

Why important?

Page 4: C YBER  T HREATS  AND  R ESPONSE

• “China’s economic cyber espionage has not diminished… in fact, it has grown exponentially both in terms of its volume and damage it is doing to our nation’s economic future”

• “The technological and national security of the United States is at risk because some of our most innovative ideas and sensitive information are being brazenly stolen by these cyber attacks.”

– Open hearing to the House Permanent Select Committee on Intelligence, February

2013

Growing problem…

Page 5: C YBER  T HREATS  AND  R ESPONSE

Times have changed...

Mayhem circa 1984…

and today.

Page 6: C YBER  T HREATS  AND  R ESPONSE

"Technology is moving so rapidly that… in the future, we anticipate that the cyber threat will pose the number one threat to our country.“

- FBI Director, March 2012

The Cyber Threat

“There has been a nearly twenty (20) fold increase in cyber-attacks against American infrastructure targets between 2009 and

2011.“

- US military assessment, 2012

Page 7: C YBER  T HREATS  AND  R ESPONSE

1. Protect the U.S. from terrorist attack2. Protect the U.S. against foreign intelligence operations & espionage3. Protect the U.S. against cyber-based attacks & high-tech crimes4. Combat public corruption at all levels 5. Protect civil rights 6. Combat transnational/national criminal organizations and enterprises 7. Combat major white-collar crime 8. Combat significant violent crime 9. Support federal, state, local and international partners 10. Upgrade technology to successfully perform the FBI's mission

FBI Priorities

Page 8: C YBER  T HREATS  AND  R ESPONSE

• State Sponsored Actors

• Organized Criminal Syndicates

• Terrorists • Hacktivists

Major Players:

Page 9: C YBER  T HREATS  AND  R ESPONSE

Examples of threats & attacks• DDoS • Account take-overs• PII loss

• Credit card information• Trade secrets loss• Defacement

-hackmageddon.com

Page 10: C YBER  T HREATS  AND  R ESPONSE

Target examples

Page 11: C YBER  T HREATS  AND  R ESPONSE

What are we talking about?• A Denial of Service attack (DoS) or Distributed

Denial of Service attack (DDoS) is a type of Cyber attack that attempts to make a computer or computer network unavailable to users.

• Simply put, the attack overwhelms a computer or computer network.

DDoS:

Page 12: C YBER  T HREATS  AND  R ESPONSE

Victim Website

Command & Control Servers

Compromised computers called Bots

or Zombies

CyberActor

Anatomy of a DDoS

Page 13: C YBER  T HREATS  AND  R ESPONSE

“For the first time… computer-launched foreign assaults on U.S. infrastructure… was ranked higher in the U.S. intelligence community’s annual review of worldwide threats than worries about terrorism…”

-Los Angeles Times, March 12, 2013

- 140 attacks on Wall Street over last six months

- August 2012 computer intrusion at Saudi Aramco

- Local example(s)

The new #1 threat?

Page 14: C YBER  T HREATS  AND  R ESPONSE

Mission: Coordinate, supervise and facilitate the FBI's

investigation of those federal violations in whichthe Internet, computer systems, or networks are exploited.

FBI Cyber Division

*The FBI is the lead domestic agency for National Security Cyber investigations.

Page 15: C YBER  T HREATS  AND  R ESPONSE

• FBI• DHS• USSS• DOD• NSA

Lanes in the road

“The FBI will often be the first responder because of our nationwide coverage. But the investigative

team, at a minimum, should include the expertise of both DHS and NSA.

In other words, notification of an intrusion to one agency should be – and will be – notification to all.”

-Robert S. Mueller, III

Page 16: C YBER  T HREATS  AND  R ESPONSE

Partnerships Play a Critical Role

• Cyber Task Forces

• Private sector is essentialPossess the information, expertise and knowledge

as well as building the components of cyber security

Examples: - Domestic Security Alliance Council

- InfraGuard

Page 17: C YBER  T HREATS  AND  R ESPONSE

• Provides authority to the government to provide classified cyber threat information to the private sector

• Knocks down barriers impeding cyber threat information sharing

– Among private sector companies– Between private sector and the government

Cyber Intelligence Sharing and Protection Act of 2013

Page 18: C YBER  T HREATS  AND  R ESPONSE

Dedicating more resources and building new tools to combat the nation’s most serious cyber threat…

criminals, spies, and terroristsbreaking into government and

private computer networks.

Next Generation Cyber Initiative

Page 19: C YBER  T HREATS  AND  R ESPONSE

FBI NextGen Cyber

• A coordinated nationwide effort

• Establish Cyber Task Forces

• Dedicating more resources– Labs / Personnel / Scientists

• 24hr Cyber Watch Command – Review all cyber incidents reported

– Quickly assess threats

– Assess for National Security threats

– Quick dissemination of leads

– Review malicious code

Page 20: C YBER  T HREATS  AND  R ESPONSE

Uninterrupted intake and analysis to:– Contextualize leads

– Identify trends

– Coordinate investigative response

– Deconflict

– Link incident information provided by the field and other government agencies

– Produce real time intelligence reporting to investigators and analysts

CyWatch Command

24/7 Ops Floor

Page 21: C YBER  T HREATS  AND  R ESPONSE

GuardianFederal

IC-3

Cyber Incident & Intrusion ReportingE-

Guardian*Local Law Enforcement

I-Guardian*

Internet Crime

Complaint Center

Private Sector

Cyber Task ForceNational Security

Cyber WatchFBI Headquarters / 24 hours

General Internet Fraud

*To be implemented in 2013

OtherCriminal Squad

State/Local Police

Criminal Intrusion RCFL

FBI Chicago Field Office

Page 22: C YBER  T HREATS  AND  R ESPONSE

e-Guardian– A secure, user friendly system implemented in 2008 for

to share terrorist threats, events, and suspicious activity among state, local, and federal law enforcement

– The system was enhanced in 2013 to allow events and suspicious activities involving computer intrusion events to be reported to FBI CTFs.

i-Guardian– A system being developed for trusted industry

partners to report incidents and submit malware.

Reporting…

Page 23: C YBER  T HREATS  AND  R ESPONSE

CTF Task Force Officers– Paid Overtime

– Paid vehicle, fuel, phone and equipment

– Paid training

– Three days/week; Two year commitment

RCFL

Cyber Task Force

Task Force Members– Three year commitment - full time

– Same paid overtime, vehicle, fuel, phone, equipment

– Full training toward CART Examiner certification

Page 24: C YBER  T HREATS  AND  R ESPONSE

-Robert S. Mueller, III

“We must abandon the belief that better defenses alone will be sufficient.

We must build better relationships. And we must overcome the obstacles that prevent us from sharing information and, most importantly, collaborating.”

Closing thought

Page 25: C YBER  T HREATS  AND  R ESPONSE

Our Ad Choice Sponsor:

QUESTIONS?

Page 26: C YBER  T HREATS  AND  R ESPONSE

FBI Chicago’s Cyber Task Force (CTF)Telephone: (312)421-6700

*Email: [email protected]

Points of Contact:

SA Tim HearlDesk: (312)829-7580Cell: (630)270-5433

Blackberry/e-mail: [email protected]