• United States



Contributing Writer

New FBI strategy seeks to disrupt threat actors, help defenders through better coordination

News Analysis
Oct 06, 20205 mins
Critical InfrastructureCyberattacksSecurity

The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.

Law enforcement coordination  >  A team of investigators collaborates. [detectives / FBI agents]
Credit: South Agency / Getty Images

Last week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint announcement about the potential threat that foreign-backed online journals pose in spreading misinformation ahead of the crucial 2020 US presidential election.  This alert, intended to raise public awareness based on government intelligence, reflects a new strategic direction by the FBI to work with partners across the federal landscape to better protect the American public and its allies from cyber threats.

“It’s a complex threat environment where our greatest concerns involve foreign actors using global infrastructure to compromise US networks,” Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division said during a conference at Auburn University’s McCrary Institute organized to debut the Bureau’s new strategy.

Ugoretz said that among the many factors the FBI must now juggle in dealing with cyber threats are:

  • The increased attack surfaces stemming from widespread work-at-home arrangements due to the COVID-19 crisis
  • Attackers’ growing willingness to exploit the increased vulnerabilities the wider attack surface make possible
  • The increase in availability of tools that threat actors use to launch attacks
  • Growth in the number of both criminal and nation-state threat actors.

Greater threat complexity requires greater cooperation

All these moving parts point “to the need for a lot of cooperation here domestically and internationally to illuminate where cyber actors are trying to hide as well as the cooperation of owners and operators of critical infrastructure,” Ugoretz said. The goal of the new strategy is for the FBI to serve as a central hub for all the government and foreign agencies as well as private sector partners. “How we can use all of those relationships not only to support them but to also make sure we are the indispensable partner…to strengthen the overall fight against cyber threats,” she said.

“No one government agency will have a solution to the problem,” according to Matt Gorham, assistant director of the FBI’s Cyber Division and the official in charge of its investigations and operations. Gorham points to the welter of government agencies, departments and divisions that the new strategy embraces including CISA, major parts of the Defense Department and intelligence agencies that tackle cybersecurity issues.

Its mission is “to impose risk and consequence on our cyber adversaries through our unique authorities, robust capabilities and enduring partnerships,” Gorham said. “If we do it in isolation [from other government agencies] we are not really imposing the maximum risk and consequence on our cyber adversaries.”

New strategy doubles down on what the FBI already does

The new strategic direction by the FBI to operate as a central locus within the federal government isn’t completely new. It represents a change more of degree than function. “Very much of what we’re doing today with this new strategy is what we’re already doing. What we’re trying to do [now] is double down on that strategy,” Gorham said.

“It may entail cyber operations with our intelligence community partners and with our DoD partners. It may take the form of releasing indicators of compromise. Doing all those things to have the maximum impact on our adversaries and dissuade them [and] make it cost more” for them to launch attacks.

Gorham held up the Secret Service as the FBI’s “greatest partner in the cybercriminal space.” Saying that the two government cybersecurity arms will conduct coordination behind the scenes to take care of cyberattack victims, Gorham stressed just how close the two groups are. “If you call the Secret Service, it’s like calling the FBI. If you call the FBI, it’s like calling the Secret Service.”

What is new is an FBI pledge to victims of cyber malfeasance. “I think it’s important for victims to know that they can trust us when they call us. That we are going to treat them like a victim and they have the rights that come with that status,” Gorham said.

The pledge states that:

In pursuing our mission, we recognize that we will encounter unique and novel issues related to privacy and handling of sensitive data. We will always treat victims with dignity and respect, protecting their privacy and data and rigorously adhering to the US constitution, applicable laws, regulations and policies and the FBI’s core values.

National Cyber Investigative Joint Task Force plays a key role

A prominent part of the FBI’s new strategy is a bigger role for the National Cyber Investigative Joint Task Force (NCI-JTF), a central operation located in Chantilly, Virginia, that the FBI has been heading since 2008. “Today we have over 33 agencies and subcomponents of DoD that are stacked up and collocated here so that we can work together on a daily basis,” Clyde Wallace, deputy assistant director at FBI’s Cyber Division, said.

The NCI-JTF will synchronize all the efforts of these agencies and subcomponents moving forward. “We transformed how the Bureau and the NCI-JTF interacted. We restructured the NCI-JTF into mission centers to drive against specific threats going forward,” Wallace said. “Going forward, the NCIJTF is pulling together all of our domestic, our foreign partners, our capabilities, our authorities, our planning efforts from synchronized prioritization.”

The bottom-line for all these changes is to help organizations defend their networks and thwart adversaries wherever possible. “We’re looking to share [intelligence] as we learn it as quickly as possible to the extent we can to help network defenders with their defenses while we pursue attribution to disrupt the activity and hold the adversaries accountable,” Ugoretz said.