tv Cybersecurity Intelligence Forum Part 5 CSPAN June 1, 2018 8:09am-9:09am EDT
response here is, you know, what is an integrated cyber operations platform, and for indiana i think we ended up saying it's all a little bit oa shell game. i think you really have to be focused on what's the problem you're trying to solve, what outcome do you want, and then let that drive where you want the data pieces to come in. how do you want your team, your team itself with the analysts, how do you want them organized? what do you want them looking at? that will help drive the tools that they appreciate, the tools that they want, make them more effective in their job. and so those are just three of the areas that we kind of failed on, three core strategies that are helped by realizing that and changing that and trying to address it i think helped us move along to get a little closer to finding that silver
bullet that everyone is looking for. so thanks for allowing me to share, and i think that is my time. [applause] >> am i live? i'm sure you had a lot of press from tom, chad, at fireeye it may be here to request but thank you for making a kill important today. my name is gary e. e. i'm here to help. that was kind of a joke. [laughing] but what a timely topic for us. it's been taunted for the past two and half, three years since we really started to take a cybersecurity seriously. and then cyber threats, cyber
threat intelligence which is something that for the army i think it's something that is gaining and a lot of traction in terms of understand what that means for us. high level messages i'd like to put up first. we have some good news. this past year we commission, we direct commissioned our first two cybersecurity cyber officers, first lieutenants, direct commission and that was something that's been in the works for a while to be able to do that. the criteria is you have to have a bachelors degree and then limited expertise. maybe a bit subjective on what that is because we are just learning how to bring direct commissions into the services. the army has two now and will be doing about five year to kind of get us up to speed. they started off as first lieutenants. that doesn't mean in the future they may not be at a higher
grade but we are turning toward how to bring direct excrete in the force of that's good news for us. we also have any given day, literally over 100,000 army soldiers, the current number is about 178,000 soldiers serving worldwide today and operational assignments. no kidding. you hear about the big ones in the middle east, southwest asia valente what comes around the globe at any given to over 100,000, 178,000. that's an awful lot. on the use of memorial day this past weekend which was quite an opportunity for me to reflect on why we serve, that kind of number, happening everyday to our brave men and women of all services really it's time for me to reflect and so i i share tht with you that this past week,
just reconnecting to my -- ability spend time and we acquaint and reconnect in why we serve and why we are here today and what i am here today to talk about how important cybersecurity and cyber threat intelligence is for our army. the next couple of weeks we will celebrate the armies 243rd birthday. we been around for a long time. [applause] there we go. and here's the thing begins been around longer than the u.s., right? we were found in 1775 and we were as a country found in 1776. talk about modernization. you've heard of the future command can anyone? in the news lately. what does that mean? it will be a four star command and it's going to happen because of the army has tried to figure out how to bring capability to
our forces fast. traditionally those of you who've been associate with the services, i think many of you have, whether you are working in the private sector or have served, we have stovepipes of excellence that we say this organization is a requirement, this does acquisition of by the way we have a whole operation force that is out there. the idea of this futures command is to be able to bring the operational folks together with the acquisition community together with requirement folks so we can come up with what we need faster. in the cyber world we are already doing that. you kind of are our breaking nw ground here in this world but the idea is in bringing the product faster is the idea of coming up with minimal product. minimal viable products.
the idea is you get something,, you put in the hands of users fast and let them work with it and then you get feedback. then you start working from there. they have some promise potential. work with it. if it doesn't, kill it. i think we do that already quite a bit in this committee here. i think in my mind some of the tangible stuff, the hardware type real world folks can learn what we do here in this world. this futures command will focus on six of the armies top priorities. y6? because because it is a manageable number and is because it helps to put focus into the separate. i will list them all. just your awareness because for every one of these there is a cyber component to it. long-range precision fires.
