By Robynn Andracsek, PE, Burns & McDonnell and contributing editor
The FBI and the U.S. Government partner with private sector entities in a crucial effort to counter, fight, and defeat cyber threats and adversaries. As cyber threats continue to evolve, private industry, international partners and state, local and Federal agencies need to strengthen partnerships. To do so, all parties must be willing to share information and work together to enhance the nation’s cybersecurity posture. From a Federal law enforcement perspective, the FBI is working to advance its relationships with private industry to address the ever-changing cyber threats faced from global adversaries. Executive Order 13636 “Improving Critical Infrastructure Cybersecurity” mandated that government agencies enhance the ways in which they share information with private industry. Although the FBI has worked with private sector throughout its history, the EO provided the bureau with an opportunity to look at new and innovative ways to interact with industry.
One new initiative the FBI has pursued is its Chief Information Security Officer (CISO) Academy. Hosted at the FBI Academy, this three-day training program provides executive managers from private industry an opportunity to understand the roles and responsibilities of the FBI and its federal partners in the cyber arena. The third CISO Academy was held in March 2017, and included 40 participants from across industry, including Energy, who stayed on the Academy grounds and had a taste of what new agent trainees experience. Participants interacted with subject matter experts to discuss cyber threats, legal policies, law enforcement processes and the importance of intelligence sharing between the government and private industry.
Stacy Stevens, Unit Chief of the Mission Critical Engagement Unit inside the FBI’s Cyber Division, says that “developing trusted partnerships prior to a cyber-attack helps put missing pieces of an investigative puzzle together.” Programs such as the CISO Academy allow industry to see the innerworkings of the FBI to gain a better understanding of how the government works to address cyber threats. Attendees of the class are often critical of the government at the beginning of the program but as they gain a better understanding of how it works and how each of their colleagues from other sectors work, they become more supportive of proactively collaborating to address cyber threats. These partnerships provide opportunities to interact prior to a cyber-attack and enhance measures to mitigate threats. An example is an Action Campaign focused on the recent power outages in Eastern Europe. The FBI, along with federal partners from the Department of Homeland Security (DHS) and the Department of Energy (DOE), used in-person briefs and webinars to provide information to the Energy Sector regarding the power outages.
Highlights of the most recent CISO Academy included a discussion on the Internet of Things (IoT) and the challenges surrounding ransomware. IoT examples include connected devices such as medical devices, televisions, Wi-Fi routers, smart hubs, vehicles, thermostats, door locks, light switches, manufacturing equipment, security cameras, universal remotes, kitchen appliances, fitness trackers, and sprinkler systems. IoT devices now have the capability to collect health data, location, energy consumption, dietary habits, entertainment preferences, and other intimate details of daily living. This type of information is valuable to hackers and third party individuals. The networked nature of IoT creates many attack surfaces that can be exploited and increases the potential for a data breach.
Anyone can be a victim of ransomware, such as the May 2017 WannaCry attack that shut down work at 16 hospitals across the United Kingdom. To raise awareness of the ransomware threat, in the fall of 2016, the FBI collaborated with the U.S. Secret Service and the National Council of Information Sharing and Analysis Centers to provide ransomware briefings in 39 cities across the country. Additionally, the FBI sends out Private Industry Notifications reports which provide contextual threat information regarding a cyber threat and FBI Liaison Alert System reports which provide technical indicators surrounding specific threats.
The overarching message is that the first-time private industry, such as a utility company, interacts with the government should not be during a cyber-attack. The FBI has 56 field offices across the United States and Legal Attaches throughout the world. Each utility should foster a proactive relationship with their local FBI field office and include federal law enforcement in any incident response plan it develops in anticipation of an attack. These different interactive programs hosted by the FBI can reach only a few people and companies. Developing relationships with the Federal government, including the FBI, establishes a link for utility companies to receive timely information which may assist in helping to mitigate threats before a power outage. Find the field office closest to your facility at www.fbi.gov/contact-us/field-offices.