Sitting on the panel were Viktor Zhora, the deputy chair of the State Service of Special Communications and Information Protection of Ukraine; Andrii Sharonov, first deputy chief of the Cyber Police Department, National Police of Ukraine; Illia Vitiuk, head of the Department of Cyber and Information Security, Security Sevice of Ukraine; and Nataliia Tkachuk, head of the Department for Information Security and Cybersecurity, National Security Cyber Coordination Center.

Immediately,Tkachuk set a defiant tone toward the aggressors and a thankful tone toward the U.S., which drew applause from the audience of law enforcement, academics, and cyber professionals.

“Thank you for standing with us in this terrible, unprecedented, and unjust war… I know you have feelings about this war the same as we do,” she said without looking at notes. “This work is not only about Ukraine, this war is not only about our independence or territorial integrity. This war is about the democratic values for all the world, about human rights, about international stability and security about respect for international law. We have no chance to lose and that’s why your support is very important to us.”

Tkachuk then outlined a brief history of cyber defense in Ukraine that was in its infancy in 2015 when the Russian military used a trojan hack named BlackEnergy, which led to widespread power outages in the country. Ironically, she thanked the Russians for that early attack because it led to the nation codifying cybersecurity into laws, policies, and institutions.

“We didn’t have the political will to adopt the cybersecurity strategy. Our top officials didn’t understand what was the role of cyber in the context of national security. Then BlackEnergy happened. Well, it took a few months and the strategy was adopted,” she said. “We started to create our national cybersecurity system and the main steps we directed to legal framework, technical capacities, human resources, international operations, and, of course, public-private partnerships.”

Vitiuk concurred that 2015 was a watershed moment that put Ukraine on war footing well before the Feb. 23 invasion. He added that a sequence of BlackEnergy attacks were also felt in more than 60 countries, not only Ukraine. He said the various sectors of the government, as well as the private sector, began a series of so-called attack rehearsals which helped develop the muscle memory needed for when unprecedented cyberattacks began full force just before the military invasion.

“The main thing was communication within the country between the institutions, between the authorities, between public-private partnerships, and communication with our [international]partners that helped us create this whole system and make it work.”

Sharonov said another key turnaround was that all the sectors began to budget for cybersecurity. In addition, the team from cyber police formed their international partnerships as far back as 2012, when many officers visited the United States for months at a time to develop the skill, knowledge, and ability to fend off cyberattacks.

On Jan. 20, an urgent meeting of the national security defense council was called to develop tactical steps to prepare for imminent attacks, said Tkachuk. By Feb. 7 a 24-hour response center was set up where all the main government stakeholders were present “day and night” to begin monitoring threats. She cited the preparedness and professionalism of the national police, in particular, with helping the team to put in place the critical infrastructure necessary to protect the nation from cyberattacks on critical infrastructure which began in earnest just days before the military invasion.

“As you know, they didn’t get to do too much harm, not because the attacks were not sophisticated, but only because we were able to take the right steps in advance,” she said.

Just as Ukraine has received support in the form of military weapons over the past few months, it also has also gained a volunteer cyber army which the deputy chief said numbers around 200,000. Moderator Steve Hill, chief information security officer at Credit Suisse Bank, noted this has led to making Russia the most hacked country in the world today. Sharonov said that the national police accepted help from the volunteers to help block Russian propaganda on social media.

“Right now, we already blocked thousands of

Hill noted that officials from the NSA in the U.S. have expressed concern about such volunteers, as they are not sanctioned nor trained by an official government, regardless of how good their intentions may be.

Sharonov concurred but said Ukraine simply doesn’t have the capacity to match the Russian aggression when it comes to hackers and Zhora dismissed any notion of a moral conundrum the volunteers might present.

“I want to highlight a serious difference between offensive actions of Russians and volunteers that help Ukraine: Russia is attacking an independent country in the 21st century while Ukraine is defending ourselves,” he said.

“This is the first global cyber war and we need to be united,” Zhora said.

He added that no country in the world can protect itself alone and that cybersecurity is not just about people, processes, and technology.

“It’s about collaboration, cooperation. It’s about exchanging knowledge, information, practices, and joint exercises that can contribute to the global cybersecurity ecosystem,” he said. “We need a cyber alliance against cyber aggression, a community of states … which help each other to protect themselves … and Ukraine wants to be an active participant of this community, and I’m confident we will.”

