National Security Cyber Threats

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
apologize are we ready okay welcome everyone thanks for coming um nation states and their proxies increasingly use cyber means to threaten our institutions including stealing technology and trade secrets and personal secrets engaging in covert influence campaigns and disrupting critical infrastructure the department of Justice's National Security division is charged with countering this threat among its other tasks uh today Hoover institutions uh National Security and Technology Group is pleased to host Matthew Olson who is the Assistant Attorney General in charge of the National Security division Matt has was there at the beginning in the National Security division when it was founded in 2006. he's been in the Department of Justice research for 18 years he was the head of the counter terrorism Center he was the general counsel of the NSA and now he's running uh NSD so Matt we're really pleased and honored that you're here to speak on this topic and we look forward to it thank you uh thank you so much Jack uh I appreciate that introduction and I have been doing this for a while you reminded me that I'm old um but uh I want to thank you and and thank Hoover Uh for hosting this discussion uh about the nascari uh cyber threats we face and how we're responding to those threats um I've been in the justice department for a long time uh in various stints but I've been in this job uh as the Assistant Attorney General for now security for about a year and a half and I have to say it's just about every day um I sit with the attorney general and the FBI director and we get the morning threat briefing including the presidential Daily Brief and it's a daily uh the case that every day pretty much um and certainly every week the intelligence reporting that we're getting is detailing the the really astonishing pace the scale and the sophistication of the Cyber threats that we're facing facing from nation states uh here in the United States um just to touch on that threat landscape for a moment what we're seeing is that our adversaries hostile nation states are accelerating over time they've accelerated their use of cyber-enabled means to carry out a range of threatening activity um and that range of activity includes stealing sensitive Technologies Trade Secrets intellectual property personally identifiable information for Americans exerting malign influence and exporting repression into the United States and then third holding our critical infrastructure at risk to both disruptive and destructive types of attacks but you actually don't need to have access to the classified intelligence to understand where I'll probably what we're up against we can read that in the newspaper and it's from the standard list of countries that we're concerned about China Russia Iran North Korea and let me just take a few examples uh or Snippets from the public in intelligence community's annual threat assessment every year they do this annual threat assessment publicly and and this year again just to take a few Snippets um China has compromised our telecommunications firms China conducts cyber intrusion targeting uh journalists and dissidents in order to suppress the free flow of information and the PRC is capable of launching cyber attacks that could disrupt U.S critical infrastructure Russia Russia is bolstering its ability to compromise critical infrastructure such as industrial control systems and that's really in part to demonstrate its ability to inflict damage during a crisis Iran continues to be an aggressive cyber actor taking advantage of the inherently asymmetric nature of cyber attacks and then North Korea has turned to illicit cyber activities to steal the funds and Technical knowledge that it needs to support its military aspirations and its wmd programs so our adversaries beyond that also in Peril the United States by acting as safe havens for cyber criminals who carry out ransomware attacks and digital extortion for personal profit and so that's just what the intelligence Community has said publicly about what we're up against and of course it's not a pretty picture um so the good news is uh and there is good news here the good news is that our response to nation-state cyber threats has gotten dramatically more effective in recent years um and we're putting some hard-earned lessons into practice uh one lesson as you all know that we've learned from the counterterrorism fight after 9 11 is the importance of ensuring that agencies like the FBI DHS the intelligence Community the Department of Defense are working as one team sharing information and deploying our authorities in a coordinated fashion we're also coordinating government actions with foreign governments and the private sector as well to empower technical operations and also to take advantage of our sanctions authorities and other types of Remedies and to join in diplomatic efforts along with other like-minded countries another lesson that we're applying is that effectively combating nation-state cyber threats requires that we Shore up our private sector cyber security the vast majority of the critical critical infrastructure in this country over 90 percent is in the hands of the private sector not the public sector really distinguishing cyber security from counterterrorism for example um and we're the the private sector has shored up its its abilities over the past its cyber capabilities over the past several years making us collectively less vulnerable um again as many of you know in just this past March the White House released the national cyber security strategy in order to drive a quote more intentional more coordinated and more well-resourced approach to cyber defense um so at the Department of Justice we are putting that Vision into practice and I emphasized the word practice uh federal law enforcement and the Department of Justice we wield some of the most powerful tools in the federal government's Arsenal and in recent years we've achieved some significant successes in