next, generation combat vehicles here future vertical lift. the army network which is where we play heavy in this group here. air and missile defense which this group place heavy also. and soldier locality. six priorities -- lethality. six cross functional teams have stood up for each of these plus two additional cross functional, and those will make up a part of this futures command. at a location to be determined, all right? so that's modernization. but as i just rattled off those six, what does it mean from the cybersecurity perspective for each of those six areas that are listed off course the network is the easy one but either one of those has a cybersecurity component and a cyber threat
concern. let's talk about the people a little bit. people process technologies. the army has certified 41 active-duty cyber mission forces, and we have 21 additional reserve components, cyber teams, that will be foc by 2024. so the army moved in we had to try to get atavistic we built the genes of what we found was at first because i recall some years ago trying to get how to use some of this capability and within a short period of time we found that we didn't have enough capability. i didn't know i needed that until i went shopping, so we have the good news is those 41 cbp's, what that is done for our community collectively inside the military, outside the military is raise the bar for what it means to be a cyber
professional. it really has. it really has. the training they go through, i doubt it. there's a lot of training, but just the fact we go through a very rigorous selection process negative part of this group of folks, the initial training, giving you the tools, not all the tools that we need, there's more that we would like, but at least they are given the attention of focus and now we've raised the bar from within the army. and now, now we can't get enough of them, which is great that we talked about the two lieutenants who got commissioned and the third seal talked about in terms of people is revenue army cyber commander that will be tomorrow promoted and assuming command. that's major general fogarty pick you may recall that he used to be the cyber standard of excellence commanding general and then he went to become chief of staff at cyber. now he is come back to the army to be our commanding general of army cyber tomorrow.
that is great news for us. the process, and by the way i'm about halfway done, right? they gave me ten minutes. as i said earlier, we're changing the way we view cybersecurity, cyberspace, cyberspace operations. and, in fact, when i came to the pentagon for years ago, painfully three years ago, my goodness, it was cyber what? cybersecurity. it was still -- we are still very much compliance, you know, minded. but it was about why do we have to do that? and then, and then a breach here, the breach of there. opm here. and you know what? we got this now. we know this is something we
need to work with, right? so you will see that come out in many different expressions. some are more helpful than others, but we get it now. the good news is that there is focus now. the good news is there is a tension. now, our challenge is how to focus some of this. i just talked to the justice who just went to the conference. who is in the rc conference? i went there last year. 1100, you know, of the sharpest cyber vendors. it is confusing. it's very difficult to navigate through all of that so the challenge for us in the army we see all this out there, okay, that sounds good, that sounds good, that sounds good. okay i did know i did that.
give me some of that, too. and i only have so much money. how do we prioritize what it is that we need to pursue. now we do over the past two years have developed a few requirements, a a formal proces to provide focus to us. it's awkward trying to develop a requirement for something in cyber, right? because when you develop a a requirement for future vertical lift, it sounds a lot like a helicopter, doesn't it? or long-range precision fires. okay, kind of sounds like shooting something out of a tube or something, right? but we say i need some -- we talked about this before, how much is a pound of cyber worth? i have no idea. that's the challenge to figure
out and talk to our non-cyber about what cost so much to have nice things. we are changing the culture. we are wrestling with reform, risk management framework. and so that is something that was on the compliance side. supposed to be more of a risk informed process but right now it is very much a compliance hammer over the head. we're working to try to reform that so that it is more practical for us to implement. at the same time trying to get all this not only the army priority but the department of defense. so whatever we do, how do we tie that to lethality? how do we tie that to order ships with our partner nations or whoever we partner with? and then what about reform?
how do we do things different? how do we do things better? more effective, right? so within those three things in mind. so that's process. so people, process, technology. the technology side, the army submitted a report to congress on the first of february. that talked about the armies network way ahead, and who has read that? okay, don't raise your hand. the public document, submit that the congress. that tells congress how we intend to move forward. it tells congress alone how we plan to spend the money. because we're telling this is what we are doing or how we won't spend the money.
and i say it's a good thing if you read that because if you want to know where the army is going, it's in high-level easy-to-read 20 something pages, this is what we plan to do. so that's on your reading list. the strategy we come up with, i forgot to things for you to think about. we're going to hold a few programs that are networking -- halt. we're going to fix some things to improve our fight site capability. that ties to lethality. and then were going to pivot to a new way of doing business. in a lot of different ways, and acquisition is part of that.