“As a student here, we learned a lot about the right to privacy and the Fourth Amendment, and yet there is this paradox in the big city, where you are sharing so much of your space with others, but you also are still afforded anonymity,” he said during the panel event, part of the International Conference on Cyber Security held at Fordham Law and sponsored by Fordham and the FBI. “But in a smart city where there are all these sensors, is that a problem?”

Smart cities are generally defined as municipalities that use technology and data to ease movement, increase public health and safety, assist in disaster relief, and improve the environment.

As recently as just 10 years ago, the term conjured utopian dreams of environmental applications, tighter security, and swifter transportation, said Elkaim. But today the term takes on dark and sinister tones, such as surveillance and loss of freedom. As such, Elkaim’s question hit on a theme that was returned to again and again by the panel.

Better Explanation is Key

Robert W. Patterson, senior executive director for AT&T Business, Public Safety, and FirstNet, said part of the reason is that public and private sector leaders do not clearly explain the benefits of a smart city. This leads to the public believing that the data driving smart cities merely exposes them to cybersecurity breaches and more surveillance.

“The American public doesn’t necessarily understand what we do with the data or how we protect it. I think we all collectively need to do a better job of having that conversation so that people feel comfortable,” said Patterson. “Yes, you’re going to give up a little bit, but if you’re not doing anything wrong, you should feel comfortable that that [your data]is secure, and there are huge benefits to this.”

He used the example of an IoT (internet of things) device used by the oil and gas industry to turn on the gas, rather than sending out a person in a truck to turn it on.

“That’s a huge saving, but people don’t view that piece. They just think, ‘Hey, someone watched me go from the Bronx to Manhattan’—which is, quite frankly, irrelevant to 99.9% of what’s happening today.”

Tommi Laitio, the Bloomberg public innovation fellow at Johns Hopkins University, was the first executive director for culture and leisure in the city of Helsinki, Finland. He said the mayor dubbed his role the “director of fun.” He concurred with Patterson’s notion of refocusing public perception of what a smart city can be, adding that perhaps the word smart should be complemented with other words that describe the benefits of digital cities, such as “equal, creative, or fun.”

Time for Joy

“For me, a smart city should help create a place where you have more time for things that matter and less time for things that don’t matter,” he said. “The difficulty with all this marketing is that it feels like it’s not driven by the joy and pleasure in our lives.”

Matthew C. Fraser, chief technology officer and commissioner for the New York City Office of Technology and Innovation, succinctly summarized how data should be used in a smart city.

“It’s about using information to optimize interactions and move people all around cities a lot easier,” he said. “When I look at a smart city, it’s all-encompassing, around every interaction that a person has with the city.”

When the floor was opened for questions, an unconvinced member of the audience expressed a concern that government workers with access to such data might use them nefariously. Fraser responded by saying that the problem is certainly not limited to government. He said that the problem exists with any custodian of data, whether it’s in the government, private, or academic sector. He said that for New York City government workers, it means ensuring that the people using the data are using it in ways that align with their job description.

“What we start looking at there is—How do we create a baseline behavior [for that job]? What does a particular function across a particular geography look like? And what does normal look like? So, when someone deviates from that we can catch it and say, ‘This is an anomaly, let’s look at it.’ And what this all ties back to is having accountability in government, taking the responsibility to proactively audit the use of the technology tools that it has.”

In the panel “Insider Risk: Mind Games” at the 2022 International Conference on Cyber Security on July 20, four experts on managing insider risk discussed the challenges that insiders pose to organizations and how their behaviors can be recognized and managed. 

The event featured three panelists—James Dennehy, special agent in charge of the FBI’s counterintelligence and cyber division; Eric Shaw, Ph.D., a clinical psychologist and founder of a company that helps organizations manage insider risks; and Doug Thomas, head of insider threat in counterintelligence and workplace violence and a managing director at JPMorgan Chase—as well as the panel moderator, Elsine van Os, founder and CEO of an insider risk management consultancy firm in the Netherlands. 

Problems Related to the Pandemic and the Great Resignation

There are four critical issues that impact insider risk management today, said Shaw: pandemic-related stressors, social identity stress, the rise of conspiracy theories, and new policies and practices that monitor former employees.

“The [pandemic-related stressors] pull directly on all the personal predispositions we associate with insider risk, whether it’s medical/psychiatric issues, personality, social skills issues, previous violations, or susceptibility to recruitment or social network risks,” Shaw said. “In psychology, we’re saying, ‘If there was a crack [before], now there’s a crevice.’” 

