Cyber threats from across the worldā āfrom Russian attempts to influence the war in Ukraine by threatening cyberattacks against the West, to China stealing defense and industrial secrets, to Iran's 2021 targeting of Children's Hospital in Bostonā , thwarted by the FBIāwere the focus of keynote remarks by FBI Director Christopher Wray at the sixth annual Boston Conference on Cyber Security, 51²č¹ŻCS 2022, held at Boston College on June 1.
Organized through a partnership between the FBI and the M.S. in Cybersecurity and Governance Program of 51²č¹Ż's Woods College of Advancing Studies, the conference brings together perspectives from academia, law enforcement, and the private sector.
"Our goal in hosting these conferences with the FBI is to build and strengthen the relationships between these sectors not only here in New England, but nationally, to seek better ways to defend against these invasive cyber threats and respond to the vulnerabilities," said Kevin R. Powers, founding director of the master's program, who also holds positions as assistant professor of the practice at 51²č¹Ż Law School and in the Carroll School of Management.
Wray's appearance marked his third as 51²č¹ŻCS keynote speaker since he assumed the office in 2017. Plenary speakers at the event included Brandon Wales, executive director of Cybersecurity and Infrastructure Security Agency (CISA), which leads the national effort to understand, manage, and reduce risk to cyber and physical infrastructure, and Simon Taylor, CEO and founder of leading multi-cloud backup and recovery service HYCU, Inc.
The war in Ukraine has brought Russia front and center for the FBI, Wray said, adding that the nation's recklessness with human lives in the ground conflict carries over into its actions in cyberspace.
He referenced a 2017 incident in which Russia used malware to hit Ukrainian critical infrastructure. "They targeted Ukraine but ended up also hitting systems throughout Europe, plus the U.S. and Australia, and even some systems within their own borders. They shut down a big chunk of global logistics," he said, a "reckless attack that ended up causing more than 10 billion dollars in damagesāone of the most damaging cyberattacks in the history of cyberattacks.
"Now, in Ukraine, we see them again launching destructive attacks, using tools like wiper malware. And weāre watching for their cyber activities to become more destructive as the war keeps going poorly for them."
The FBI is on what Wray termed "combat tempo," with a 24/7 cyber command post, continued outreach to potential targets to warn them about looming threats, and a focus on disrupting malicious cyber activity.
"When it comes to the threat of destructive attack, the adversaryās access is the problem," he said, so the FBI is focused on acting as early as possible against a threat, launching operations as soon as the researching of targets or attempts to gain an initial foothold on a network are detected.
FBI Director Christopher Wray at the sixth annual Boston Cyber Security Conference, held at Boston College. (Lee Pellegrini)
Attributing and holding nations accountable for their own actions as well as those of mercenaries they support, use, and protect is a also a priority, he said, and involves balancing the need for rapid outreach to warn and aid victims of cyberattacks against the need to develop a specific picture of whoās responsibleāinformation critical to the broader effort to degrade, disrupt, and deter a cyber adversary.
"As broad as Russiaās potential cyber accesses across the country may be, they pale in comparison to Chinaās," Wray said. China is studying the Ukraine conflict intently, he said, to improve their own capabilities to deter or hurt the U.S. in connection with an assault on Taiwan.
"The Chinese government is methodical," he said, hacking in support of long-term economic goals and operating on a larger scale. "Theyāve got a bigger hacking program than all other major nations combined. Theyāve stolen more American personal and corporate data than all nations combined. And theyāre showing no sign of tempering their ambition and aggression.
"Even their hacks that may seem noisy and reckless actually fit into a long-term, strategic plan to undermine U.S. national and economic security."
China's efforts are not limited to cyber, he said, noting that the FBI has apprehended Chinese agents out in the U.S. heartland targeting agricultural innovation.
“In the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks Iāve seenāright here in Bostonāwhen they decided to go after Boston Childrenās Hospital.”
Iran and North Korea also continue to carry out sophisticated intrusions targeting U.S. victims.
"In the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks Iāve seenāright here in Bostonāwhen they decided to go after Boston Childrenās Hospital," he said.
When the FBI detected the potential threat, Wray said, the cyber squad in the FBI Boston Field Office raced to notify the hospital, getting them the information needed to quickly identify and mitigate the attack.
"Quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it," he said. "Itās a great example of why we deploy in the field the way we do, enabling that kind of immediate, before-catastrophe-strikes response."
Hospitalsāand many other providers of critical infrastructureāare major targets today, Wray said. "If malicious cyber actors are going to purposefully cause destruction or are going to hold data and systems for ransom, they tend to hit us somewhere thatās going to hurt. Thatās why weāve increasingly seen cybercriminals using ransomware against U.S. critical infrastructure sectors.
"Ransomware gangs love to go after things we canāt do without. Weāve seen them compromise networks for oil and gas pipelines, grade schools, 9-1-1 call centers. They also go after local governments."
The FBI, Wray said, has learned that "in cyber, as with other parts of our work countering criminal organizations, we can impose costs on cybercriminals by focusing on three things: the people, their infrastructure, and their money," by working with like-minded countries to identify whoās responsible for the most damaging ransomware schemes and take them out of the game, by taking down cybercriminalsā technical infrastructure to disrupts their operations, and by going after their resources, seizing virtual wallets and returning stolen funds.
"We believe in using every tool weāve got to impose risk and consequences and to remove bad guys from cyberspace. That includes leveraging every partnership we have."
51²č¹ŻCS co-organizer Kevin R. Powers (left), founding director of the M.S. in Cybersecurity Policy and Governance program at Boston College, in conversation with plenary speaker and CISA executive director Brandon Wales. (Lee Pellegrini)
Wray said the FBI, as both a law enforcement and intelligence service, pulls in information about hostile cyber activity from a wide range of sources including incident response firms, victims, and others in the private sector; partnerships with CISA, the Treasury, and other sector risk management agencies; foreign intelligence surveillance, global partners, and many more.
“Not every place has a program as robust and sophisticated as the [cybersecurity] program we have with 51²č¹Ż.”
Following Wray's remarks, in conversation with 51²č¹ŻCS co-organizer Kevin Powers, CISA executive director Brandon Wales outlined how the agency leads the nation's strategic efforts to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services.
In the next session, Powers spoke with HYCU CEO Simon Taylor, who discussed GetRScore, a new web-based resource that provides a free assessment of a company's ability to repel and recuperate from a ransomware attack. āR-Scoreā is the culmination of a collaboration between HYCU and cybersecurity and data privacy protection experts and leaders, including FireEye Mandiant, Carahsoft, SADA, and Rackspace, and 51²č¹Ż's Powers.
The emphasis on collaboration that is a hallmark of FBI operations and of the 51²č¹ŻCS also reflects a guiding principle of Boston College'sĢżM.S. in Cybersecurity Policy and Governance program.
"Not every place has a program as robust and sophisticated as the [cybersecurity] program we have with 51²č¹Ż," Wray said during a Q&A at the event.
An approved training provider for the U.S. Department of Homeland Securityās National Initiative for Cybersecurity Careers and Studies, the program aims to prepare professionals to design, develop, and implement cybersecurity strategies that defend against and ensure recovery from cyberattacks and to bridge the communication gap between information technology security professionals and key business stakeholders.
Learn more about the program at the M.S. in Cybersecurity Policy and Governance website.
Patricia Delaney | University Communications | June 2022