so that's the armies high-level strategy. now you going to repeat after me. halt. try again. halt. >> halt. >> six. >> six. >> pipit. >> pivot. >> altogether. halt, fix, pivot. now you know our strategy. the last part of the note is we up with some things for characteristics that we want to keep in mind. there's a whole bunch of them but we've been able to slip it down to four things so that -- slim -- quickly repeat and understand what those are as a go through our day. we want our network to be flat. i think you know what that means. we have a lot of disparate networks and were trying to pull together to flatten the collins, fled the network. we want to be fast, not just high data rates will want to be
able to make decisions faster. so we can have capability that informs our lives to be quick on the decision-making process on the interdependent adversaries, and that's good for us. we want to be mobile. we we're getting better at thatt we continue to need a lot of help in that area. we want to be protected. that's where cybersecurity, cyber threat intelligence comes in to play. we thought it was important enough that of the four things that we talk about, our network needs to be protected. so flat, fast, mobile, protected. we will do this again. repeat after me. flat. >> flat. >> fast. >> fast. >> mobile. >> mobile. >> protected. >> protected. altogether. flat, fast, mobile, protected. okay, good. give yourselves a hand. [applause]
so we're doing things differently. it's not just a bunch of bumper stickers although they sound pretty good to me. the last time we had a change this big was like 30 years ago. really. and that was, i don't even know, that's a long time ago. i was in the army 30 years ago but i was so new i didn't know what we were doing at the time. but that was before the internet. that was before bluetooth. that was before wi-fi, before social media. before all of that. so for the army to undertake this change is quite an exciting thing for us to be doing and it's kind of cool we are doing it at this time since we get to be involved in it. i will just give you a quick, you know, a story about this protective piece. although it doesn't quite fit, i think it highlights the fact that somehow we are all vulnerable. about a year ago i got a call from an attorney who said that a
friend of hers was thinking she was going to marry me and that she had already given me 2500 bucks. she said but i but i looked yon the internet and you looked like a nice person, you seemed like a nice person, and what it happened was this person got catfish, right? someone had made a fake book, facebook of me. they took my picture, my name. apparently i was in syria and i needed like 2500 bucks to come home. it happens. you hear about it. when it happens to you you really feel sorry for the person who gave that money up. i know a lot of folks that get fake accounts made of them and they use that to catfish, and maybe it doesn't bother you, but i felt bad so i went to facebook
and they took it down. now i check. i check every couple of weeks, because so prevalent. i was home on leave last week in california. my daughter just graduated. she works at tesla. i said let me show you what happens here. let me show you how to look. i typed my name into the facebook search line and three fake accounts came up. i've had about a dozen fake accounts over the past year, but it was interesting that right when i said look, here's how you look yourself up, three fake one schema. sent them into facebook and it took them down right away. the one that was probably the most disturbing to me was about every three or four months ago, and you can do this, you put your face into the search bar of google and it will like find images of you. well, i found that that i was on
a filipino dating site. [laughing] so that was as disturbing as the fact that it didn't have very many hits on that one. [laughing] it away, that highlights just how vulnerable we are today. when it comes to building cybersecurity into whatever capability we are building with these cross functional teams and our future networks or whatever, how can we talk about this all the time, , how do you bake cybersecurity into something, right? part of it is there is an aspect of it but there's also just an avoidance aspect of it. that's what we have to be able to take, at this point until we get better at what we're doing, at least in the army, take an appetite suppressant. because if you want bluetooth enabled xyz device or you want your wi-fi enabled, really don't need it, then maybe you don't need it.
