The continuous expansion of the global cyber environment has widened the United States’ attack surface and prompted the Federal Bureau of Investigation to reevaluate its role in the law enforcement of the digital world. Today, the FBI has embarked on a major cultural transformation and is implementing significant changes to meet new and emerging cyber needs.
“We are not your grandfather’s or your grandmother’s FBI,” remarked Bryan Vorndran, assistant director of the FBI’s cyber division, during GovCon Wire’s Second Annual Cybersecurity in National Security Summit.
Vorndran’s full keynote address is available to watch on-demand now in GovCon Wire’s digital event library. Click here to watch.
“The ultimate goal at the end of the day is to degrade the ecosystem for the adversary and make it more challenging for the adversaries to hurt us,” Vorndran said. He noted that the FBI’s traditional law enforcement strategies and tactics are not necessarily effective in thwarting cyber attacks, so the agency has had to shift away from them.
“We know we are not going to arrest our way out of the ransomware problem or the nation state cyber problem because almost all of the nation states and the criminals are in safe haven countries where we can’t get to,” Vorndran explained. “Undoubtedly we’re still successful with getting some individuals, subjects and criminals into custody, but at the end of the day, that’s not a viable solution in terms of strategic power and how we degrade the ecosystem.”
The FBI’s role in today’s cyber ecosystem is comprised of four main tenets that Vorndran outlined in his keynote address:
Investigative & Traditional Law Enforcement Responsibilities
The FBI has broad Title 18 and Title 21 authority, which allows the agency to “investigate crimes both here and overseas when they target America or our country or equities,” according to Vorndran. He explained that this first tenet involves carrying out the traditional law enforcement role with which the FBI is typically associated, and it also involves what Vorndran referred to as “taking players off the field.”
“Someone in the U.S. government has to have a goal of taking players off the field to punish adversaries for their criminal conduct. That is us. We will always have that at the forefront of our mind, but again, it’s not going to get us out of the problem,” he shared.
Domestic Intelligence Responsibilities
The FBI’s second objective is to “inform public and private sector partners about the cyber threat here in the United States,” Vorndran said.
“We do that work jointly today with CISA and with other partners, but we have a huge role in that space because of the intelligence and the evidence that we derive from our investigations that becomes very, very important to private sector and public sector partners,” he added.
Putting Pressure on the Threat
Vorndran explained that this objective involves reactive and proactive on-net operations, or what many people may know as computer network exploitation and operations.
“We are the only agency that has domestic authorities to do on-net operations here in the United States, and that’s a really, really important point and a really important growth area for us in the future,” Vorndran shared.
He also noted that the FBI has already removed malware from domestic infrastructure that represented malicious activity from Chinese and Russian adversaries.
Customer Service
The final pillar of the FBI’s role in the cyber environment is what Vorndran calls “Ritz-Carlton-level customer service,” and it involves building relationships with partners, particularly in the private sector, before an intrusion.
However, Vorndran explained that the FBI can’t build relationships with every organization due to finite resources. In response, the FBI has been building algorithms and weighted decision matrices to help the agency understand which organizational relationships are most important to establish, especially where there are national security risks and critical infrastructure.
To learn more about cybersecurity in the public sector, join the Potomac Officers Club’s Cybersecurity and Infrastructure Security Forum on Oct. 13. Bob Costello, CIO of CISA, is scheduled to keynote. Click here to register.
