FBI Cyber Academy Focuses On Private-Sector Partnerships by Federal Bureau of Investigation
December 10, 2021
A spate of damaging, disruptive, and
increasingly aggressive hacks into key sectors of the country’s
critical infrastructure in recent years provided a sobering backdrop
for a recent gathering of FBI cyber experts and the chief
information security officers from companies around the country.
The FBI’s Cyber Division has held its Chief Information Security
Officer (CISO) Academy since 2016. The semi-annual meetings give
select personnel at private sector companies a chance to connect
with FBI cyber experts and receive classified briefings about the
threats they face and how to work with the FBI and partners when a
cyber breach occurs. For the FBI, the CISO Academy helps curate new
partners in the defense against cyber attacks—a worthy goal when an
estimated 85% of the nation’s critical infrastructure is owned and
operated by the private sector.
CISO Academy attendees at the Cyber Division's ninth session in Charlotte, North Carolina
during October 2021 included information security officers from companies representing the energy, finance, health care, and information technology sectors. During the three-day program, participants received security briefings and heard from information security experts who recalled their experiences with cyber attacks. (FBI photo)
|
“In terms of being the front line of
defense, or those who are most likely targeted, it’s going to be the
private sector,” said Noah Epstein, an intelligence analyst whose
Cyber Division unit tracks threats and vulnerabilities in the
country’s critical infrastructure. “That’s why it’s important that
we develop this relationship with them. It’s two-way information
sharing. And when something does occur, we already have that
relationship and we can respond swiftly.”
The three-day
session in October, hosted by the FBI’s Charlotte Field Office in
North Carolina, included 17 information security officers from
companies of varying sizes representing the energy, finance, health
care, and information technology sectors. FBI special agents and
analysts briefed attendees on past cases like cyber intrusions and
ransomware and described how the FBI conducts these types of dynamic
and sensitive investigations. As a general rule, they said, the
earlier the FBI is integrated into a response, the better the
outcome for everyone involved.
Academy attendees also heard
from information security experts who recalled their own experiences
fending off cyber attacks and working alongside the FBI. Ron Bushar,
a senior vice president and chief technology officer for government
solutions at FireEye, discussed how his company—a hired
investigative partner—worked alongside the FBI in the massive
SolarWinds breach.
FBI Special Agent Kathryn Sherman leads a breakout session
at the CISO Academy in Charlotte, North Carolina in October
2021. Sherman leads a squad in the Washington Field Office that investigates computer intrusions. She and other cyber agents led breakout sessions with participants. (FBI photo)
|
The 2020 hack of the Texas company,
attributed to overseas actors most likely in Russia, affected
thousands of organizations, including some federal agencies. Bushar
said that private sector companies stand to benefit from having a
strong relationship with a federal investigative partner and knowing
in advance what they will need to assist.
“It certainly helps
to have some understanding of what is going to be needed, what types
of questions you are going to be asked,” Bushar said. “Part of our
experience was we had a long-standing relationship with various
government people and organizations, so it was very ad hoc for us.
But a lot of organizations do not have that daily interaction or
understand the protocols. So building some of those relationships
through efforts like this is very useful.”
The CISO Academy
has traditionally been held at the FBI Training Academy in Quantico,
Virginia, where attendees get to watch and participate in tactical
and firearms demonstrations on the same campus where new agents
train. But COVID-19 protocols at the training academy put classes at
Quantico on hold, so the ninth session was held in Charlotte.
Between cyber briefings and breakout
sessions, attendees were given a break to see more traditional FBI
roles. They visited FBI Charlotte’s “shoot house,” where agents
train in close-quarters combat, and watched a demonstration by the
division’s SWAT team. Students also got to shoot FBI-issue weapons
at a target range the Bureau shares with local police. A highlight
for many was firing one of the division’s century-old Thompson
submachine guns, or Tommy guns.
By week’s end, attendees had
a better understanding of how they could work with the FBI and other
federal partners—ideally well before they are targeted in a cyber
attack. Many felt emboldened to meet again with their CEOs and
lawyers to hammer out more detailed plans of how they will work with
federal partners.
Eric Miller, information security manager at
Michigan-based Roush Enterprises, said it’s helpful to have FBI
input and a direct contact at the Detroit Field Office who can
provide a more comprehensive perspective when it comes to making
security decisions and pitching them to company executives.
“It really does help when you have additional expertise, especially
from law enforcement, to support your case,” Miller said.
Christina Quaine, chief information security officer at AvidXchange,
a Charlotte-based software company, said a checklist provided by the
CISO Academy was particularly valuable because it spells out
questions that would likely be asked by agents investigating a
breach.
Christina Quaine, a
FBI chief information security officer, dons sniper gear during a SWAT demonstration at the
Chief Information Security Officer Academy in Charlotte,
North Carolina in October 2021. (FBI photo)
|
“I’m definitely going back to my team and
having them proactively fill this out so we have it on deck,” Quaine
said. “I will go to my legal counsel, understand what their stance
is on sharing data, and understand how we can get to the right terms
so, if or when this happens, we have all these things lined up.”
Bryan Vorndran, assistant director of the FBI’s Cyber Division,
recommended that everyone at the very least establish a single point
of contact between their companies and the federal government. He
said the FBI—through investigation, prosecution, and attribution—can
hold bad actors accountable, which can have ultimately a deterrent
effect.
“The Bureau is excellent with targeted partners who
fall victim to these types of crimes,” he told Academy attendees as
they wrapped up the session. “We are the only agency in this country
that can put a well-educated, well-trained, well-intentioned agent
on any doorstep in this country within one hour; we can do that in
70 countries within a day. That is our value proposition.”
Federal Bureau of
Investigation (FBI) |
Department of
Justice
|
|