Van Os said another issue that is negatively affecting insider risk management is the Great Resignation. When employees leave their prior workplace, they often take home sensitive company data, thus eroding the company’s value, she said. 

FBI Security Measures: Multilayered and Still ‘Not Enough’  

Dennehy, a special agent for the FBI, said that the insider threat protections at his job are multilayered—but they aren’t enough.

“I work for the FBI. I have access to top-secret information. I have access to all the investigations that the field office conducts. So our insider risk and insider threat program has to be pretty layered—and it is. I started a new job at the New Jersey field office on Monday, so last Friday was my last day in the New York City office. I tried to get into the New York City office today to return a car. They didn’t let me in. I said, ‘No no no, it’s Jim Dennehy!’ And they don’t care,” he said. “My access to the New York office and to all of its files was cut off immediately.”

And that’s only one security measure. Every five years, Dennehy is polygraphed to check if he is spying on the U.S. government or showing signs of becoming a terrorist, he said. He is required to disclose all of his finances to the U.S. government on an annual basis, in addition to undergoing drug tests and mental health evaluations. But that’s still not enough to protect the FBI from insider threats, he said. 

In an insider threat study conducted by the FBI a few years ago, they found that hackers steal information by using their existing or shared credentials to increase their privileges in the company system, he said. In addition, there are likely double agents within the FBI, he said. 

“There are probably Robert Hanssens that still work in the FBI. Probably—we just don’t know about it,” Dennehy said, referring to the former double agent who pled guilty to 15 counts of espionage in 2001. 

‘I Want People to Be Engaged—For Their Sake’ 

Thomas said that one of the biggest challenges in insider risk management is convincing employees and executives that this is a real problem. 

“Unless they’ve actually had it happen to them and they know about it— [and]it’s probably happened, they just don’t know about it …  then it’s hard to convince the masses and the leadership that this really is a problem. It’s not a movie, it’s not just people with clearances, it’s not people who have access to weapon systems. This actually happens for real,” Thomas said. “I want people to be engaged—engaged for their sake, the firm’s sake, their coworkers’ sake—because if these things go wrong … it’s a big deal.”

In order to counteract insider threats, companies can seek to access more personal data from their employees, said Thomas. However, he added that they have to be sensitive about not being too intrusive.

“You have to be very careful about what kind of data you’re looking for, explaining why you want that kind of data, how you’re going to use it, how you’re going to protect it, and how you’re going to protect the reputations of the people you’re looking at,” Thomas said. 

How to Protect a Company’s ‘Crown Jewels’ 

Dennehy explained how the FBI helps research institutions and businesses to manage their insider threats and protect their assets. 

“What we want to do is …identify to us what your crown jewels are. What are your most protected assets besides your people? What information do you want to protect the most? And now let’s build your program around that.” 

At the end of the panel, Dennehy applauded JPMorgan Chase, one of the biggest financial firms in the world, for developing an insider threat program. The company’s action also serves as a lesson to other organizations, he said. 

“[JPMorgan Chase] probably learned because of mistakes. And they probably learned because of feeling the pain of that information going out the door,” Dennehy said. “Undetected, [the threat actors]could’ve taken down a billion dollar firm because that information could lead to the opening of a competitor company that’s now gonna take away their market share. And that’s where CEOs, CFOs, and C-suite are going to really start listening.” 

“Geopolitics and Cyber Risk,” a discussion moderated by Joshua Larocca, managing director of the firm Stroz Feinberg, on the second day of the 2022 International Conference on Cyber Security (ICCS), brought together perspectives from England, Germany, and the United States.

Paddy McGuinness, a senior adviser at the Brunswick Group, noted that North Korea, China, Iran, and Russia are now “very capable threat actors” with the ability to harm the United States, the United Kingdom, and the European Union.

The challenge is that although the European Union works as a single entity to regulate a great deal of technology, national security is still the responsibility of each of the 27 individual nations. As such, there is a great deal of unevenness, he said.

“Europe is on a journey, and it’s conflicted. The majority of what it has done from a regulatory sense has been about competition and major American technology. It has not been about the Chinese state, and it hasn’t been around an active Russia at its back,” he said.

“It’s in movement, but if you look at the bulk of the legislative, regulatory, and practical agenda, it’s as much as about the United States as it is about China or Russia.”

