FBI Director Christopher Wray at the fourth annual Boston Conference on Cyber Security, held at Boston College this month. (Photos by Lee Pellegrini)
鈥淲e don鈥檛 want to just keep the cyber criminals at bay, we want to burn down their infrastructure,鈥 FBI Director Christopher A. Wray told an audience of several hundred cybersecurity experts gathered at Boston College on March 4, in an address that focused on the comprehensive, innovative, and broadly collaborative approach needed to combat an increasingly complex and widespread threat.
Wray delivered the keynote address at the fourth annual Boston Conference on Cyber Security, 情色空间CS 2020, organized through a partnership between the FBI and the M.S. in Cybersecurity and Governance Program of 情色空间's Woods College of Advancing Studies to seek better ways to defend against these invasive cyber threats and respond to the vulnerability of U.S. information systems.
Cyber crime continues to grow in scope, complexity, and sophistication, Wray told the gathering, and its impact has deepened, making it a powerful weapon for a range of 鈥渢hreat actors,鈥 from multi-national cyber syndicates to nation-state adversaries.
鈥淲e can鈥檛 just fight this threat one by one: One bad guy at a time, one syndicate at a time, one victim company at a time,鈥 he said. 鈥淲e鈥檝e got to tackle the cyber threat as a whole, applying our capabilities, our intelligence, and our partnerships to their full extent."
“This conference has become one of the most unique gatherings of voices, thinkers, and policy makers in the cyber realm. It鈥檚 one we鈥檙e really proud to be a part of at the FBI.”
Wray's remarks to the capacity crowd in Gasson Hall focused on the cyber threat writ large, and the spectrum of ways in which the FBI addresses it.
Concerns he cited include a wider-than-ever gamut of methods continually employed in new ways鈥ike the targeting of MSPs鈥攎anaged service providers鈥攁s a way to access scores of victims by hacking just one provider, a technique pioneered in China but now used by criminal hackers.
In addition, he said, "we face the increasingly blended threat of state-sponsored economic espionage facilitated by cyber intrusions. More than ever, our adversaries鈥 targets are our nation鈥檚 core economic assets鈥攐ur information and ideas, our innovation, our research and development, our technology."
No nation poses a broader, more severe threat to those assets than the Chinese government, he said. "They鈥檙e not just targeting companies related to our defense industry, they鈥檙e targeting companies producing everything from proprietary rice seeds to software for wind turbines to high-end medical devices. And they鈥檙e not just targeting innovation and R&D鈥攖hey鈥檙e going after cost and pricing information, internal strategy documents...anything that can give them a competitive advantage.鈥
Nation-state threats from China, Russia, Iran, North Korea and others also include efforts to obtain controlled defense technology and develop the ability to use cyber means to complement any future real-world conflict. But as dangerous as nation-states are, said Wray, the threat also comes from increasingly sophisticated criminal groups, with hackers on a level previously only seen among government operatives.
“We don鈥檛 want to just keep the cyber criminals at bay, we want to burn down their infrastructure.”
Befitting the scope of the danger, the U.S. deploys a whole cyber ecosystem against it鈥攁nd in cross-cutting law enforcement and national security authorities, the FBI is at the center of it, Wray said, citing as an example its work in the 2018 SamSam Ransomware indictment.
"SamSam was sophisticated malicious software used to hack into the networks of hospitals, schools, companies, government agencies, and a number of other entities, and to encrypt their computers. There were more than 200 victims鈥攊ncluding the City of Atlanta, the Port of San Diego, and MedStar Health.
"To identify the actors, we needed more than just our own intelligence. We needed information from victims across the country, and intelligence and investigative information from foreign partners and private sector entities who were also tracking SamSam. With all those pieces of the puzzle, we were able to attribute the attack to two Iranians.
"More puzzle pieces helped us determine the actors were working for personal profit, rather than on behalf of the Iranian government. [The Department of Justice] unsealed an indictment in November 2018. And the investigation also enabled the Treasury Department to issue sanctions against two bitcoin exchangers, and for the first time warn the private sector about some of the criminals鈥 virtual currency addresses.
"Since the indictment and sanctions, we haven鈥檛 seen any SamSam activity. Partnerships are what made all of this possible," Wray said.