so there's a nice to have, and i need to have. we have so many capabilities nowadays with you name it, internet, things, that we really put ourselves in a tough position to clean ourselves up later on which we are trying to do, especially the medical community. a lot of devices out there, bluetooth, wi-fi enabled et cetera, that we need to make sure we go back and lock them down. so a way to bake is also avoidance. i liken it to the rich dad poor dad book, whatever that once a few years ago, the guide ssa, if i gave you a car, get idq an asset or a liability? some might say i got an asset. but the smart guy would say, the rich rich uncle would say no, that's a liability. now i have to fuel the thing, ensure the thing, pay for maintenance and its header. if i you a really cool technical
capability, , i might have given vulnerability, right? so as we go through the department of defense and look at all of our infrastructure and our systems and all things that are maybe a legacy but we bolted things onto it, that's a cleanup job for us in iolite. i'm going to close first fight saying thank you for inviting. thank you to our house. thank you for a very attentive crowd today. partnerships are the key. we say that all the time. and how do you do it though? how do you have partnerships? one way, i think, is join us at the forward garden later on in june for cyber quest for 19. it's where we're trying capability that we haven't had before. we're trying it out on soldiers
alike brand-new to the army, like the one, d2, d3, very low to show it is usable. that's the way, get yourself to those. we ask for request for proposals or request for papers, you know, throw something at it. that's how you do it. and here's one thing we all need to be doing. i don't come from a real traditional signal background but i know a lot of folks in this community have deep intel backgrounds can what we need to be doing better is talking, use army terms, the said the folks need to be talking to the intel folks better. that is a challenge for us because we grew up in one of the two worlds. we get good at that, and then getting the hook, but the more that we talk together, the more that i think the solutions that come to us will be better for us in the end. so i ask for your continued partnership and however we do it. be nice to us, we would be nice to you, be nice to each other.
and thank you for having me here today. [applause] >> thank you so much, major general e. thank you for joining us. let's give him another round of applause. [applause] >> i am excited to introduce our next speaker. she's going to be talking about cyber threats to veterans health care. something that i know we all care a lot about, very interesting topic as well. she's a senior analyst at fireeye. please put your hands together and give a warm welcome to sarah geary. [applause] hello. i want to start by giving a big thank you to our veterans in the room today. [applause]
you have protected, fought to protect our country and our freedoms against adversaries, that deserves our deepest gratitude. and you are still in the fight. over the next few minutes i will be speaking about how adversaries are still interested in targeting veterans in cyberspace. my name is sarah geary, i'm a senior analyst in fireeye global intelligence, and that come from about a decade of government service myself. i focused mostly on cyber intelligence. it's a real honor to be here with you all today. so one of our main goals in fireeye intelligence is to know the adversary better than anyone else does. malware can change and compromise can vary intrusion by intrusion, but the adversaries themselves and their underlying motivations remain rather
constant. so that's the best way to get ahead of the threat is to focus on the threat and who is behind it. so at fireeye we have categorized four main motivations that adversaries take to motivate them to go after veterans. one is espionage, financial, ideological, and then attack or cyber physical. i will walk through each of those and specifically how they apply to veterans now. so let's start with espionage. for an intelligence agency one of their main priorities is to find out as much information as possible about foreign military, their capabilities, their people. fireeye, we've seen evidence of that within the cyber espionage space, even back to her first advanced persistent threat that we track, apt1 which we attribute to china. what we saw with apt1 is ever
interested in stealing military org charts to include the contact information, military personnel, and their roles and responsibilities. and the reason and nations it would be interested in this is to figure out who to target. what you're looking for some of the main criteria is someone who would know a lot about the military, someone who even after the military would be a natural leader in the defense or political spaces. and then someone who was well-connected and could lead them to other targets veterans that the bill and all those three criteria. if remember the opm breach and the anthem hack, both of those happened around the same time, and they are both attributable to china. it's really quite possible that china is correlating both of
those databases, going through the opm database to find military members or those who use to serve in the u.s. military, and then running those names to the medical records to find the specific in-depth personal information about those military members. that's one of the reasons that with this presentation we are focused on healthcare, is because how extensive medical records are and how sensitive the information is within them. it's perfect targeting data for a nationstate. so just hypothetically, if china were to put two and two together with those databases and then use that medical information to craft a very tailored spear phishing e-mail to go after a veteran, not many people would think twice if they saw an e-mail in their inbox that
seemed to come from their medical provider with an attachment related to the the simpsons that they've been having. who wouldn't click on the attachment and potentially enable macros and find out what the doctor is saying to them? in this hypothetical scenario that happened, their personal e-mail could be hacked, and then china would have access not just to more of their personal information but also to the contacts, many of them would be other military members and veterans as well. and china's network and understand of the u.s. military would continue to expand. so veterans have also fallen victim of cyber criminals who routinely tried to steal personally identifiable information, pii, and sell it, monetize it somehow online.
