James B. Comey
Federal Bureau of Investigation
FBI WMD Directorate/Interpol International Law Enforcement Critical Infrastructure Symposium
Miami, Florida
July 7, 2014

Protecting Critical Infrastructure and the Importance of Partnerships

Remarks as delivered.

Good morning everybody. It’s a pleasure to get a chance to open this important conference with you all. It’s particularly important to be doing this together with our partners at Interpol, with whom we do great work with around the world. With that combination of talent, one of the questions I asked myself as I came here is, whose idea was it to be in Miami in July? It appears it was the FBI’s idea. So I hope the weather treats you well, and I hope this beautiful location treats you well. I want to also thank John Perren, who is the assistant director of our Weapons of Mass Destruction Directorate, and his troops for all the work they did to organize this.

Eighty-four years ago, construction began on one of the country’s most prized and wondrous feats of engineering—the Hoover Dam. It remains one of America’s greatest infrastructure achievements, even today. If you’ve had a chance to visit it and stand before its awesome size, it’s hard to believe it was built nearly a century ago. Its mission was to harness the power of the mighty Colorado River. It involved 21,000 men, working for five years, and cost $49 million to build. It doesn’t seem like a lot of dough, but when you consider it was built during the Great Depression, you have some sense of the scale of this investment.

And once constructed, this innovative and hugely difficult project lit up Las Vegas and hydrated all of Southern California.

Today, critical infrastructure is all encompassing. It is everything to our country and our world—our dams, our bridges, our highways, our networks. These are the things that keep our water flowing, keep our houses lit, keep our cars fueled, our goods manufactured, and connect us all over the world. The threats we face and that we’re here to discuss to those interconnected systems—bioterrorism, agroterrorism, and sabotage, are as diverse as the infrastructure itself.

We have seen those threats manifest themselves in just the last few years. We’ve seen armed men shoot up a power station in Northern California. We’ve seen gunmen ravage the beautiful city of Mumbai. We’ve seen terrorists open fire in a mall in Kenya—my first week on this job. We know those threats are real. We know that what they’re aimed at is vital to our existence. So we must together figure out ways to protect our infrastructure. We must work together to strengthen our response to a terrorist attack, a tragic accident, or a natural disaster.

So what I’d like to do today is just take a few minutes with you and discuss these threats, what we at the FBI are doing to try to combat them, and why we think the relationships that are represented by the people in this room matter so much to us.

There is no room for failure. Many of the challenges we face are extremely remote possibilities. But if they came to bear, they have consequences that are very, very difficult to get your head around.

Let me start by talking about terrorism. There is no doubt that the threat from core al Qaeda is diminished today. Thanks to the men and women in our intelligence community, our partner intelligence communities, and our militaries, we have taken the fight to core al Qaeda and diminished what I describe as the central tumor of al Qaeda along the AfPak border. It is also no doubt with America’s withdrawal from Afghanistan they see a very real opportunity to rebuild.

But just as core al Qaeda has diminished, we have seen the flourishing of what I call the progeny of al Qaeda. Al Qaeda in the Islamic Maghreb, al Qaeda in the Arabian Peninsula, al-Nusra Front in Syria, ISIL in Iraq and Syria now. The progeny of al Qaeda have found the space and time to flourish throughout the Gulf and throughout North Africa. I wake up every morning worrying about the progeny of al Qaeda flourishing in the ungoverned or lightly governed spaces in that area. And I’m especially concerned about Syria. Syria serves as a breeding ground, a training ground, and a networking ground for thousands of jihadis all over the world. They have gone there in huge numbers to join the fight with groups like al Nusra or ISIL. The going is very worrisome. It is the coming out that worries me even more.

Those of us who know history can remember the diaspora of terrorists out of Afghanistan after the war with the Soviets and can draw a line from that diaspora to 9/11. We in the intelligence and law enforcement communities are determined not to allow a line to be drawn from a future diaspora out of Syria to a future 9/11 event. It is for that reason that we, Interpol, and dozens of our intelligence partners around the world are spending time every day worrying about the so-called Syria travel threat. And of course we are monitoring what is happening with ISIL even today in Iraq, to see what the implications are for that threat and future threats.

