Christopher Wray
Director
Federal Bureau of Investigation
World Economic Forum, Annual Meeting on Cybersecurity 2020: Enabling the Great Reset
(Virtual)
November 16, 2020

Tackling the Cyber Threat as a Global Community

Remarks prepared for delivery.

It’s an honor to be here to talk about how the FBI is fighting the ever-evolving cyber threat.

I do wish we could be together in person, but COVID has of course made us all have to find new ways of getting together. And new ways of doing business.

There’s a lot of talk about “pivoting” today. It’s become kind of a COVID-era buzzword.

Pivoting to host conferences, like this one, virtually. Businesses pivoting to meet the changing needs of customers.

But I’m sure many of you would say that’s nothing new.

Organizations that stand the test of time know that pivoting is crucial to staying relevant and being successful.

In his book, The Infinite Game, author Simon Sinek gave a great example—and a fitting one for a forum discussion.

The Swiss company Victorinox has been around since 1884. Everyone knows Victorinox as the maker of the Swiss Army knife.

But after September 11, we faced new restrictions on what people could carry on airplanes, and sales of Swiss Army knives declined dramatically.

Victorinox didn’t crumble, though. They pivoted to making travel gear, watches, and fragrances—a change that has helped the company nearly double its revenue compared to the days before 9/11. And that’s because they proved themselves both agile and resilient.

At the FBI, we have a track record of being able to pivot when necessary, too. Like when we changed gears to focus on organized crime in the 1970s and 80s or terrorism after 9/11.

We’ve brought that same approach to protecting the American people—and our businesses—from foreign cyber operations and significant cybercrime.

And it’s not just the FBI, of course. The whole cyber community has evolved, together, to meet this changing threat.

We all understand that the old approach of tackling the cyber threat one case at a time isn’t going to cut it.

We’ve got to take an enterprise approach—one that involves government agencies, private industry, researchers, and nonprofits, across the U.S. and around the world.

And we’ve got to use our respective strengths to work toward a common purpose: keeping our countries—and our companies—safe, secure, and confident in a digitally connected world.

I want to talk today about the FBI’s new cyber strategy. And about the importance of working together to tackle the cyber threat as a global community. And then I’m looking forward to a conversation that dives deeper into some of these topics.

FBI Cyber Strategy

At the FBI, we’ve been fighting the cyber threat for many years now.

We began our early high-tech crime effort in the mid-1990s, and created our Cyber Division in 2002.

We’ve become known for our efforts to call out destabilizing and damaging cyber activity by nation-state actors.

Like when we announced charges last month against the Russian intelligence officers behind the most destructive cyber campaign ever perpetrated by a single group, including the NotPetya and Black Energy attacks. Along with the Olympic Destroyer malware, and other outrageous misconduct, that together caused havoc in global shipping, power, public health, and the Olympic Games.

But we are also particularly focused on the threat posed by cyber criminals.

Schemes like ransomware have always caused disruption and financial loss, but today they’ve escalated to a whole new level—shutting down schools, interrupting key governmental services, crippling hospitals, and threatening critical infrastructure.

We’re putting our new cyber strategy in place to stay ahead of this ever-evolving threat landscape.

Just like we’ve done throughout our 112-year history of fighting crime and terrorism, our goal is to impose risk and consequences on bad actors in cyberspace—whoever and wherever they are.

Put more bluntly: We want to make it harder and more painful for hackers and criminals to do what they’re doing.

An essential prong of the strategy is to leverage our enduring partnerships—in both investigating cybercrime and raising the costs to criminal actors.

That means we’re leveraging the information we obtain through our investigations to also enable our partners to take action.

For those less familiar with the U.S. system, the FBI is America’s premier federal investigative service.

And within our government’s cyber ecosystem, the FBI focuses on threats. Not just investigating discrete incidents but making it our business to understand who and where our cyber adversaries are, how they operate, and how we can weaken them.

Our partner-focused strategy means that in addition to fueling criminal prosecutions, information from our investigations gives treasury officials the means to cut criminals off from the global financial system.

It gives our global law enforcement partners the means to seize malicious infrastructure and locate and arrest criminals hiding in their jurisdictions.

And, vitally, that information arms private-sector network defenders around the world with technical indicators they need to protect themselves, as well as the ability to shut down criminal infrastructure, and kick bad guys off their platforms and networks.