they are specifically interested in medical records given how lucrative they are and valuable when they go to resell. at fireeye we have a team of researchers that called the dark were specifically looking for these sorts of threats. picture here, , the chart on the slide is from hacker who calls himself the dark overlord and is trying to sell medical records that he claims to have obtained. that's not the only method we had seen the dark overlord employed. sometimes a steady stealing it or instead of trying to sell it he would go and contact the medical establishment and try to export them and say, if you do not pay up, i'm going to publish all this information publicly online. so that brings us to our next to motivation, ideological. now, hactivists, if you've heard the term, it is activist
hackers, as they are known to be of less sophistication than sit and nationstate advanced persistent threat, but you don't really need to be that sophisticated if the information is already free available online. so a hactivist group might be interested, especially if they are motivated by antiwar ideologies, and agenda, to take a veterans personal information, medical information, publish it online with the intent of embarrassing a veteran, or potentially trying to spin it as, well, look, what is detrimental to everyone, or however they seek to spin it. terrorists would also be interested in publicizing events, contact information, their addresses, their family members. we saw this with isis affiliated hackers in their kill list. what was even perhaps more concerning in that specific
instance was fireeye believes they got that information, didn't even need a hack. it was all available online for them. and then you got groups like cyber caliphate who, the been in the news recently. they've been texting death threats the spouses of u.s. military members. now, a couple years back fireeye had done some research into that group, and we don't believe it is a hactivist group. we also don't believe it is a terrorist group. instead, we think it is a false hactivist persona that was set up and leveraged by russian state sponsored cyber actors. these cyber actors, using this hactivist group to advance russia's political agenda at the expense of u.s. military families. lastly, we had cyber attacks. so this goes beyond publicizing
the personally identifiable information, the medical records online. this is actually involving attacking the medical devices themselves. i have some good news. there had been no attacks on medical devices to date, but, unfortunately, there are often vulnerabilities and there are many factors for such exploitation. it could just be a matter of time, unfortunately. one such factor would be the supply chain. that's a very insidious vector as well. a fireeye company was called in to do an investigation on a medical device manufacturer. and sure enough we discovered that there is apt18 on their networks, and that's a chinese advanced persistent threat. that apt18 had been on the network for 60 days before being detected. at this point in time for any
adversary, if they so desired, to suddenly manipulate the effect of the medical device. thankfully that didn't happen in this case but it just shows how such a threat could take place. but even when the devices are manufactured according to the right specifications, there could still be vulnerabilities. just last year ics cert publish some form of it was on certain brand of pacemakers and it took a while for that vulnerability to be patched. when you look at it, the patching process in itself and updates could be another way to introduce additional vulnerabilities. this example was demonstrated to us back in 2012 at a va hospital in tampa. over 100 medical devices were infected with the conflict are one and we believe that was the result of a vendor going in to update those devices with a
thumb drive that was unknowingly compromised. so just to summarize, the importance of knowing who the adversaries are, knowing what their interests are, how they might go about exploiting their targets, and accomplishing their end objective is so important. this is just a quick example of the type of strategic threat intelligence that we briefed to our customers to help them prioritize where to focus. and the last word here, i just want to speak to our veterans. you have protected us, and we want to protect you against cyber threats in the healthcare sector. so thank you. [applause] >> thank you so much, sarah. let's give her another round of
applause. [applause] >> all right. i am thrilled to introduce our closing keynote. he's going to be talking about, is government friend or foe? use of the assistant attorney general of the national security division at department of justce's. please put your hands together and give a warm welcome to john demers. [applause] >> all right, thank you, goldy. thank you to fireeye. thanks to all of you for being here today focused on this very important topic for all of us. so i'm here to talk to today -- by the way, the answer to that question is friend. [laughing] i'm here to talk to today to talk about importance of collaboration and confronting the national security cyber threat. protecting the nation from national security threat is the mission of the national security division.
although nsd was created in response to the terrorist attacks of september 11, it's mission goes well beyond terrorism. in the past years it is, increasingly to include a focus on cyber as part of the threat posed by certain foreign nations. as we do respect to terrorism, nsd drives collaboration among prosecutors, law enforcement officials, intelligence attorneys in the intelligence community to ensure that we approach the nationals could he cyber using every tool and resource available to the federal government. some of you in this room come from the private sector. companies large and small, companies that consult and provide advice, companies that make things. others come from federal, state and local governments, or from other countries. your work may be diverse but you all appreciate one thing. you know that there are countries in this world that what what you have.
