Federal Bureau of Investigation Deputy Director David L. Bowdich. (Lee Pellegrini)
The cyber threat is "wider than ever" and encompasses serious aggressors abroad, notably in China and Russia, David L. Bowdich, deputy director of the Federal Bureau of Investigation, told several hundred representatives from academia, private industry, and law enforcement assembled for the third annual Boston Conference on Cyber Security, BCCS 2019, held at Boston College on March 6.
"We’re worried about a wider-than-ever range of threat actors, from multi-national cyber syndicates to nation-state adversaries; we’re concerned about a wider-than-ever gamut of methods, from botnets to ransomware, and from spearfishing to business email compromise," Bowdich said. "We’re seeing these diverse threats in almost every company, at almost every level. The days of wondering if you’re going to be the next victim are gone. Instead, it’s a matter of when, or even how often you’ll get hit, and how bad it will be."
All companies, systems, networks, and single bits of information are targets, he said. "Every link in the chain is a potential vulnerability," including "the insider threat" organizations face from their own employees and contractors.
“No country poses a broader, more severe intelligence collection threat than China...Russia is still a serious threat, but Russia, in many respects, is fighting today's fight. China is fighting tomorrow's fight.”
The Boston Conference on Cyber Security, organized by Boston College and the FBI, is designed to seek better ways to defend against these invasive cyber threats and respond to the vulnerability of U.S. information systems. BCCS is the result of an ongoing alliance between the FBI and the Master of Science in Cybersecurity Policy and Governance degree program at BC's Woods College of Advancing Studies.
Bowdich's remarks to the capacity crowd in Gasson Hall focused on the increase in state-sponsored computer intrusion, and efforts deployed by rival nations, notably China, to weaken the U.S. "No country poses a broader, more severe intelligence collection threat than China," Bowdich said. "Nearly every FBI field office currently has economic espionage cases that lead back to China.
"China's goal is to replace the U.S. as the world's leading superpower," he said, and is using an expanding set of nontraditional methods, both lawful and unlawful, to that end.
As an example, he cited two Chinese hackers indicted in December 2018 for conspiracy to commit computer intrusions, wire fraud, and identity theft. Part of a hacking group known as APT 10, the two acted in association with the Chinese government, he said, in stealing hundreds of gigabytes of sensitive data by accessing the computer networks of more than 45 tech companies and government agencies from 2006-2018.
Russia, he said, remains a threat as well. "But Russia, in many respects, is fighting today's fight. China is fighting tomorrow's fight."
His agency's response to the burgeoning threat of cyber intrusion brings to bear the expertise and experience not just of its cyber team but also its counterintelligence, weapons of mass destruction, counterterrorism, and criminal divisions.
“Intelligence from FBI investigations is a critical piece of the puzzle for the U.S. intelligence community when determining who’s behind an attack," he said. "Just as our adversaries are using all the tools they’ve got to meet their objectives, we are, too.”
With an elite, rapid response cyber action team as well as multi-agency cyber task forces across the country and cyber attachés stationed in embassies around the world, the FBI has valuable global reach.
In January 2019, he said, as a result of a joint investigation by the FBI and IRS, in conjunction with partners in Belgium and Ukraine, and with Europol, the Department of Justice announced the seizure of the xDedic Marketplace, a website used to sell access to compromised computers worldwide, including access to personally identifiable information.
"We believe the website facilitated more than $68 million in fraud," he said; its victims "span the globe and all industries, including local, state, and federal government infrastructure; hospitals; 911 and emergency services; call centers; major metropolitan transit authorities; accounting and law firms; pension funds; and universities."
Bowdich also discussed efforts under way to safeguard the 2020 elections in the U.S., including classified workshops for state election officials, the establishment of a Foreign Influence Task Force composed of experts from across the bureau, and partnerships with other countries.
This is also an area in which cooperation between law enforcement, private industry, and other organizations is critical, he said—a theme echoed throughout the daylong event.
“Our partnership with the FBI on these annual conferences is part of our effort to build and strengthen the cybersecurity ecosystem in the Northeast...to bring together industry, academia, and government on these issues. We're taking the lead with the FBI in assembling the leaders and experts so these respective organizations can collaborate to enhance cybersecurity. ”
"Our partnership with the FBI on these annual conferences is part of our effort to build and strengthen the cybersecurity ecosystem in the Northeast," said Kevin R. Powers, founder and director of the Cybersecurity Policy and Governance Program, and an assistant professor of the practice at BC Law School and in the Carroll School of Management’s Business Law and Society program. "That's the goal: to bring together industry, academia, and government on these issues. We're taking the lead with the FBI in assembling the leaders and experts so these respective organizations can collaborate to enhance cybersecurity."
Woods College Interim Dean David M. Goodman and Joseph R. Bonavolonta, FBI special agent in charge and head of the Boston Field Office, served as conference co-chairs. Powers and FBI Special Agent Doug Domin, who oversees the Boston office’s Criminal Cyber Squad, were co-masters of ceremonies.
BCCS 2019 featured lectures and panel discussions within the disciplines of emerging technologies, operations, and enforcement, and actual cyber and national security experiences focusing on risk, compliance, policy, threat trends, preparedness, resilience, and defensive strategies. In addition to speakers from the FBI and BC Law, representatives from the following organizations, government agencies, and companies participated: FireEye, IBM Security, Ropes & Gray, Raytheon, Rapid7, Splunk, Cisco, Jones Day, Guidehouse, MITRE, State Street, Citi Group, Mintz Levin, General Electric, HYCU Inc., U.S. Steel, Draper Labs, Federal Reserve Bank, Liberty Mutual, Oracle, Dell EMC, Eversource, Orrick, Facebook, Circle, U.S. Bank, Charles River Labs, Arbella Insurance, Holland & Knight, Venable, LPL Financial, VMware, Massachusetts Public Safety, Data Protection Commission (Ireland), Bank of Montreal, Internal Revenue Service, Secret Service, the National Security Agency, and the U.S. departments of Justice, Treasury, Homeland Security, and Defense.
BC Law School's Program on Innovation and Entrepreneurship was one of 14 event sponsors.
"Combating cyber-crime is one of the FBI's top priorities because of the direct threat it poses to our national security and economy," said Bonavolonta. "The work we do wouldn’t be possible without close collaborative partnerships with the private sector."
—Patricia Delaney and Phil Gloudemans | University Communications