The point isn’t who claims credit. It’s achieving safety, security, and confidence, for all of us, in our digitally connected world.

We have a long history of cooperating with law enforcement and private-sector partners across the world to confront complex cybercrime threats.

Think of our disruptions of the Kelihos botnet in 2017, worldwide business email compromise scams in Operation WireWire in 2018 and ReWired in 2019, and the major cybercrime money laundering group QQAAZZ just last month.

And we’ve been cultivating the partnerships we rely upon today for longer than that.

Some of you will recall the 2016 effort to disrupt the cybercrime infrastructure-as-a-service network called Avalanche, which enabled more than two dozen of the world’s most pernicious malware variants.

That herculean effort included contributions by investigators in more than 40 jurisdictions, Europol, the Shadowserver Foundation, a German research institute, ICANN, national CERTs, and domain registries around the world.

And we’ve continued to build from there. More and stronger partners, focused together on stopping and deterring those who would attack us.

Global Partners Standing Together

We’ve got to continue to work together as global partners. That’s not just the best option, it’s the only option.

That team approach, especially with the private sector, is central to how we’re addressing cyber in today’s FBI.

So we’ve created unique hubs where members of the cyber community can work alongside each other and build long-term, trusting relationships.

For example, we’re now co-located with U.S. and international partners in industry, academia, and the financial sector as part of the National Cyber-Forensics and Training Alliance in both Pittsburgh and New York City.

That effort has been so successful that we’ve expanded it—we now also partner with companies in the defense sector, through our National Defense Cyber Alliance

We’re exchanging valuable tactical information with the private sector in those forums and elsewhere, but our daily discussions with corporate partners are also informing our strategic focus, by making sure we know what threats most concern them.

Overseas, we’ve got legal attachés around the world and skilled cyber agents in embassies sharing intelligence and building partnerships with both foreign law enforcement and security services—and enabling a virtuous cycle of cooperation.

We pass information developed through our investigations to partners abroad—including warnings about intrusions at victim companies and institutions.

Our partners who respond to those leads can then in turn provide us with more information about the threats we all face—feeding our global investigations, helping us discover even more indicators the private sector can use to mitigate the threat, more malicious infrastructure we can target ourselves or notify private sector partners of, more arrest opportunities, which leads us to more useful information to pass back to our partners, and so on.

We’re helped by the fact that so many of the companies we deal with are multi-national themselves—able to take information and make global use of it, and able to provide us with a global view of the threats they face.

We’re taking all the tools at our disposal and bringing them to the table, so that we can fight this threat together.

As the members of the forum know well, we’ve all become hyper connected.

And that has empowered people the world over—the good guys and the bad guys alike.

Because today’s economy lives, in large part, in the digital realm. And the more we expand our global footprint, and the more we do business in other countries, the more we can achieve, together. But, at the same time, the more risk we assume on the cyber front.

That’s why we can’t take our collective eyes off the cyber threat landscape. We can’t hold back from building on our connections. We’ve got to keep moving forward.

We’ve got to keep helping each other, so that we can protect each other against threats we all face together.

And we’ve got to place an even greater emphasis on partnerships and information sharing than we ever have before.

* * *

We won’t make any headway if we’re each off doing our own thing, because our adversaries rely on gaps in our community.

They like it when we’re not sharing information—when one player doesn’t trust the other.

We’ve got to keep building strong relationships with old allies and new partners alike.

We’ve got to learn to pivot where we need to.

And we’ve got to find innovative solutions to new problems if we want to maintain an edge against our adversaries in the cyber world.

At the FBI, we’re proud of our history of innovation—of more than a century of adapting and evolving to meet changing threats.

And there’s no issue requiring more imagination and willingness to evolve than in cyber.

I was excited to learn about the forum’s Partnerships Against Cybercrime study and pleased that experts from our Cyber Division participated.

We’ve got to continue to innovate and cooperate to generate outcomes much faster than was previously possible.

I’m hopeful that the report’s recommendations will keep us moving toward the trust, agility, scale, and speed we need in our partnerships to truly impact the cybercrime threat.

And I’ll end by leaving you with a call to action. If you haven’t already, please engage with private and government partners in this fight.

Invest in one of the “nodes” the report contemplates. Find ways to join your cybersecurity experts with like-minded experts from other industries and sectors—and we’ll make each other stronger.

The FBI is ready to play.

Thank you for your willingness to hear from me today.