FBI to Conduct Joint Cyber Investigations With China
The bureau recently dispatched a cybersecurity expert to China, in an effort to work more cooperatively with Chinese authorities who oversee information networks, assistant director and head of the FBI’s cyber division Gordon Snow said March 31 at the Air Force Association’s "CyberFutures" conference.
FBI teams work with law enforcement and cyber agencies around the world, including in such places as Estonia, Romania and Colombia. But this is the first time an agent will be part of joint cybersecurity efforts with China, Snow said.
China has been under political fire over the past couple of years for being suspected of initiating attacks on networks of U.S. government agencies, defense contractors and corporate giants like Google. Unlike other U.S. agencies tasked with cyber-related missions, the FBI does not defend a network. The bureau focuses on the difficult problem of determining the source of the attacks.
“I’m trying to find the person behind the keyboard,” Snow said. “I want to know his plans and intentions.”
The FBI’s National Cyber Investigative Joint Task Force has three arms — an information operations group working out of Northern Virginia, an analysis branch in Maryland and a law enforcement operation also in the Washington, D.C. area. The task force works with 18 other organizations across the federal government, including NASA and the State Department.
The FBI tracks down cyber terrorists and hackers, Snow said. The bureau also collects intelligence on extremists who are using the Internet to communicate with, recruit and radicalize like-minded individuals. Or, it may investigate hackers who are increasingly showing themselves to be as sophisticated as state-sponsored organizations and large corporations, Snow said.
In addition to attributing attacks, the FBI must identify victims and notify them of intrusions.
Snow offered advice to those in charge of protecting critical networks. He said they must accept three things: They will be hacked, they might not know who did it and they have to be prepared to operate without access to critical information.