FBI, This Week: The Chief Information Security Officer Academy

October 26, 2018

Chief information security officers from companies across the country are graduating from an FBI academy designed to teach them how to prevent, counter, and defeat cybercrime.

Audio Transcript

Mollie Halpern: Chief information security officers, known as CISOs, from companies across the country are graduating from an FBI academy designed to teach them how to prevent, counter, and defeat cybercrime.

The 25 graduates receive their certifications from the CISO Academy during October, which is National Cybersecurity Awareness Month.

The academy’s class sizes are purposely kept small to foster relationships and information sharing between CISOs and the FBI—benefiting both the private sector and the government in combating cyber attacks.

Jason Levitt, a unit chief in the FBI’s Cyber Division, explains.

Jason Levitt: The whole point of it is to have that outreach effort, to be able to educate and inform CISOs that when they go back to their particular business—be it in financial services or energy or health care—that they know what’s of interest to us, but also they can share with other decision-makers within their organization what they need to do to secure their networks.

Halpern: The CISO Academy, held twice a year, provides participants a behind-the-scenes look at the current threats and how FBI agents conduct cyber investigations and work with interagency partners.

Every five CISOs are assigned a specific supervisory special agent who serves as their ambassador so they can answer additional investigative questions during the weeklong cyber academy.

CISOs are also taught the importance of having an incident response plan in place prior to a possible intrusion.

Levitt: Having an incident response plan is something that we really focus on with the CISOs. When something bad happens and you see an intrusion, we don't want that to be the first time that you call the FBI. You should have a relationship with your local field office, because that’s what really cuts through a lot of the red tape at the end of the day.

Halpern: The private industry is often the first to see nefarious activity on their networks and may have the missing piece of the puzzle needed to identify an emerging threat.

That’s one reason why information sharing can help the FBI gain a holistic view of the cyber threat, which is a unique one because cyber actors range from individuals to nation-states to criminal enterprises.

Levitt: What private industry should understand is that our goal is attribution. We want to find out who did the bad thing to who and why. Because with that, we can impose consequences, be it sanctions through our partners within the U.S. government and abroad, be it arrests and prosecution. Naming and shaming is something that the U.S. government has done in recent years. We want other countries and criminal enterprises understand that we will not tolerate intrusions, theft of information, and attacks on our critical infrastructure.

Halpern: Private-public partnerships, like the CISO Academy, have led to many successful cyber investigations.

Levitt: It’s difficult at times because a lot of the American public doesn’t see what it is that the FBI does day to day except on TV, in the news, or either through movies and television, and these are the things that go on in the background to ensure that we're protecting the American people.

Halpern: Since its inception in 2015, about 150 people have attended the CISO Academy.

With FBI, This Week, I’m Mollie Halpern of the Bureau.

Audio Download