Identity crisis: FBI plays catch-up as cyberthreats escalate

[coderman at protonmail.com (coderman)]

https://news.yahoo.com/identity-crisis-fbi-plays-catch-up-as-cyber-threats-escalate-090000203.html

[Jenna McLaughlin](https://www.yahoo.com/author/jenna-mclaughlin)
National Security and Investigations Reporter
,
[Yahoo News](https://www.yahoo.com/news/)â?¢May 15, 2019

[Photo illustration: Yahoo News; photos: AP, Getty Images (4).]
Photo illustration: Yahoo News; photos: AP, Getty Images (4).

In the spring of 2017, the Federal Bureau of Investigation was on the cusp of a dramatic overhaul of the agencyâ??s cyber capabilities. The FBI was wrapping up an agency-wide survey, and one option on the table included getting rid of the bureauâ??s central cyber division altogether and dispersing digital experts throughout its 56 regional offices.

But just days before FBI officials were scheduled to brief the director on the results of the survey, according to a bureau official working there at the time, President Trump fired James Comey, the bureauâ??s head.

Comey, who says he was fired after refusing to pledge loyalty to the president, recalled that episode at a [recent conference](https://podcasts.apple.com/us/podcast/bonus-edition-james-comey-at-verify-2019/id498897343?i=1000434704652) in Washington. â??I failed to push us to the decision point of how do we want to deploy against this threat aggressively enough,â?? he said. â??Should we have a cyber division or blow it up?â??

He never got the opportunity to make that decision, however. Chris Wray, the current FBI director, â??is wrestling with that now,â?? Comey said.

According to Tonya Ugoretz, the deputy assistant director of the bureauâ??s cyber division, her office isnâ??t going anywhere. â??There are no plans to not have a cyber division,â?? she told Yahoo News during an interview. The division â??is the locus of all our intrusion investigations, whether thatâ??s nation state or criminal.â??

Regardless of the structure, the bureauâ??s top officials recognize a paradigm shift.

In the United States, digital criminals using everything from weaponized botnets to ransomware are attacking private industry and the government on a daily basis, increasing the demand for experts with skills in cybersecurity, intelligence and law enforcement. So, after nearly two decades of focusing on terrorism and intelligence, the FBI is in the midst of an even more intensive shift toward cyber.

While the bureau has a history of being run by agents with guns, more funding and priority is now being funneled into behind-the-scenes digital experts who can watch network traffic and unravel digital trails back to hackers, and who can explain online activity to judges and secure subpoenas for tech companies. The Department of Justice [budget request to Congress for 2019](https://www.justice.gov/jmd/page/file/1034366/download) asks for $370 million to fund the FBIâ??s cyber investigations and related work.

Now â??every field office has a cyber squadâ?? modeled after lessons learned fighting terrorism, said Ugoretz, speaking earlier this year at a conference in Sea Island, Ga. Some field offices are being assigned as leads for specific attacks or threat actors, she said. There is also a rapid response team that can be deployed out of headquarters in Washington at a momentâ??s notice.

Yet even as the FBIâ??s need for cyber experts is increasing, its ability to retain agents and employees with the needed technical expertise is under threat. According to interviews with over a dozen former FBI cyber employees as well as other national security experts, a cyber â??brain drainâ?? is taking place at the bureau that could hamper its ability to stem the constant flow of digital threats.

The FBIâ??s loss comes at a critical time. With the 2020 presidential elections approaching, and concerns about foreign interference as well as theft of trade secrets and intellectual property, the need for cyber experts is likely to increase. â??Make no mistake, the threat just keeps escalating,â?? Wray, the current FBI director, told a Senate panel this week, â??and weâ??re going to have to up our game to stay ahead of it.â??

That means more than just focusing on Russian influence campaigns. On Tuesday, Florida Gov. Ron DeSantis announced the FBI has briefed him on 2016 Russian hacks of two county election systems in the state.

â??Certainly we expect our adversaries will not only continue to evolve technologically, but theyâ??re also always learning from each other,â?? Ugoretz told Yahoo News. â??Much of the conversation from 2016 and 2018 was about Russian efforts to influence the election. But weâ??re focused on all threats, whether itâ??s influence or interference in election infrastructure.â??

Some of the FBIâ??s first forays into the digital world came in the 1990s, when computer crimes started to come under the agencyâ??s purview. In the early days, a large percentage of those cases involved tracking child pornography, like the â??Operation Innocent Imagesâ?? case in 1993 that [revealed](https://www.fbi.gov/history/famous-cases/operation-innocent-images) an online network of child predators based off a search for a missing boy in Brentwood, Md. By 2007, according to the FBI, the bureau opened more than 20,000 similar cases.

[Stacey Bradley]
FBI supervisory special agent Stacey Bradley. (Photo: Matt Houston/AP)

In 1994, the bureau caught a glimpse of what has today become common: international adversaries committing crimes online. After multiple large banks noticed $400,000 was missing from their coffers, the FBI [was ultimately led](https://www.fbi.gov/news/stories/a-byte-out-of-history-10-million-hack) to a ring of criminal hackers led by a man in St. Petersburg, Russia. Bigger cases followed, like the FBIâ??s Moonlight Maze, a sophisticated, ongoing digital campaign to steal military technologies that was ultimately linked back to Moscow.

Tim Gallagher, managing director in the business intelligence and investigations practice at Kroll, a division of global advisory firm Duff & Phelps, first got into the cyber field at the FBI in the late 1990s, working on criminal intrusion cases in a small field office in Ohio. There, he attended one of the first meetings of a task force called [InfraGard](https://www.infragard.org/) focused on working with the private sector to protect infrastructure in Cleveland.