On Wednesday, Nov. 10, Fordham University hosted a webinar as part of the International Conference on Cyber Security (ICCS). The event, called “Out of the Shadows: Shining a Light on the Next Cyberthreats,” featured a panel discussion moderated by Karen J. Greenberg, director of the center on national security at Fordham Law.

Panelists included Cristin Flynn Goodwin, assistant general counsel for cybersecurity and digital trust at Microsoft; Nowell Agent, special agent of the FBI Houston Field Office; as well as Adam R. James, special agent of the FBI San Diego Field Office.
The discussion centered around Microsoft’s release of the Digital Defense Report in early October. The report includes detailed findings on Microsoft’s research and tracking of nation-state threat groups. Goodwin noted that “Microsoft spent an extraordinary amount of time studying nation-state actors so that [they] can find their tactics and techniques and block them from the rest of the world.”

A large portion of the panel focused on the necessary collaboration between the FBI and the private sector in targeting cyber threats. Agent noted that the foreign actors’ skill sets are extremely advanced.

“It’s very easy for them to get involved in cybercrime,” he said.

Agent also highlighted the crucial importance of the partnership between the FBI and private companies such as Microsoft. “We can’t do it without the private sector because there is a cyber war happening every single day, and the private sector is on the front line,” Nowell said.

Goodwin expanded upon the advantages that a private organization can bring to the table while fighting cybercrime. “Our collaboration with the FBI gives us the ability to get creative,” she said.

Goodwin suggested that the entire cyber ecosystem can be better protected with less effort if public and private organizations work together.

The panel discussion also focused on the extent to which defense against cybercrime is becoming an increasingly international conversation. James emphasized that many of the threats  American companies face also target a wide variety of companies around the globe. “There’s been an international aspect to every case I’ve worked on,” James said.

When the FBI spots a victim in a foreign country, they notify those governments and attempt to work with them, James explained.

James also noted that the FBI is able to communicate with foreign governments through legal attaché offices that provide relevant information for every country. These legal attaché offices “identify the pertinent stakeholders [and] have relationships whether [they’re in] intelligence or the private sector,” he said.

While working internationally has its advantages, these cases can also prove quite difficult, according to Agent. Agent noted that one challenge to fighting cybercrime is the speed at which foreign actors transmit data. However, he also said that the U.S. has formed prior agreements with many countries which significantly speeds up the investigation of cyberattacks.

Despite these safeguards, “there are some countries that absolutely will not participate or share information and that adds challenges to us and our private sector partners as well,” Agent said.

In order to shift the discussion, Greenberg questioned the panelists on the delay that often exists between the recognition of a foreign actor and the release of information to the public or those affected by the attack. Agent responded that although the response is often perceived to be slow, this release of information is “actually very quick once [they] identify a threat” citing the “Traffic Light Protocol System” as a large factor. “If we find something extremely dangerous or sensitive, we want to get that information out there — but not to the community at large — only to the victims [affected],” he said.

As soon as the investigation deescalates and transitions to a less sensitive state, Agent said that the information is promptly released to the public.

While companies in the private and public sector work together to combat foreign actors, Greenberg noted that fighting cybercrime is not necessarily about taking legal action. James added to this point, explaining that fewer cases result in a formal government indictment because cyber criminals are so difficult to trace, especially hackers from nations such as North Korea, Russia, China and Iran.

“We always have to be prepared that if we somehow get our hands on one of these people that we will take them to prosecution,” James said. When the government does decide to go public with a formal indictment, it is usually because the FBI holds very detailed knowledge of who the perpetrator is, what they’re targeting and who the victims are, James said.

Finally, Greenberg asked the panelists about recent cyberattacks that affected the global supply chain. Goodwin stated that countries such as Russia “have been using this philosophy where you compromise one to compromise many.” Most of these pervasive attacks come from “low hanging fruit,” like compromised basic passwords. Most of these attacks can be avoided with better cyber health practices, such as more detailed passwords and multi-factor authentication, she said.

“76% of attacks from North Korea are aimed at individuals, not enterprises,” Goodwin said.

Agent emphasized the importance that companies understand the technology they’re using and train users accordingly. “We’re still just humans, so we need to come up with technical solutions,” he said.