Carsten Meywirth, director of the cybercrime division at Germany’s Federal Criminal Police Office, the Bundeskriminalamt, agreed with McGuinness’ assessment of the threat that the four big state actors pose. The added twist is that there are also threats from non-state actors who act on their own, he said. The underground economy that was created by them really took off in 2015, and last year, Meywith said, ransomware unleashed by hackers unaffiliated with specific countries cost German companies 24.3 billion euros.

“The criminal groups act globally, and with high performance. They’ve adapted the franchise model with the affiliate system,” he said.

“We call it ‘crime as a service.’ You can buy the infrastructure; you can rent the server and VPN services; you can buy credential services, codes, and malware. The criminals work together, and don’t have to know each other. The only thing they know about each other is a nickname.”

The panelists had some good news to report too. Asked by Larocca how European countries might strengthen each other’s defenses, McGuinness cited the public-private partnerships on the continent.

“When I go into really transnational businesses, they’ve got cyber defenses better than most European states. So that’s where you start, with firms like Deutsche Telekom. That’s quite a cyber-capable organization.”

Prashanth Mekela, deputy enterprise chief information security officer at American Family Insurance, said that at the end of the day, macro issues need to be addressed through day-to-day operations. The first hard truth that business leaders need to accept is that if a very capable state actor or committed criminal actor decides they want to break into their network, they will likely find a way.

“Most people have gravitated toward that viewpoint, because even if you put these obstacles out in front of their way and have defensive depth, there could still be an insider within your organization who can either be co-opted or recruited to steal sensitive information,” he said.

He suggested that the solution is to identify what parts of a business network absolutely needs to stay up and running. That includes things like intellectual property and business processes. The bulk of the company’s cyber defenses should then be directed in those areas.  

“It’s a never-ending situation in which you’ve got to protect the enterprise, and you’re not going to get it right all the time. You’ve got to be able to live with it. That’s why you’ve got to be prepared for things like ransomware.”

“It was during our work in this case that I saw the impressive power of likeminded individuals from public and private entities around the globe, coming together to combat these threats,” said the former special agent.

Shortly after that, in 2007, he was meeting with his Fordham mentor Professor Frank Hsu, Ph.D., Clavius Distinguished Professor of Science, and they started discussing ways to bring government, the private sector, and academia together.

“We devised a crazy idea to plan an international cybersecurity conference, a conference that would bring together the world’s best in the industry to talk about how we can all work together to combat the ever-evolving cyber threats we face every single day,” he said.

Two years later in 2009, Ferrante and Hsu had helped launch the first ICCS at Fordham.

At this year’s ICCS, Ferrante, who is now the global head of cybersecurity for FTI consulting, introduced Bryan Vorndran, assistant director of the FBI’s Cyber Division, as part of a session titled “The Morning Intelligence Briefing,” where Vorndran emphasized the importance of those partnerships to the FBI.

“We don’t do anything alone,” he said. “Any success you hear about in terms of U.S. government disruptions, international disruptions, are done as part of a partnership. That includes private sector as well.”

Vorndran highlighted two recent FBI cases that involved significant partnerships from not only government agencies but also the private sector.

The first was “Operation Shell Sweep” in 2021 where the FBI went into computers that were using Microsoft Exchange servers and had been hacked by a group called Hafnium. The hack affected tens of thousands of users. The computers had web shells—or pieces of code that allow for remote administration—installed by the hackers. The web shells “left open” a backdoor that gave the hackers access–but, Vorndran said, the FBI used those same shells to remove the malicious code.

“The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path),” an FBI release on the operation read.

Microsoft became aware of the hack in March 2021, and the FBI said in a statement that “Microsoft and other industry partners released detection tools, patches, and other information to assist victim entities in identifying and mitigating this cyber incident.” Vorndran said that the partnership between the FBI and Microsoft helped address about 93% of the impacted devices, and then the FBI worked to remove the malicious code from the remaining 7%.

The second was “Cyclops Blink,” where the FBI disrupted a Russian botnet that was infecting devices with WatchGuard and other software on them. The FBI partnered with WatchGuard which helped release detection and remediation tools the day the advisory about the botnet went out.

“Our purpose is simply this: to utilize our unique authorities—either unilaterally or with a partner—to impose maximum costs on our adversaries,” he said, noting that could mean an arrest or seizure of assets.

Vorndran highlighted the partnerships that occurred in both of these cases because initially, he said, Microsoft and WatchGuard “could not see the devices or software where there was a vulnerability at a tactical level. It took additional intelligence—in the Hafnium matter from a third party private sector—and it took FBI intelligence to inform the exact laser focus of where we needed to be.”