Today's threats are too diverse, too dangerous, and too all-encompassing for any agency to tackle alone, he said. "We鈥檝e got to figure out how we can match strengths...that's the essence of the most effective partnerships.
"People should be able to say 'there鈥檚 no better partner' than the FBI," Wray said.
Learn about the M.S. in Cybersecurity Policy and Governance Program at Boston College, now on campus and online.
The themes emphasized in the FBI director's keynote address鈥攖he importance of partnerships across fields and disciplines, and sharing of innovation, intelligence, and expertise鈥攚ere reflected in remarks and breakout sessions throughout 情色空间CS 2020. Inaugurated in 2017 to encourage just this sort of collaboration, the annual conference, said Wray, "has become one of the most unique gatherings of voices, thinkers, and policy makers in the cyber realm. It鈥檚 one we鈥檙e really proud to be a part of at the FBI.鈥
Wray's remarks were followed by speakers including Mike Cote, president and CEO of SecureWorks; Helen Dixon, Ireland's commissioner for data protection;听 and John C. Demers, U.S. assistant attorney general for national security. Panel discussions focused on emerging technologies, operations, enforcement, as well as actual cyber and national security experiences related to risk, compliance, policy, threat trends, preparedness, resilience, and defensive strategies.
Cybersecurity specialists participating in 情色空间CS 2020 included other FBI representatives as well as experts from the U.S. departments of Defense and Justice, U.S. Securities and Exchange Commission, Bank of America, Cisco Systems, Data Protection Commission-Ireland, Eversource, Federal Reserve Bank of Boston, Facebook, FireEye, Google, IBM Security, Jones Day, Microsoft, Liberty Mutual Insurance, Massachusetts Port Authority, Mintz Levin, National Grid, Oracle, Raytheon, and SecureWorks, among others.
情色空间CS 2020 co-organizer Kevin R. Powers, founding director of the Boston College M.S. in Cybersecurity Policy and Governance Program, served as master of ceremonies for the event with FBI Boston Division Special Agent Doug Domin, head of the cyber crime program, and Joanna Baltes, curriculum coordinator of 情色空间's M.S. in cybersecurity program.
The conference co-chairs, Woods College Dean Karen Muncaster and FBI Boston Division Special Agent in Charge Joseph R. Bonavolonta, as well as Boston College Executive Vice President Michael Lochhead, also offered welcoming remarks.
An approved training provider for the U.S. Department of Homeland Security鈥檚 National Initiative for Cybersecurity Careers and Studies, 情色空间's M.S. in Cybersecurity Policy and Governance program鈥攚hich now offers its full curriculum online as well as on campus鈥攁ims to prepare professionals to design, develop, and implement cybersecurity strategies that defend against and ensure recovery from cyberattacks and to bridge the communication gap between information technology security professionals and key business stakeholders.
"Boston College's mission is to educate leaders to address the world鈥檚 most urgent problems; and that's exactly what we're doing in organizing this conference," said Powers, who also holds positions as assistant professor of the practice at 情色空间 Law School and in the Carroll School of Management. "We're taking the lead with the FBI by bringing together senior leaders and experts at 情色空间 to discuss ways to enhance cyber and national security. It's part of our program's effort to grow and strengthen the cybersecurity ecosystem...to bring together industry, academia, and government on these issues."
“We're taking the lead with the FBI in assembling the leaders and experts so these respective organizations can collaborate to enhance cybersecurity. ”
FBI Special Agent Bonavolonta, conference co-chair, underscored the message that today's cyber threats "have become much more sophisticated, pervasive, and dangerous as we become increasingly dependent on our digital capabilities.
"The FBI is very much aware of the urgency of the task we face in defeating them,鈥 said Bonavolonta, who oversees all the bureau's operations in Maine, Massachusetts, New Hampshire and Rhode Island.
鈥淭his conference marks the fourth year that we鈥檝e joined forces with Boston College to combine the talents, resources, and insights of our partners in academia, law enforcement, and the private sector to share strategies, intelligence, and better ways to lawfully access the evidence and information we need to keep our country and its citizens safe.鈥
听
Patricia Delaney | University Communications听 听 听 听 听 听 听 听 听 听 听 听