And then as anyone who reads the papers in the United States knows, we face homegrown violent extremists, homegrown terrorists. Some people call them lone wolves, a term that I don’t like, because it conveys a sense of dignity that these people don’t deserve. These homegrown violent extremists are people who are not directed by al Qaeda, but are inspired and trained through the poisonous information available on the Internet. They are al Qaeda-sponsored, sponsored by ISIL, sponsored by AQAP, and in their basements convince themselves they need to engage in violent acts in pursuance of some jihad of their own and emerge from their basements to kill innocent civilians here in the United States. This is a tremendous challenge for all of us in this business because the time between emerging from the basement and a violent act can be very, very short.

That’s terrorism. Let me say a word about cyber—a threat that everyone in this room knows. It touches all the responsibilities of what we worry about. I view it as a stack of state sponsored hackers, organized criminal groups, terrorist groups, hacktivists, ordinary thugs, and criminals of all sorts. Cyber touches everything the FBI is responsible for. I try to explain it to people who don’t know it as well as you do, that it’s actually not a thing, it’s a vector. It’s a way that bad people try to accomplish their ends. We as a society, here in the United States and around the world, have connected our entire lives to the Internet. That’s where bad people come for our things. That’s where our children play, that’s where our money is. It’s where our secrets are. It’s where our finances are. It’s where our health care is. It’s where our critical infrastructure is. And soon it will be where my shoes and my shirt and my refrigerator and my television are.

The so-called Internet of Things is just another leap toward connecting all of our lives to the Internet. And because that’s where our national lives are, our infrastructure is, and our personal lives are, those who would do us harm across those dimensions, that’s where they come. I have tried to explain to people that this is a magnitude greater vector change than we’ve ever seen before, a magnitude greater vector change than the vector change of the 20th century that actually gave birth to the modern FBI.

In the 1920s and 30s, there were criminals in the United States that were taking advantage of a whole new vector, the combination of asphalt and the automobile, that allowed criminals in the United States to commit crimes with shocking speed, and across unimaginable distances. John Dillinger could drive from Indiana to Illinois in the same day and do a robbery in each place. The modern FBI was born to respond to that vector change. This change dwarfs that. Dillinger could not do a thousand robberies in the same day in all 50 states, in his pajamas, halfway around the world. That’s the challenge we face today. The vector change involves people moving at the speed of light and shrinking the world to the size of a pinhead, because they can move at 186,000 miles per second as a photon does. This presents all of us with a challenge that requires us to shrink the world to respond. It’s the reason conferences like this are so important—because the bad guys have made the world the size of a pinhead, we, the good guys, have to do the same.

Let me mention a word about WMD while we’re here. I mentioned John Perren and our Weapons of Mass Destruction Directorate. We stood it up in 2006 because the FBI, under Robert Mueller, recognized it posed a threat that touched so many of the dimensions of the FBI that we needed to bring together counterterrorism elements, counterintelligence, intelligence, scientific, and technological to provide timely analysis of the threat and response. We built the WMD Directorate and assigned in each of our 56 field offices a Weapons of Mass Destruction coordinator whose job every single day is to build the relationship we needed to be able to respond to that threat—relationships with the private sector, with academia, with infrastructure partners, with other government partners. That coordinator’s job in each of our 56 field offices is to share information, to make sure we are pushing information to our partners, and we’re getting information that’s useful to all of us to respond to terrorists, criminals, lone actors, or insiders.

We also have 64 legal attachés around the world; two embedded WMD assistant legal attachés, one in Tblisi, and one in Singapore. The goal again is to shrink the world to respond to the threat. So that’s a bit about the threats we face, counterterrorism and cyber especially.

What are we trying to do about it? We are trying to think well about what we know and what we don’t know. We’re trying to build effective relationships with the private sector and our government partners. We are trying to train so we learn to play well. We are engaged in simulations that as best we can are intended to duplicate what we face in real life. Because we have learned the lesson that I hope you all have learned—that the time to get to know one another is not in the middle of a storm.

