The agency is trying to take a more preventive, and not a reactive, security strategy.
The Federal Bureau of Investigation wants to publicly shame cyber criminals after they’ve been caught as part of an effort to make sure malicious actors don’t count on anonymity.
“You will be identified pursued, and held to account no matter where you are in the world,” Paul Abbate, the FBI’s executive assistant director of the Criminal, Cyber, Response and Services Branch, said at a U.S. Chamber of Commerce event in Washington Wednesday.
The FBI’s cyber response team is focused on tracking down “high-level network and computer intrusion,” carried out by “state-sponsored hackers and global organized criminal syndicates,” Abbate said. Often, these malicious actors are operating from overseas, using “foreign technical infrastructure” that makes the threats especially difficult to detect.
Once those actors are identified, the FBI tries to “impose costs on them,” which might include ”economic sanctions, prison terms, or battlefield death.” It also aims to “publicly name them, shame them, and let everyone know who they are…[so they] don’t feel immune or anonymous.”
Attributing cyberattacks is even more complicated when the public and private sectors don’t share information about threats.
“A large majority” of the private sector aren’t approaching law enforcement, or the FBI, when they experience an attack, Abbate said. “We need to get to a place where it’s routine.”
Broadly, the FBI is trying to prevent more attacks instead of simply reacting once they’ve occurred. “Cyber threats are increasing in scope and scale but they’re also becoming increasingly challenging to investigate … in advance,” he said.
It’s also investing in hiring a skilled cybersecurity workforce and training its existing workforce to meet future threats, he added.