Christopher Wray
Director
Federal Bureau of Investigation
CISA National Cybersecurity Summit 2020
Washington, D.C. (Virtual)
September 16, 2020

CISA Cybersecurity Summit: Addressing Threats Through Partnerships

Remarks as delivered.

Good afternoon. It’s challenging to put on an event like this on a normal day—and these sure aren’t normal days. So I’m grateful to our partners at CISA for hosting this event, and giving us the opportunity to share information and new ways of fighting the ever-evolving cyber threat. We’ve all had to find new ways of doing business.

At the FBI, we’re finding new ways to carry out our mission while keeping our people safe, much like all of you. Because the threats we face don’t stop—even during a pandemic. So the work can’t stop either. But in many ways, we’re kinda used to that at the Bureau. When things get tough, we adapt, we innovate, and we evolve.

We’ve brought that same approach to protecting the United States from foreign cyber operations and combating significant cyber crime. And it’s not just the FBI, of course. The whole cyber community has evolved to meet this changing threat. We all understand that the old approach of tackling the cyber threat one case at a time doesn’t work. Instead, we need to come at it from a different angle.

We’ve got to take an enterprise approach—one that involves government agencies, private industry, researchers, and nonprofits, across the U.S. and around the world. And we’ve got to use our respective strengths to work towards a common purpose: keeping our country safe, secure, and confident in a digitally connected world.

Today, I want to talk about the FBI’s new cyber strategy. I want to talk about how we’re pursuing that strategy by focusing on partnerships at every level. And lastly, I want to touch on how we’re tackling some of the threats we face, together.

Imposing Risk and Consequences

Let me start with the FBI’s new cyber strategy, while I’ve still got your attention. I know some people start to tune out when they hear the word “strategy.” It’s become kind of a corporate buzzword, and we use it so much that it’s a bit diluted. But what it really means is taking an overarching look at a big issue and figuring out the best way to tackle it, with purpose and planning.

We’ve been fighting the cyber threat for years now, and it’s all too often been a game of whack-a-mole. We investigate one major hack, only to uncover another one. We disrupt one nation-state adversary targeting our infrastructure and our intellectual property, and another one lights up the map. Some days, it seems like a never-ending battle.

So we wanted to see if we could look at this fight in a new way, with fresh eyes, including taking a closer look at what the FBI can bring to this fight that no one else can. Our strategy, in a nutshell, is to impose risk and consequences on cyber adversaries. In plain English, we want to make it harder and more painful for hackers and criminals to do what they’re doing. And the best way for us to do that is by leveraging our unique authorities, our world-class capabilities, and our enduring partnerships, and using all three in service to the larger cyber community.

It’s a shift in mindset. We want to build on the innovation that has helped the FBI adapt and evolve to meet changing threats over the past century. From crime crossing state lines back in the 1920s to the organized crime syndicates of the ‘70s and ‘80s, to the terrorist threats of today. We’ve got to change the cost-benefit calculus of criminals and nation-states who believe they can compromise U.S. networks, steal U.S. financial and intellectual property, and hold our critical infrastructure at risk—all without incurring any risk themselves.

This isn’t a problem any one of us alone can address, no matter where we sit. So central to our strategy is the role FBI plays as an indispensable partner to our federal counterparts, our foreign partners, and our private sector partners. We want to make sure we’re doing everything we can to help our partners do what they need to do. That means using our role as the lead federal agency with law enforcement and intelligence responsibilities to not only pursue our own actions, but to enable our partners to defend networks, attribute malicious activity, impose sanctions for bad behavior, and take the fight to our adversaries overseas.

To create opportunities for our partners in our common fight, that means we might forego a law enforcement action, like an arrest or an indictment, if we can hit the threat harder another way. It doesn’t matter whose action leads to that impact.

One of my mentors, former Deputy Attorney General Larry Thompson, would constantly quote the saying, “It’s amazing what you can accomplish when you don’t care who gets the credit.” And that’s abundantly true today, with the cyber threat. It doesn’t matter who gets the credit, we just need to get there, together.

Addressing Threats Through Partnerships

That team approach is central to how we work with both the public and private sectors, from other government agencies, to companies of all sizes, to universities, to NGOs. We’ve created unique hubs where members of the cyber community can work alongside each other and build long-term relationships. We’re working to build an atmosphere of trust and collaboration, the kind that only comes from sitting across the table from someone you know and really hashing things out.

Within government, that hub is the National Cyber Investigative Joint Task Force, the NCIJTF. Led by the FBI, the NCIJTF includes more than 30 co-located agencies from the Intelligence Community and law enforcement. We’ve pushed a significant amount of our own operational and analytical capabilities into the NCIJTF to strengthen its role as a core element of this nation’s cyber strategy, and this year we invited senior executives from other agencies to lead new threat-focused mission centers there. We also refocused the NCIJTF itself, so that it now coordinates multi-agency campaigns to combat the most significant cyber threats and adversaries.

But we know that government can’t do it on our own. This fight requires a whole-of-society approach—government and the private sector, working together against threats to our national security and our economic security. That’s why we created another hub to work with the defense industry, the National Defense Cyber Alliance, where experts from the FBI and cleared defense contractors sit together, sharing intelligence in real time. It’s why we’re co-located with partners in industry, academia, and the financial sector as part of the National Cyber-Forensics and Training Alliance in both Pittsburgh and New York City.

