During the past year the FBI has changed its tactics in conducting cyber operations from a more passive approach that entails the surveillance of intruders inside of networks being attacked to a more active approach that aims to disrupt these attacks, an agency official told Congress.
Cyber operations used to entail observing adversaries collecting information on networks and trying to understand their intentions while rarely trying to “disrupt them as we might in a counter-terrorism case,” Richard McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response, and Services Branch, told the Senate Appropriations Committee. “We are now, working with our partners, successfully disrupting and impacting individuals behind a keyboard who have made it their mission to attack, steal, spy and commit terrorist attacks against our nation and its citizens.”
This “paradigm shift” in how the FBI conducts cyber operations isn’t just limited to the agency, it includes working with the private sector to thwart attacks, McFeely said.
“Just last week the FBI, Microsoft and the financial services industry conducted separate but coordinated operations to successfully disrupt more than 1,000 botnets,” which included networks of computers infected with a computer malware virus called “Citadel,” McFeely said. He said these networks of compromised computers were used in a global crime operation that is estimated to have caused more than $500 million in financial fraud.
McFeely said that the FBI is working with DHS and international partners to help thwart cyber attacks originating outside of the United States by providing Internet Protocol addresses of attackers to industry and law enforcement overseas. He added that the FBI and its partners are using public and private partnerships in the United States and internationally to protect “the public from cyber criminals.”
McFeely also said that the FBI continues to improve how it works with its partners in government and industry. With regard to the private sector, the agency is providing classified threat briefings and other tools to “help repel intruders” and is developing a platform called iGuardian that allows “trusted industry partners to report cyber incidents to all of government in real-time,” he said.
Another tool the FBI is developing would allow automated malware analysis of malware samples submitted by both law enforcement and industry partners, McFeely said. An unclassified version of the tool will be piloted with the private sector this fall, he said.
The day-to-day work of implementing the FBI’s cyber operations strategy is being carried out by the National Cyber Investigating Joint Task Force (NCIJTF), which is led by the FBI but includes partners from the National Security Agency, Department of Homeland Security, CIA, Secret Service, and U.S. Cyber Command, McFeely said. The task force also includes two international agencies and is resulted in an “unprecedented level” of coordination.
The hearing was the first to take a comprehensive look at the executive branch’s execution of cyber security operations and needs, according to Sen. Barbara Mikulski (D-Md.), the committee chairwoman. She said the Obama Administration’s FY ’14 budget request for cyber security across all its departments and agencies totals about $13 billion.
Of the request, the lion’s share, $9.2 billion is from DoD, $1.3 billion from DHS, $589 million from the Department of Justice with the FBI being the main beneficiary, $215 million from the Commerce Department with the National Institute of Standards and Technology as the main recipient, $197 million for the National Science Foundation, $50 million from the General Services Administration, and $37 million from the Department of State.
For DoD, $3.5 billion is going for protection of the department’s networks, and of that amount $2.2 billion is for the NSA and others in the intelligence community, Army Gen. Keith Alexander, head of both Cyber Command and the NSA told the committee. He also said that Cyber Command’s portion of the request from DoD is $582 million, which includes $68 million for research and development activities.