Cybersecurity is rising as a challenge area that “touches every program at the FBI,” the bureau’s Cyber Assistant Director Bryan Vorndran told members of Congress, highlighting the need to strengthen and evolve the FBI’s cyber workforce, collaboration tactics and capabilities to address increasing national cyber threats.
Vorndran testified before the House Judiciary Committee Tuesday in a hearing that looked to explore the identification, impact, disruption and cost of malicious cyber activity from the FBI perspective. Amid rising cyber attacks across critical infrastructure, supply chain, the government and the private sector, Chairman Jerry Nadler recognized that the FBI plays a pivotal role in ensuring a cybersecure future.
“The FBI has played a central role in shoring up our defensive position,” Nadler said about the FBI’s role in addressing cybercrimes like ransomware. “It has even begun recovering ransom payments from cybercriminals, as in the case in Colonial Pipeline.”
Even though the FBI Cyber Division has been addressing national cyber threats and attacks for nearly 20 years, Vorndran highlighted that the growing breadth of impact that malicious cyber activity has on the country is pushing the FBI to keep up with the right cyber talent and capabilities.
Although the FBI currently has more than 1,000 cyber-trained personnel across 56 field offices, more than 350 sub-offices and more than 70 countries, Vorndran said that recruitment and retainment of cybersecurity specialists have risen as a focus area for his division.
“At the FBI, we have been working hard to identify ways to better attract, train and retain talented tech minds,” Vorndran said. “We’re seeing the cyber threat grow exponentially. It now touches every program at the FBI. Cyberspace is where nation states go to learn our country’s secrets. It’s where criminals are extorting billions of dollars. And it’s where wars are being waged. We are now at a critical juncture. We must keep pace with the expansion of the tools at our adversaries’ disposal.”
Beyond the confines of the FBI’s own cybersecurity team, Vorndran also testified that his organization is looking to shift away from an indict-and-arrest approach to addressing cyberattacks and toward joint operations with government and industry partners to mitigate and address adversarial activities more stringently.
“Our emphasis on disrupting cyber adversaries — including through sharing information, enabling our partners and our partners enabling us — is part of the FBI’s continued move away from an indictment and arrest mentality, toward a playbook where we’ll work with the government and industry partners around the world to execute join sequency operations that impose the greatest possible cost on our adversaries,” Vorndron said.
Vorndran added that this new “playbook” approach will move the FBI toward the identification and disruption of cyber adversaries before they attack and respectively hold them accountable. The FBI will work alongside agencies like the Cybersecurity and Infrastructure Security Agency (CISA), U.S. Cyber Command (USCYBERCOM), National Security Agency (CSA), Office of the National Cyber Director and National Security Council to coordinate these activities.
The approach also reflects the FBI Cyber Strategy, which has been in play for about 18 months. The strategy aims to raise the cost for malicious actors to conduct cyber intrusions, steal financial and intellectual property and commit ransomware attacks. Vorndran wrote in his testimony that these strategies have improved the Cyber Division’s mission and has helped the FBI disrupt attacks like the Sodinokini/REvil ransomware incident and the Microsoft Exchange Server software vulnerability in 2021.
“In just 18 months, our strategy has enabled us to land some major blows against our cyber adversaries, and in 2021 alone, through work with our partners, the consequences we imposed on cyber actors included 240 arrests, 175 convictions, 290 indictments, 18 dismantlements and 453 disruptions,” Vorndran stated.
As the FBI continues its strides to improve its cyber activities, Vorndran highlighted top cyber threats that the country will need to prepare for in 2022 and beyond. These include:
- Nation-state threats from adversaries like China, Russia, Iran and North Korea
- Ransomware and cybercrime
- Election interference, especially from foreign actors
- Deepfakes and synthetic content used to conduct social engineering, spear-phishing, business email compromises and other fraud schemes
- Illicit exploitation of cryptocurrency
Vorndran encouraged state and local authorities, companies and other entities to proactively build robust relationships with their local FBI field office cyber squads and CISA to gain federal aid in responding to and addressing cyber incidents. He also stressed that these entities should report to the FBI or CISA if they become victims of cybercrimes.
Vordran had applauded the recently passed Cyber Incident Reporting for Critical Infrastructure Act, which mandates critical infrastructure operators to report cyber incidents and ransomware payments to CISA. Piggybacking off the legislation, Vordran added that the FBI will work with CISA to implement the legislation to enable law enforcement to leverage incident reports to disrupt cyber attackers.
Other than collaboration with the FBI, Vordran also said that organizations should form their own incident response plans as well and ensure that they exercise the plan every 90 days to ensure it’s up to speed with current needs and threats.