Just over a year ago, the Federal Bureau of Investigation simply refused to work with private companies on cybersecurity.
“We would actually watch our adversaries go into their networks and we would be afraid to go out and tell them too much because of the fear of revealing our sources,” said Rick McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response and Services branch.
What a difference a year makes.
“We have radically retooled the way we work with private industry,” he said, speaking at AFCEA International’s Global Intelligence Forum on Tuesday.
From leering neighbor to sleuthing partner, the FBI is now connecting with private industry through a rising number of channels: CEO briefings, information sharing and an online portal for companies to report cyberactivity in real-time (“We just flipped the switch on that yesterday,” McFeely said).
The private sector outreach is part of the FBI’s broader cybersecurity efforts to connect federal agencies (through the National Cyber Investigative Joint Task Force) and international partners (with embedded cyberagents). McFeely trotted his agencies new endeavors up to the Hill last month, and filled in some updates during his Tuesday remarks.
In the last two months, the FBI has brought in more than 60 CEOs from financial service companies — mostly banking, gas and oil. “We’ve given them a one-day security clearance and given them a full brief as to who is attacking their networks,” McFeely said. The briefings educate CEOs, providing them with malicious IP addresses to watch for, and various technical indicators that intruders are attacking their networks.
“Instead of watching foreign countries steal intellectual property, we’re going out to companies trying to prevent it,” he said.
Last week, Microsoft announced the overwhelming success of a partnership with the FBI to root out the Citadel financial malware, which had compromised more than 1.9 million computers and stolen more than $500 million from bank accounts. In a blog post, Microsoft said the joint work of the two organizations had eliminated 88 percent of the botnets (placed by the malware) since the project was announced in early June.
“We are not attacking any of these issues without having that dialogue between government and private sector,” McFeely said.
And starting this week, the online portal for these companies to submit their own cyberintrusion data — iGuardian — was rolled out to 58,000 companies. The FBI will use the portal to identify patterns across industries. “Those patterns, to us, paint a picture, which in the past the FBI did not disseminate out to private industry.”
The portal resembles the FBI’s system, Guardian, used to track and gather information on terrorists. “Guardian has also been enhanced to accept cyberincident reporting from fusion centers and state and local law enforcement,” McFeely said at the June Senate hearing.
Just how dedicated did McFeely feel the FBI — an organization which, just over a year ago, feared the private sector — was to these partnerships?
“Almost primarily solely focused.”