Partnering into the Future

Both Ferrante and Vorndran emphasized the need for partnerships as threats continue to evolve.

Vorndran said that he’s worried about the “increased precision of the adversary.” He gave the example of all of the commercial real estate companies in the U.S. using the same software. If that software is attacked, it could mean real issues for that industry.

“If they’re that precise on targeting, it could shut down the entire commercial real estate industry,” he said. “That is a huge problem for us.”

Vorndran said that they’re also paying “a lot of attention to synthetic content” or what some call “deep fakes,” which he said could have a tremendous influence on our democracy.

“There’s obviously tremendous downstream effects of deep fakes and synthetic content,” he said.

Vorndran gave the example of a recording played in court, with the attorney arguing that it is not his client on tape, but a fake. The question becomes “how do we authenticate that?” he said.

Vorndran said that they’re “putting a lot of attention into that within the community and that’s something that’s very important for us to get right.”

Having the partnerships between the public and private sector in place ahead of these attacks can help address these future problems, Ferrante said. He noted that “many conversations taking place this week will enhance all our efforts to combat these threats.”

“There are numerous challenges on the horizon, and cybersecurity issues will remain ever present,” he said. “The threat landscape is constantly evolving. A forward-thinking approach is required to keep pace.”

That was one of the takeaways of “Making Sense Out of Supply Chain Chaos,” a panel held on July 19 as part of the International Conference on Cybersecurity (ICCS 22). The conference was held at Fordham’s Lincoln Center campus and sponsored by Fordham and the FBI.

“People are aware that we were very dependent as a nation on a supply chain from a particular area of the world for electronics and medical equipment in the early part of 2020, and steps needed to be taken to remedy that,” said A. Joseph Jay III, a partner at the law firm Sheppard Mullin who represents corporations in matters before the government offices such as the U.S. Department of Justice.

“But I don’t think people were aware of just how much we were dependent upon information and communications technology to connect the supply chain. Over the last 28 months, we’ve seen an explosion in cybercrime in which foreign or domestic threat actors are disrupting the supply chain by engaging in hacks.”

The panel was moderated by CNN investigative journalist Evan Perez, and also featured Robert Costello, chief information officer at the federal Cybersecurity and Infrastructure Security Agency.

It covered many of the challenges faced by sectors that are mostly overseen by the private sector whose incentives do not always align with law enforcement. Shipping, for instance, is run by private firms, as are many aspects of port operations.

Michael W. David, Ph.D,, a professor of science and technology intelligence at the National Intelligence University, noted that 70% of the world’s container cranes that are large enough to service the biggest container ships are manufactured by a single Chinese firm.

“Most of the cranes operate on software, and the operating systems are provided by that country,” he said.

“What does that mean? That means they have cyber access to those cranes globally. They could conceivably cause something to happen in those cranes to just stop. You wouldn’t even need submarines or ships to create a blockade.”

David noted that Florida U.S. Representative Carlos Gimenez has proposed a law addressing the issue, but it’s unclear whether it will ultimately pass.

All the panelists agreed that the ransomware attack on Colonial Pipeline on May 21 was a watershed moment for cooperation between the private sector and the government. Although the company paid $4.4 million to hackers to restore its computer systems, it worked with the government to address the problem. Ultimately, the Department of Justice recovered half of the payment, and disruption of gasoline distribution to the United States was only minimal.

“When the Colonial Pipeline incident occurred, I think we saw a bit of a sea change in that model, where people understood that ‘Yes, the government can be good,’ and the government can be helpful, particularly with the speed and alacrity with which it resolved that issue,” said Jay.

“Had the pipeline company not contacted law enforcement and taken what might have been a more traditional tact, that story might have ended up very differently.”

In his keynote speech “On Transparency in the Shadowy World of Cyberattacks” at Fordham’s 2022 International Conference on Cyber Security on July 19, Walker recalled a dangerous series of cyberattacks that targeted Google more than a decade ago and the company’s major takeaways from the incident. 

In 2009, Google was the victim of a massive cyberattack called Operation Aurora. In a widespread phishing campaign, a group of hackers from China tried to steal trade secrets from more than two dozen high-profile companies, including Adobe, Morgan Stanley, and Google. The hackers breached company networks and succeeded in stealing intellectual property. 

Many companies decided not to publicize the attack, but Google chose to do the opposite—and for good reason, said Walker, who previously served as an assistant U.S. attorney in San Francisco and Washington, D.C., in addition to starting one of the first “computer crime” units in the country. 

