I am at the Chicago Federal Executive Board today where I spoke on "The State of Social Media in Government" (I'll post my slides later). The other speaker was Special Agent Peter Traven from the FBI who spoke under the title "Cyber Threats for the Federal Community." Specifically, he focused on the issue of trust and how the perpetrators of organized cyber intrusion, while they seek to steal and disrupt government information sharing, are ultimately focused on eroding our trust in institutions and each other.
Below are my notes:
Three Threat Levels
- no or low funding
- disorganized, usually single amateurs
- nuisance, but typically not dangerous
- bots and trojans
- high order skills
- well financed
- often rogue, but teams
- intentional reconnaissance and/or disruption
- very sophisticated
- foreign intelligence agencies or sponsored by them
- very well financed
- target technology as welll as info
- establish a covert presence
- undetectable (sometimes a presence for years)?
Who are the adversaries?
- China and Russia the most named actors as known threats
- See http://www.dni.gov/reports/20111103_report_fecie.pdf for details
- But they are not the only ones and cannot focus on them alone
- The New Spy Network = "The Exploitation of Trust" which seeks to infiltrate
- trusted incoming e-mail
- publicly available trusted websites / information
- downloadable resources that are currently trusted
How are they attacking us?
Exploiting Trusted E-mail
- e-mail contains attachments with malicious code which recipient is likely to open
- e-mail is made to appear to be from a trusted source
- documents with secretly embedded code
- e-mail addresses are cultivated for research
- we all want to trust, but we need to be cautious and discerning
Advanced Persistent Threat
- sophisticated and organized attached access and steal information
- Stages of an Attack:
- Network Reconnaissance
- Intrusion into Network
- Establishing a Backdoor Resent
- Obtaining Credentials
How is the FBI Helping?
- Proactive investigations
- Prioritization of highest threat areas
- Partnerships with industry and other key stakeholders
Questions from Audience:
Q1: You've talked about spies and information theft / monitoring, but what about disruption? Are you worried about that?
A1: Yes. It is an active threat we're working to combat, and not just for government, but for industry and infrastructure.
Q2: Where's the line between open government and operational security (i.e. posting your contact information online)?
A2: You need to be able to find people online - that's true - but we need to determine what is just enough information so that our information cannot be mined and manipulated.
Q3: Is there a collaboration of agencies that help to secure people online?
A3: Yes. There is the National Computer Intrusion Joint Taskforce that engages all of the key stakeholders to work together toward combating cyber intrusion.
Q4: Is there any penalty for criminal behavior? Internationally?
A4: Enforce domestically through Title 18, Section 1030. Work cooperatively with other nations to enforce and eradicate other threats.
Q5: What about mobile apps? What's the threat presented via mobile devices?
A5: Clearly, it's an emerging issue because of the proliferation of apps and mobile access points, coupled with the relative anonymity of developers. Right now, there are not known apps with malicious code, but it's certainly something that is being monitored.
Since this is relatively disturbing information and somewhat heavy, I wanted to end with a 'light' limerick from Judge Martin W. Baumgaertner (a brand new GovLooper), who wrapped up each of our presentations in a poetic way:
Agent Traven was cautionary
And warned of the harm we might see
Remain the best tactic
Most pleasures in life aren't germ-free.
There's Trojans, script kiddies and bots
There's pranks and more dangerous plots
Exploiting our trust
Which means that we must
Stay alert. Though abstain? We need not.
QUESTIONS FOR YOU:
- Has your agency / organization done anything to educate you and your colleagues about cyber threats and malicious practices by cyber villains?
- What if you learned that a trusted colleague or senior leader's email was compromised and you were sent an email with malicious code? Would it shake your trust in the institution's ability to protect you from cyber attack? Would you think twice about opening attachments or clicking links - even internally?