We face a lot of threats. One I have not mentioned yet is the threat of a nuclear or radiological incident, which is the proverbial, narrow, deep, deep hole almost without a bottom. We are training with the Nuclear Regulatory Commission on how best to prepare in the case of a nuclear or radiological incident at one of our nuclear power facilities. We are working with the U.S. Department of Agriculture on training law enforcement on how to respond to potential attacks on our food supply. We are working with the Food and Drug Administration, USDA, and food companies to assess vulnerabilities in our supply chain and how we might counter potential sabotage. We are working with the Centers for Disease Control and Prevention to see if we can’t get better at joint training with local law enforcement and public health agencies to respond to possible bioterrorism and to recognize the early signs of radiation or chemical sabotage. And we’re training with our great partners at DHS, the U.S. Coast Guard, and the Department of Defense to test law enforcement response and communication in the event of an attack on our maritime or transportation infrastructure.

And as I said with my thank you at the beginning, we rely very heavily on Interpol. Because it’s only through Interpol that we can reach at the touch of a button each of their 190 member countries to address the WMD threats that span the globe.

I hope you know how important these partnerships are to us. It’s one of the reasons we sponsor a conference like this. It’s also one of the reasons we operate the National Academy. I know there are a lot of National Academy graduates here today. I believe the National Academy is one of the crown jewels of the FBI. In fact, I don’t think of it as an FBI thing, I think of it as something I hold in trust as the Director of the FBI for all of us in global law enforcement and here in the United States.

I knew about the National Academy before becoming Director—I had seen the yellow bricks around the world. There was a lot I had to learn about the National Academy. I learned that people at the National Academy practice karaoke, which I had not heard before. I also learned there is something at the National Academy called International Night, and in particular there is a phenomenon at the National Academy which is the day after International Night, because it seems no matter where you’re from or what culture you come from, people have a favorite brand of beverage that they bring to the National Academy to try to get their colleagues to try. People are punished by that trying.

There is no doubt that what the National Academy does is get us together. There is a line that is thousands and thousands of people long of those yellow bricks. It is something we have been doing for 75 years and we will continue to do for my entire tenure. I hope that if you haven’t had an opportunity yet to train at the National Academy that you will. You will not be sorry.

In addition to strengthening our partnerships at the government-to-government level, critical to our response to all the threats we face is working with the private sector. I knew this from my time in government 10 years ago and before, when I got to the private sector and oversaw security at two different leading private entities. I saw it even more powerfully.

I’ve come back to the FBI and thought about the threats we face and realized that without private sector cooperation, I can think I’m doing a great job, but it’s a bit like patrolling a street with 40-foot-high walls on the side. I can tell people the street look safe, but without the ability to see and share information into the neighborhoods on the other side of those walls, I’m wasting my time.

The private sector is on the other side of too many walls in our culture, and one of the things we have to do together is see if we can’t find a way to pass and to share through that wall so that the entire neighborhood could be made more safe. We have to develop a better way of the government pushing information to the private sector quickly and in a way that’s useful. A couple of things I want to mention—tools that we use to try to build those relationships. InfraGard for almost two decades now has been at the core of the FBI’s outreach to the private sector. It is an association of businesses, of academic institutions, law enforcement agencies, and others who are coming together to share information.

The Department of Homeland Security and the FBI also partnered to put together the second pillar of our cooperation with the private sector, which is the Domestic Security Alliance Council or DSAC. That strategic collaboration is designed to help protect, detect, and investigate criminal acts, while allowing private companies to receive from the government information that they can use to stop thieves, hackers, and criminals before they steal their intellectual property and their money.

Our goal in these efforts with InfraGard and DSAC is to try to strengthen our partnerships, so if we can’t knock down the walls, at least the 40-foot walls become more transparent and permeable to the flow of information.

Let me say a word about how the FBI collects, processes, and shares information. I have come back to discover an FBI that’s transformed in the way that it thinks about what we need to know to do our work. Today the FBI is a national security and law enforcement organization that uses intelligence to prevent and respond to crime and to terrorism. You may have heard the description of the FBI as “threat-based and intelligence-driven.” Let me say a word about what that means.