they want our sensitive information, our technology, our intellectual property. and they want to destroy any competitive advantage that we may have. around the world there are people who wake up every morning thinking about how they are going to get it. and they go to bed every night all too often thinking about a job well done. one thing they are not spending a lot of time thinking about is our laws and international cyber norms. you don't have to be a defense contractor to be worried about this. recently we have prosecuted cases of folks who stole seeds of rice and kernels of corn. no one is immune. if you are in business, if you're in government, if you're in medicine, if you're an academic research, you have something of value to someone else. and to get it foreign countries will use all means, including computer intrusion.
you are not going to stop these countries on your own. no private company or institution has the resources of a determined nationstate. nor is any one part of federal government or state or local government going to stop these adversaries on its own. we will only succeed in defending the nation's firepower and the fruits of our brainpower if we are partnered together. in recent years nsd has furthered the governments efforts to deter and disrupt malicious national security cyber threats by charging hackers acting on behalf of china, russia, iran and isis. but not every cyber disruption needs to be a prosecution. in fact, just last week the department announced that it obtained a court order to disrupt a global.net.
the botnet provided this group to go to undertake all manner of malicious cyber activity. from unlawful surveillance to theft of valuable information to disruptive attacks. the department could not have begun to neutralize this threat alone. we work closely with the private sector, including private security researchers and other government parkers such as the department of homeland security. if we continue to work together, we will do much, much more. let me provide two other illustrations of the grid that can happen with the private sector and the government work together. let's take the case of yahoo!. i'm sure you are all familiar with it. yahoo! was the victim of a breach in 2013, only to to discover three years later that it'd been the victim of another breach, a more massive one, in 2014. when this information came to
light yahoo! notified the government and provided valuable assistance to the fbi fully cooperating cooperate at every stage of the investigation. as a result of this effective collaboration, yahoo! and the fbi determined that hackers working both for financial gain and on behalf of russian intelligence officers had stolen information from at least 500 million yahoo! accounts and use that stole information to update access to the contents of accounts hosted by yahoo!, google, and other providers. russian journalist, u.s. and russian government officials, private sector employees of financial transportation and of the companies had all been targeted. thanks to the close cooperation of yahoo!, google and others, doj prosecutors and the fbi were able to identify and expose the hackers without further compromising the privacy of the account holders. three of the defendants were russian nationalists residing in
russia, two federal security service agents, and a no russian hacker and fbi most wanted criminal. the fourth defendant was a 20-year-old hacker who resided in canada following the u.s. indictment, candidate captured and arrested him. he was brought to the u.s. and pleaded guilty to eight trimble counts, including conspiracy to commit computer fraud and abuse and aggravated identity theft. earlier this week he was sentenced to five years in jail. the second case demonstrates that cooperative with the government and benefiting from its knowledge and tools can help a company that has been hacked see things for what they really are. a few years ago a midwestern consumer goods company was the victim of what appears to have been a run-of-the-mill intrusion. an intruder had obtained unauthorized access to their
customer database and had obtained personally identifiable information for their customers. the companies i.t. personnel worked diligently to eject the hacker from their network but he kept coming back. eventually the hacker threatened to expose the companies customer information unless he was paid a ransom. around that time the company contacted the fbi. the fbi determined that a kosovo citizens studying computer science in malaysia was one of the hackers who had gained unauthorized access to the victims companies pii. although the hacker had a financial motive in demand ransom from the company, the customer pii he still was not destined for the black market. that data was of interest because, among the tens of thousands of customer names and e-mail accounts he stole, there were more than 1000 e-mail addresses that ended in dot gov for dot mil. ultimately, he used that information to produce a litany
of pii for approximately 1300 u.s. government civilian employees and u.s. military personnel. he provided the information to a syrian-based isis member. a few months earlier hussein acting in the name of islamic state acting division had posted a children's that purported to include the names and addressef 100 members of the u.s. military. he wanted to help them create and disseminate a second kill us. and, in fact, soon after he received the information, hussein used twitter to publish the pii of all 1300 u.s. government and military customers of the company. in his tweet he threatened quote, crusaders who are conducting a bombing campaign against the muslims. doj charged him with violations of the computer fraud and abuse act and with conspiring to provide material support to