“[When I was a federal prosecutor who specialized in technology crime], one of the big challenges we encountered was getting companies to go public or even go to the authorities … Because of that, we felt it was important to talk about the attack [at Google]—to tell the world about its impact, about the methods that the attackers were using,” Walker said. “That’s not always comfortable work. We’ve had some tough conversations with partners and our own teams about disclosing vulnerabilities. … But it’s necessary to move the industry forward and to make sure that bugs are being fixed quickly before they can be exploited.” 

One of the biggest takeaways from the incident was the necessity of transparency about their work, he said. The cybersecurity community, law enforcement, and the public need to share vulnerabilities and cyberattacks with each other in order to raise security worldwide, he said. 

The second and perhaps even more important lesson from the cyberattack was learning what worked and didn’t work in cybersecurity architecture, said Walker. It’s important to focus on the fundamentals of software security to raise general security and to not only rely on threat intelligence and security products to protect users, but to develop secure products with built-in security features, rather than “built-on.” 

“Aurora showed us and everyone in the industry that we were doing cybersecurity wrong,” Walker said. “We were building high walls to keep the bad actors out. But if they got past those walls, they got wide internal access. The attack helped us recognize that we had to double down on security by design.”

After the cyberattack, the company launched BeyondCorp, an internal initiative that pioneered the concept of Zero Trust—a security framework that has taken off across the industry, he said.

“It lets every employee work from untrusted networks without the [need for a traditional VPN],” Walker said. “They can access the most sensitive internal services and data over the Internet without sacrificing security.” 

Cyberthreats are growing stronger, but cybersecurity tools are also getting better, said Walker. He highlighted artificial intelligence, which allows experts to see threats faster and reduces human error, as well as other tools like advanced cryptography and quantum computing. 

Google has shared many of its advances with other organizations and governments—now it’s time for the cybersecurity community as a whole to get better at sharing its knowledge across the national security community, academia, and Silicon Valley, he said. 

“It’s not a time for holding successful techniques to ourselves,” Walker said. “Cybersecurity is a team sport.”

The three pegged their conversation to the 2014 cyberattack on Sony Pictures that divulged thousands of employee emails and personal information along with copies of yet-to-be-released films. Kachhia-Patel referred to the event as a “catastrophic intrusion” that caught everyone, regardless of their sector, off guard.

“It was a real watershed moment, not only for the [entertainment]industry, but for the government and their response as well,” said Kacchia-Patel.

While at CBS, Nuñez said that it took a while for him and his colleagues to fully understand the impact of the hack, which would go on to have a ripple effect for years to come.

“There was a certain level of knowledge and sophistication about these issues, but the [Sony incident] certainly raised awareness.”

He said that CBS executives responded to the hack by creating a corporate culture where cybersecurity was no longer an afterthought.

“It wasn’t relegated to, ‘Oh, this is an IT issue,’ or ‘How good is our firewall?’” recalled Nuñez.

Kaccia-Patel said the event also became a teachable moment that underscored the importance of developing a strong relationship between corporate leadership and their local FBI field offices. He noted that executives at Sony knew who to call at the FBI’s Los Angeles field office and agents were on the scene just hours after the attack. He added that the FBI relationship should also be buttressed with that of a private security firm to help companies get back onto their feet in a timely manner. The government’s approach is also multipronged, he said.

“The bureau is out in front, but we’re also bringing other government resources to the table as well, such as the NHS and the NSA,” he said.

Nuñez said that the era of the Sony attack continues to reverberate, including in the recent transition to working from home during the pandemic.

“We were going from 20,000 employees who were mostly in an office environment to 20,000 remote locations,” he said. “It wasn’t just an issue of is the system going to work where everyone can have access to it, but also are the security protocols going to be good enough.”

He added that cybersecurity is far from being an afterthought in the C-Suite, it’s also part of the board’s fiduciary responsibility.

“Obviously, there is a constant focus now, and there’s no perfect way to protect yourself, but I think such awareness needs to be an ongoing,”

“At the Justice Department, keeping the American people safe from all threats, foreign and domestic, is an essential part of our mission. It’s in fact, the core of that mission,” she said. And confronting cyberthreats, she said, is a critical component of that work.

To that end, Monaco announced that the U.S. recently seized approximately $500,000 in ransom payments demanded by North Korean state-sponsored cyber attackers via ransomware known as Maui. The funds were returned to a medical center in Kansas that was attacked with the ransomware, which targeted U.S. medical facilities and other public health sector organizations. A medical provider in Colorado was able to recover funds as well. From their investigation, they were able to release a cybersecurity advisory to “empower network defenders everywhere.”

