Responding to a growing concern about cyberthreats to U.S. businesses, the FBI has set up a new Internet portal called iGuardian through which critical infrastructure companies can securely report cyberintrusions directly to the Bureau. What makes this different than other cybersecurity reporting venues is that the FBI plans to respond to each report in person, according to Rick McFeely, FBI executive assistant director of the Criminal, Cyber, Response and Services Branch, who explained the program in an interview with Security Management.
“We’re actually going to send an agent out, and technical experts, to meet with the victim company to do a face to face,” he said. “We are asking for everything from how the adversary got in to what they did when they were in there—basically the technical information that we need to both evaluate the threat and help them internally.”
A key initial determination as reports come in will be whether there appears to be a widespread attack against a sector or whether it’s just an attack against an individual company. If it’s the former, that’s the Department of Homeland Security’s responsibility, addressing the threat across broad sectors.
Where it’s more a case of an individual victim, the FBI takes the lead. The main objective with iGuardian, which went live July 29, is to get more actionable intelligence about network attacks to help the agency find out “who’s behind the keyboard” at the other end. “That is our job at the end of the day,” McFeely says, “to identify the bad actors and indict them, and try to bring them back even if they are not in this country.”
In recent years, the U.S. government has ramped up its use of criminal statutes to go after hackers worldwide. As part of the effort, the FBI is sending 15 agents trained in cybercrime to serve as assistant legal attaches in embassies around the world and to help educate foreign counterparts about the technology and how to conduct cybercrime investigations. That’s in addition to working extensively with Europol and Interpol. At the same time, the Department of Justice is working with other countries to get them to pass cybercrime laws.
Right now iGuardian is open only to individuals who belong to InfraGard, a public-private partnership between critical infrastructure companies and the FBI, but that’s still a lot of possible participants as InfraGard has about 58,000 members.
It will take some time to see what impact iGuardian may ultimately have on the Bureau’s ability to catch cybercriminals. McFeely says that the agency estimates that it only gets to see about 10 percent of cyberattacks currently. If it works, this program may give the FBI a chance to raise that percentage considerably. But he acknowledges that companies and their general counsels still aren’t sure how much they want to share with government. “The question is,” says McFeely, “how much is private industry going to embrace this?”