isis. we were successful in obtaining his extradition from malaysia to the united states and he ultimately pled guilty. in september 2016 he was sentenced to 20 years in prison. he was also ordered to pay $50,000 in restitution to the company. even though the prosecution was public, the name of the company was never revealed. we are often asked why we would bring a case against foreign nationals located outside the u.s. well, for one, as those cases show, we may well get more than one of them. the u.s. government has to extradition agreements with than 100 countries, so it is not enough for those defendants to forgo a visit to disney world. for the rest of their lives they will be unable to travel to more than half the countries in the world without fear of arrest and extradition to the united states. second, the investigation and charges can assist other parts of the government in bringing
their authorities to bear. for instance, treasury's office of foreign asset controls can designate and charge individuals or entities under an executive order that authorizes blocking the property of persons engaging in significant malicious cyber enabled activities, ensuring that the perpetrators would be financially isolated from the world. when we brought charges two months ago against the founders and employees of the iranian backed the institute that hacked more than 300 american and foreign universities and government agencies and institutions around the world, treasury also designated the institute and ten iranian nationals. third, charges raise awareness. both generally and specifically to this threat. in some cases there may be additional victims that don't know they have yet been hacked. to help the private sector identified malicious activity and better protect itself, the fbi and dhs will often release
technical details to the public. fbi did that just last week when it released the public service announcement about the vpn filter. advising you to reboot your router and including signatures of the botnet malware so network defenders can again for its presence in their network. and finally, we pursue these cases to strip these hackers of the anonymity they so desire, and call them out. this prevents nationstate after some hiding behind ritualized denials and feigned ignorance. the recent indictment of the institute members and the prior indictment of the chinese pla are cases in point. so that's what is in it for the country. what is in a four year? what of the benefits of working with law enforcement before, during, and after a computer intrusion? one, we can help you understand what happened when your organization has a cyber hacked.
we can bring together human intelligence, and your information together to get a more clear picture of what happened to we can share context and information about related incidents or malware. we can ensure proper investigative preservation of evidence for later prosecution, and we can assist you in detail with regulators. at the end of the day, the government simply has more tools at its disposal to do with the problems of national security cyber intrusions. tools that, working together, we can use to respond to intrusions and deter future once. although we will always consider criminal charges, pursuing prosecution may not be the best response in all cases. accordingly, in sd attorneys work with an agency partners to determine whether our investigative information may be used to support sanctions, create pressure, technical glitch, diplomatic options or
other responses instead of or in addition to prosecutions. all of these can impose real cost on malicious activity, depriving hackers and their sponsors of the benefit of their crimes, and deterring future misbehavior. let me close on this note. everyone in this audience understands that we are in this together, and that we have an obligation to help one another. the organization the reports a cyber intrusion doesn't just help itself. it also helps other targeted companies. they may not even know they had been victims of hack, and it helps the coach if it helps other organizations by raising the awareness and sparking a check on their part for similar compromises. it also enables the government to work to disrupt and deter intrusions of these other organizations, and it helps the country by allowing the government to piece together and respond to the intentions and actions of antagonistic nations
to better defend our nation's economic and military security. it is the national security divisions job to disrupt and deter national security cyber threats. we will continue to work with other agencies to use all elements of national power to meet this ever changing and growing challenge. and to adequately protect our shared national cybersecurity against persistent attack, we will need your help as well. i look forward to working with you. thank you. [applause] .. . >> guest:
>> and on the free c-span radio app. we're live from washington d.c. where the truman project is hosting a conference called trucon 18. we expect the conference to get underway shortly. speaking will be former department undersecretary kathleen hicks. [inaudible conversations] [inaudible conversations] [inaudible conversations]
[inaudible conversations] [inaudible conversations] >> this is trucon 18, national security conference in washington d.c. which should begin soon. former administrator gina mccarthy and former undersecretary kathleen hicks. this is live coverage on c-span2. [inaudible conversations] [inaudible conversation [inaudible conversations] [inaudible conversations]