And it’s why agents in every single FBI field office spend a huge amount of time going out to companies and universities in their area, establishing relationships before there’s a problem, and providing threat intelligence to help prepare defenses. That includes information we’ve obtained from sensitive sources. I’m sure you can appreciate there are times when we can’t share as much as we’d like to, but we’re working to get better and smarter about that, and by “we,” I mean all of us in the Intelligence Community.

We might not be able to tell you precisely how we knew you were in trouble—but we can usually find a way to tell you what you need to know to prepare for, or stop, an attack. Having a pre-existing relationship with a company or university leadership invariably helps us do that faster. For private sector leaders, talking with us before a problem strikes helps you understand how we actually operate, how we protect information provided by victims who face challenges on a whole bunch of fronts in the wake of a major intrusion, and how we work hard not to disrupt their operations.

That kind of information is a lot easier to digest when things are calm, rather than in the midst of a crisis. It helps you better understand how we can help. Regulators like the FTC, the SEC, and state AGs often want to know whether a company is cooperating with law enforcement, and if a company asks us to, we’re happy to flag its assistance in our efforts.

Ideally, we can create a flow of information that runs both ways, so we can get helpful information, too. We may come to a victim company knowing one IP address used to attack them, but not another. If they tell us about the second one, not only can we do more to help them, we may be able to stop the next attack, too, and we’re committed to giving you feedback on what you share with us—this is a two-way street.

We’re in this together, with all our partners. We all face the same dangers, and we won’t make any headway each off doing our own thing. Because our adversaries rely on gaps in our community, they like it when we’re not sharing information—when one player doesn’t trust the other.

They long for the days when we had walls between our national security and criminal investigations and dramatic clashes between foreign and domestic authorities. With hubs like the NCIJTF and strong relationships with government and private sector partners, we close those gaps and make our adversaries’ work that much harder.

Using FBI’s Capabilities to Battle the Threat

With all that in mind, I’d like to touch on how we’re attacking some of the most dangerous threats on the cyber front. From the Chinese government targeting our intellectual property to Russian targeting of our critical infrastructure to increasingly sophisticated criminal cyber syndicates and the many dangers in between. Given the gravity of these threats, the government employs a whole cyber ecosystem. And at the FBI, we play a central, core role in that ecosystem. That’s where the idea of “imposing risk and consequences” comes into play.

We’re using our unique mix of authorities to investigate attacks and intrusions, to identify who’s responsible—all the way down to who’s on the keyboard—to collect and share intelligence and to create opportunities for our domestic and international partners.

We’re making the most of our strong presence here at home and abroad. We’ve got cyber squads with interagency partners in every FBI field office and cyber agents in embassies around the world, sharing intelligence and building partnerships with both foreign law enforcement and intelligence services.

We’ve got an elite rapid-response force, our Cyber Action Team, ready to respond to major incidents anywhere, anytime, and we’re leveraging our decades of experience across the FBI. For example, our Counterintelligence Division is filled with experts in combating a wide range of foreign intelligence threats on U.S. soil. Our Counterterrorism Division helps us anticipate how terrorists might develop the skills and plans to harm us virtually. And our Criminal Investigative Division helps us stop massive online criminal schemes and syndicates.

We’re taking all these tools and bringing them to the table so that we can fight this threat together. Just a few examples to highlight. Together with our partners at CISA and DOD, we’ve identified and attributed Chinese targeting of specific companies researching COVID-19 vaccines and treatments, and we’re giving those companies the information they need to protect themselves.

On the Russia front, we and our partners at NSA uncovered and exposed highly sophisticated malware developed by Russian military intelligence. We used criminal process—and close coordination with foreign partners—to get information that helped us better understand that malware, complementing the great work our fellow intelligence community colleagues at NSA had done. That information allowed us to release an unclassified report to warn the right people, and that public release was a painful disruption to a well-known adversary. It imposed a real cost on Russia, because they’d spent a lot of time and money developing the malware we outed.

Anything we can do together to get these bad guys on the backs of their heels is a victory.

Finally, against the threat that’s top of mind for all of us these days—foreign election interference: We’re taking the same approach, working to raise costs for our adversaries and enable our partners. We’re working closely with our government partners, especially DHS and ODNI.

But we’re also engaged with election officials, campaigns, party committees, and social media companies to share information and enhance resiliency. You may have seen that Twitter and Facebook took down accounts associated with a Russian influence campaign trying to hire unwitting U.S. journalists and place political ads. Importantly, Twitter and Facebook did so before those accounts could develop anything more than a nascent following, based on information from our Foreign Influence Task Force.

We haven’t seen cyber attacks to date this year on voter registration databases, or on any systems involving primary voting. And to our knowledge, no foreign government has attempted to tamper with U.S. vote counts.

But we’re always on watch against any threat to the foundations of our democracy.

Conclusion

At the FBI, we take a lot of inspiration from our 112-year history. We’ve built a track record of pivoting to counter new and dangerous threats. Like when we changed gears in our fight against terrorism after 9/11. I say we “changed gears,” but in reality, we shifted from first to fifth on the fly.

There was a lot of noise, a fair amount of smoke, and a few shredded tires, but the burnout got us where we needed to be. That ability to shift on the fly helps us adapt to evolving threats.

It helps us build strong relationships with old allies and new partners alike. It helps us find the kind of independent-thinking, hard-charging, creative people that keep pushing us forward.

And it gives us an edge against our adversaries in the cyber world. As we face each new threat, each new adversary, we’ve worked together to find ways to be more efficient, more agile, and more resilient, and we’ve made it harder for our adversaries to succeed.

As I tell my troops in the Bureau, we need to think outside of the box. Inside the rules, but outside the box. I’m confident we can get there, together.

Thank you for having me today.