The victim-centered approach, she said, “uses all the tools we have at our disposal and focuses on the reporting we received from private sector companies to maximize our ability to take down bad actors and importantly, to prevent the next victim.”

The deputy attorney general, a veteran of ICCS, last spoke at the conference in 2016 when she was assistant for homeland security and counterterrorism under President Barack Obama. Since that time, she said, the challenges of cybersecurity have evolved to a point where “malicious actors [are]becoming more aggressive, more sophisticated, and more belligerent and brazen.”

Cooperation Leads to Justice

Monaco said that the North Korean action represents a line that has become blurred between state sponsored actors and criminal groups.

She stressed that the investigation was a success because the hospital reported the attack early and cooperated with the bureau.

“The hospital’s leadership paid the ransom, but they also notified the FBI, which was the right thing to do for themselves and for future victims,” she said.

The FBI and the justice department prosecutors immediately got to work on what was then a never-before-seen ransomware variant, she said.  The team traced the laundered crypto payments through the blockchain allowing them to return the stolen funds to the victims.

Another example of this cooperation at work, she said, was when the FBI and Justice Department prosecutors disrupted a global botnet known as Cyclops Blink—which was under the control of the GRU, Russia’s military intelligence agency.

They were able to disable the GRU’s control over victim devices before they could be used to initiate an attack, she said, by working closely with WatchGuard, the manufacturer of the network devices targeted by the malware, and drawing on their own cyber talent.

Monaco said the department is “increasingly using our law enforcement tools in new and innovative ways.”

“Last year, we used our civil and criminal forfeiture authorities to turn the tables on ransomware attackers and to follow the money and seize back a significant portion of the proceeds from the ransom paid to DarkSide, the group that attacked the Colonial Pipeline, disrupting fuel transport on the east coast last summer,” she said, adding that details on other successes, as well as challenges, could be found in a comprehensive review that was released today by the Justice Department.

A Modern Yet Ancient Threat—With More Sophisticated Enemies

In an opening statement, Tania Tetlow, president of Fordham—herself a former federal prosecutor—underscored the importance of sharing information between sectors of government, academia, and private industry. She noted that while such threats may seem “supremely modern,” similar threats can be found in the nation’s history. She pointed out that President Thomas Jefferson faced similar extortion threats from pirates in the First Barbary War.

“That is what we face today with an enemy ever more elusive, ever more difficult, and the only way we do it is to do what you are here doing today, which is to come together, from around the world, to partner across sectors, [including]law enforcement and national security, higher education, and industry,” said Tetlow. 

Blending Knowledge

Indeed, in his opening remarks and on a panel discussion he moderated later, Fordham Trustee and former FBI agent Ed Stroz also stressed the importance of pan-sector cooperation.

“Whether you’re from the private sector, academia, law enforcement—these conversations are crucial to reaching a level of cybersecurity that we need in order to function today [and]these conversations only happen when each of you are at the table,” said Stroz, a 1979 graduate of the Gabelli School who helped found the event and chaired the planning committee for this year’s conference.

Stroz noted that the conference, which began in 2009, has grown to become one of the premier events of its kind in part because of its blended approach. In addition to spawning Fordham’s Center for Cybersecurity, which sponsors master’s degrees and an undergraduate minor, this year’s event also offered continuing education credits.

“This is some of the most valuable content for everybody who is in business and working in any institutional context so they can get to know what the risks are and how to manage those risks,” he said. “You can’t eliminate them, but you can manage them.”

“I think we’re concerned about the same usual suspects in terms of nation states—Russia, Iran, China, each in their own way,” Wray said.

He recalled something another FBI official recently said: “The Russians are trying to get us to tear ourselves apart, the Chinese are trying to manage our decline, and the Iranians are trying to get us to get out of their way.”

“And we’re not going to do any of the above,” Wray said.

The pair described their agencies’ work to address these challenges at a fireside chat at the ninth International Conference on Cyber Security, held at Fordham on July 19.

Nakasone called 2020 “the pivotal year for the nation in cyberspace,” and said it taught him and his agency lessons that they’re applying today.

