Cyber threats “evolving rapidly”
Over the past two years, the FBI has seen a wider-than-ever range of malicious cyber actors threatening U.S. economic and national security, and the stakes have never been higher, FBI Deputy Director Paul M. Abbate told attendees at the seventh annual Boston Conference on Cyber Security, held at Boston College on June 7.
At present, he said, the agency is investigating more than 100 different ransomware variants, each with scores of victims, that are wreaking havoc on business operations, causing devastating financial losses, and targeting everything from hospitals and emergency services to the energy sector and state and local governments.
The threats are evolving rapidly, said Abbate, who delivered the keynote address at the event, organized through a partnership between the FBI and the M.S. in Cybersecurity Policy and Governance Program at BC's Woods College of Advancing Studies. And, he said, it is becoming difficult to discern where cybercriminal activity ends and adversarial nation-state activity begins.
During his remarks, Abbate emphasized the FBI's work to address today's cyber threats, including the operation to dismantle a long-standing cyber tool known as Snake, sophisticated malware that Russia's security service had used for long-term intelligence collection on sensitive targets including journalists, research facilities, and government networks across multiple countries.
He also outlined tactics in the year-and-a-half-long campaign to disrupt the Hive ransomware group, which had been extorting from and financially devastating to victims around the globe. The operation culminated in the disruption of the Hive, which the agency announced in January.
In late March, he said, the FBI struck a serious blow to the cybercrime ecosystem with an operation targeting BreachForums, the world's biggest data leak platform. Less than two weeks later, the agency took down Genesis Market, a global criminal marketplace used to steal and sell victims' account credentials.
Though the FBI is up against a host of daunting threats and challenges, Abbate said, with successes like those, and with valuable partnerships, the outlook is positive and optimistic.
“Cybersecurity is the ultimate team sport, and we are all in this fight together to ensure that our digitally connected world is safe and secure.”
Other BCCS speakers included Joseph R. Bonavolonta, Special Agent in Charge, FBI Boston Division, and Kevin R. Powers, founding director of the Boston College's cybersecurity graduate programs.
Last year, Americans reported an unprecedented amount in financial losses—more than $10.2 billion—to cybercriminals, Bonavolonta said; in the Boston Division, victims reported losing more than $298 million.
"Today’s cyber threats emanating from criminals and our nation-state adversaries are far too dynamic, pervasive, and destructive not to stay current on those seeking to harm us by targeting our networks and critical
infrastructure," he said.
"The FBI is proud to co-host the seventh annual Boston Conference on Cyber Security in our continuous effort to build and strengthen relationships between the government, private sector, and academia. Cybersecurity is the ultimate team sport, and we are all in this fight together to ensure that our digitally connected world is safe and secure."
"Our goal in hosting this conference with the FBI is to build and strengthen these relationships, in New England and nationally," said Powers. "By bringing senior government leaders and private sector experts and practitioners to BC to discuss today’s threats and address ways in which organizations private and public, big and small, can better protect their networks, operations, and sensitive data, we’re taking the lead consistent with the Boston College’s mission to educate leaders to address the world’s most urgent problems."
Maximizing partnerships was the subject of a discussion following Abbate's address. Moderated by Powers, the panel included Daniel King, chief of Cybersecurity Region 1 (New England) for the Cybersecurity and Infrastructure Security Agency (CISA); Colonel Nathan W. Kearns of the Massachusetts Air National Guard and senior Advisor, U.S. Cyber Command; Marianne Bailey, partner, Advanced Solutions Cybersecurity Practice, Guidehouse; David D’Addio, trial attorney, U.S. Securities and Exchange Commission–Boston; and Doug Domin, Supervisory Special Agent, FBI Boston Division–Cyber Crime Program.
A cyberattack simulation followed, during which participants role-played responses to a security breach from discovery to dealing with ransomware threats to fallout and recovery. The exercise was moderated by Lisa Ropple, partner and practice leader in the Cybersecurity, Privacy & Data Protection Group of Jones Day; participants included Jennifer S. Burnside, principal lead, Crisis Communications, Mandiant Consulting (now part of Google); Mackenzie Queenin, Assistant U.S. Attorney, Securities, Financial & Cyber Fraud Unit, U.S. Attorney’s Office–Boston; Lauren Zabierek, CISA senior policy advisor; Thomas Etheridge, Chief Global Professional Services Officer, CrowdStrike; Jay Pasteris, Chief Information Officer & Chief Information Security Officer, GreenPages Technologies; Katherine Fick, Associate General Counsel, Cybersecurity, Privacy & AI, IBM; and Kaylee Cox Bankston, Partner, Data, Privacy, & Cybersecurity practice, Goodwin Simon Taylor, and CEO & Founder, HYCU, Inc. (Backed by Bain Capital Ventures).
The emphasis on collaboration that is a hallmark of the BCCS is also a key principle of Boston College's M.S. in Cybersecurity Policy and Governance Program. An approved training provider for the U.S. Department of Homeland Security’s National Initiative for Cybersecurity Careers and Studies, the program aims to prepare professionals to design, develop, and implement cybersecurity strategies that defend against and ensure recovery from cyberattacks and to bridge the communication gap between information technology security professionals and key business stakeholders.
Learn more about the program at the M.S. in Cybersecurity Policy and Governance website.
BC's Woods College also offers an undergraduate degree in cybersecurity.