Intelligence to me is simply information relevant to decision-making. Being threat-based and intelligence driven simply means becoming more thoughtful about what we work and how we do that work. Becoming better at gathering useful information for ourselves, for policy makers, and our partners in both the government and the private sector on both the national security and the criminal side of the FBI.

There was a time when the bureau was criticized—with some justification—for working its inbox. We would work that which showed up at our door or where we already had sources, and we would work it extremely well. But we were too often accused of—and some of that was fair—of working that which was directly in front of us instead of thinking about what might be over the horizon or in a place where we had no visibility. That made it harder for us to see new and emerging threats.

Today we are constantly trying to understand the threats we face and what we might be missing. What we can see and what we can’t see. We constantly engage in a process to figure out which of the threats should be at the top of our list, how others should be ranked, and, given that ranking, what resources should we press against those threats? And how is that different in Miami and San Francisco and New York and Omaha, because it must be different in those places, and then what are we missing, what are the gaps in what we face? What are the intelligence gaps and how do we fill those gaps?

In short, the goal of the FBI built before I got here and something I want to continue is to look beyond our inbox and see what the challenges we face are and what should we be spending time on.

I grew up in a family where my parents managed to balance accountability and openness. I grew up in one of these families where we were expected to bang it around and have robust debate about things, but also be held to high standards by my folks. Sometimes that led to wrestling on the floor among siblings, but no effort to stab anybody with a butcher knife—no serious violence in my family. It was a friendly, loving environment, in which when we disagreed, we talked to each other. Why do I tell you this? That’s the kind of environment I expect the FBI to have with you. We will not always agree. But I expect an environment where we will air our disagreements, bang it around, in an atmosphere of accountability, high standards, and openness. That’s what you should expect from the FBI, you should expect that we will listen with humility in order to learn from you. We expect the same from you, that you will listen to our vantage point in an effort to learn from each other. Together, that kind of atmosphere builds strength.

As many of you will remember, today, July 7, was the day nine years ago that terrorists bombed the London Underground and a double-decker bus in a series of coordinated backpack bomb attacks.

It was actually that same day, July 7, nine years ago, that the leaders of the G-8 countries were gathered, about 400 miles north of there in Scotland. They were there to debate how best to solve the problems of the day, which were poverty in Africa, global climate change, and unfair trade. One by one, although it wasn’t on their agenda, each of the leaders stood up and resolved to assist then-British Prime Minister Tony Blair and the people of London in any way they could. London Mayor Ken Livingstone spoke that day and offered a message to the terrorists that I think is worth quoting. He said, “I know you fear that you will fail in your long-term objective to destroy our free society. I can show you why you will fail. In the days that follow, look at our airports, look at our seaports, and look at our railway stations. And even after your cowardly attack, you will see that people from around the world will arrive in London to fulfill their dreams and achieve their potential. They come to be free. They come to live the life they choose, they come to be themselves. They flee you, because you tell them how they should live.”

Within four weeks of the mayor’s remarks, the entire London Underground and its stations were back in business—a tribute to the resilience of the city’s infrastructure and the character of its people. I believe we owe it to free people everywhere to build and protect a strong and vibrant infrastructure to allow them to do what he said—to live, to work, to play safely, without fear, to thrive, to become who they want to be. Our fellow citizens expect it of us, that is what we’ve devoted our lives to, that’s why we’re here.

Our greatest weapon I believe is unity. Unity built on intelligence and interagency cooperation, and cooperation between government and private sector. It is built on the idea that standing together, we are smarter and stronger than we are standing alone. Because no one person—no FBI agent, no police officer, no agency, no country, no company—can prevent or respond to an attack on critical infrastructure alone.

That is why we must continue to work closely together with you—our federal and state partners, our private sector partners, our international partners—because standing together, we can better understand what each of us brings to the table and we can do better to protect our infrastructure, our communities, and the people we love. Thank you so much for caring about this. We look forward to learning from you and together building stronger communities. Have a good conference.