“We ended 2020 with SolarWinds [a cyberattack], and then we begin 2021 with a number of different instances,” he said, citing the Colonial Pipeline ransomware attack and others. “I know that informed me to think differently about what I should be expecting in the fall of 2022 … I’m thinking about traditional adversaries, I’m thinking about additional tradecraft, I’m thinking about new and unique ways that an adversary might try to disrupt or try to influence our elections.”

Even with Russia’s invasion into Ukraine and efforts there, Wray said they’re still expecting Russia to try and interfere in U.S. elections, and they’re working to prepare for it.

“I’m quite confident the Russians can walk and chew gum,” he said. “We are prepared and postured to counter both.”

He also noted that while some countries, like North Korea, have similar methods to the Russians, they are “differently situated.”

“North Korea, in many ways, is a cyber criminal syndicate posing as a nation state,” he said.

New and Evolving Threats

Wray said the agencies need to be prepared for “hybrid threats,” or those that start online and move into the physical world. He gave the example of how in the lead-up to the U.S. 2020 presidential election, two Iranian nationals led a campaign that aimed to “intimidate and influence American voters.”

The two individuals started by obtaining U.S. voter information from a state election website, before they sent emails where they pretended to be part of “a group of Proud Boys volunteers,” and created a video filled with disinformation, according to an FBI release.

“There was a little bit of hacking, but the disinformation layer that they built on top of that magnified potentially the risk of what would be relatively modest hacking,” he said.

Wray also cited Chinese multi-pronged attempts to interfere with a New York congressional candidate, Yan Xiong, who had previously participated in the Tiananmen Square protests before he became a naturalized U.S. citizen.

“We recently announced charges here in New York involving the [People’s Republic of China]’s efforts to detail a congressional candidate that started with, first, [them trying to]see if they could dig up dirt to prevent the candidate from being elected, and then if that didn’t work maybe manufacture dirt about the candidate, and when that didn’t work, [thinking]maybe we can have this candidate suffer ‘an accident,’” Wray said.

Wray said stopping these types of operations requires a mix of public exposure and law enforcement efforts.

“Most of these operations—if you think of them as influence operations—exposing them is a significant antidote to them,” Wray said. “But we also need some other kinds of disruption operations—arrests….sanctions.”

Dealing with Challenges at Home and Abroad

Wray said that the FBI focused on three main things related to election security: dealing with “foreign, malicious actors” pushing out fake information; investigating malicious cyber actors, both foreign and domestic, who target election infrastructure; and prosecuting federal election crimes ranging from campaign finance violations to voter fraud to violence.

“I think the first thing people need to be clear is we’re not the truth police,” he said. Their role is “targeting foreign and domestic malicious actors,” he said, and investigating federal election crimes and threats of violence.

He noted that violence, in any form, would be something the FBI would take action against, particularly the “alarming rise” of threats of violence against election workers.

“The idea that they would become targets of threats of violence is totally unacceptable,” he said.

Wray said that the attacks on the Capitol on January 6, 2021, were “a manifestation of another phenomenon, which is deeply troubling.”

“There are way too many people, in this country and to some extent, other countries, who are choosing to manifest their ideological, political, or social views through violence … in the case of January 6, [it was]that plus an effort to interfere with one of our most sacred constitutional processes,” he said. “There is a right way and a wrong way to express your views under our First Amendment, and violence and destruction of property, violence against law enforcement, that’s not okay. That is not First Amendment activity.”

Partnering with Each Other and the Public

He encouraged members of the public to play their role in helping protect the sacredness of elections.

“The best defense against malicious, foreign interference, all the way to something like a January 6th, is an enlightened, thoughtful public,” he said.

Working with the private sector, academic institutions, and members of the general public, in addition to collaborating with each other, are essential for both agencies, the directors said.

“What I learned in 2020 was the power of being able to engage with academic institutions and the private sector, with people that actually have this expertise that are looking at either ransomware or influence operations,” Nakasone said. “We bring the foreign insights of what the adversary is doing, the tradecraft, the techniques that they’re utilizing outside the United States.”

Wray said that today, all of the FBI field offices have “private sector coordinators” who lead their partnerships with local organizations and institutions.

Nakasone said that these kinds of relationships are not just beneficial for agencies like the FBI and NSA, they’re beneficial to members of those organizations too.

“It’s our insights on foreign intelligence—that’s something that the private sector just relishes,” he said. “The second thing is talent. When you’re on the other end of the line, you’re talking to an analyst from the U.S. Cyber Command and the National Security Agency. You’re talking to someone that is incredibly talented in terms of what they’re seeing, what they understand, the perspective of what they bring.”