deploying those tools and now we need to build on those successes um so let me talk a little bit about the Playbook as I see it for the Department of Justice so first as you would expect we're prosecutors so we enforce the U.S criminal law investigating and Prosecuting individuals for illegal cyber activity that imposes costs on them and it imposes uh or hopefully creates deterrence more broadly and let me just give you a few examples of that type of work the prosecution the bread and butter of our work in the nascaria division over the past year we recently charged three Iranians with conducting a ransomware campaign that targeted hospitals local governments and organizations all over the world we secured a 20-year prison sentence for an individual who leveraged teams of hackers and insiders in a multi-faceted Espionage campaign on behalf of the PRC PRC intelligence the campaign targeted both American and European Aviation companies um that person as I mentioned received a 20-year sentences currently serving that sentence another example shortly after the Russian invasion of Ukraine just over a year ago we unsealed indictments that had previously been filed and we unsealed those indictments that then publicly demonstrated that we had evidence at two different sets of state-sponsored Russian actors associated with Russian intelligence had compromised devices at hundreds of critical infrastructure providers around the world and they had deployed malware that was designed to enable physical damage in the future so we are holding individuals accountable we're imposing consequences using our indictments to inform the public about the nature of the threats we face and our adversaries as well are informed that their actions are not as deniable as they might like to think so that's one second um we're also being proactive using the full range of our authorities to disrupt National Security cyber threats before a significant intrusion or attack can occur and and I that this has been a big focus of us of our of our team more recently and it includes in particular the Innovative use of our legal tools Beyond criminal charges let me give you a couple examples here just last month uh the justice department on the FBI conducted what we called operation Medusa this was a technical operation to dismantle and effectively take out this quote unquote snake malware which was at the time one of Russia's the Russian government's most sophisticated and effective computer intrusion tools the FSB Russian intelligence had used versions of this snake malware for really almost 20 years to steal sensitive information and documents from hundreds of computer systems in at least 50 countries around the world including some NATO governments and through the Innovative use of our rule 41 search and seizure Authority as well as through our collaboration with private sector partners and a number of foreign governments we were able to basically disable the snake malware which had been as I mentioned one of fsb's most sensitive and complex Espionage tools and then last year uh in a separate example we conducted a court approved operation to dismantle another Russian intelligence uh tool it was a GRU botnet that relied on a compromised firewall Appliance we worked with the company that manufactured those devices and the FBI developed a court authorized technical solution that basically deleted the gru malware and then took steps to close the vulnerability in those compromised devices third we've also used our cryptocurrency tracing abilities and our seizure authorities to prevent over a hundred million dollars in ill-gotten gains from ever being used by North Korea to support its ballistic missile programs um those efforts focused both on the hackers who have stolen hundreds of millions of dollars of cryptocurrency as well as it workers use online platforms to earn illegal revenue and by coordinating the asset freezers freezes and the sanctions we're able to stop the dprk from accessing a huge portion of those illicit gains um and then a final area I touch on is just that we coordinate our efforts with interagency partners and foreign governments as well as the private sector to use the full force of these tools as well as technical operations sanctions trade remedies and diplomatic efforts um for example in the Iranian example I just mentioned we enhance the impact of those public indictments by working with the treasury Department to impose sanctions that connected the defendants in those cases with the Iranian revolutionary guard Corps and of course intelligence plays a key role here we we share targeted threat intelligence that we gather as a result of these investigations and a really good example of this that was recently Declassified is that following the colonial pipeline attack we're able to acquire information this is information that we acquired using section 702 of fisa and that information verified the identity of the hacker and it enabled the government then to require acquire recover a majority of the ransom so our commitment to combating these threats using every tool we've got I think is making an impact um and I think that's why we're being more effective we're making it harder for hostile Nations to maneuver and recruit by imposing accountability we're denying our adversaries access to technical infrastructure and cutting off their funding we're disrupting the criminal ecosystem by making cyber crime and ransomware uh higher risk and less lucrative we're helping the private sector defend itself with key intelligence and threat information and then we're marshalling the efforts of like-minded Nations around the world on both law enforcement and diplomatic fronts so as determined as our adversaries might be in escalating their Brazen attacks they are learning that we are even more determined to protect the United States um so since we first charged five members of the pla in 2014 the now security division which I lead has been at the front of the effort to uh to take on this challenge with just a handful of dedicated cyber prosecutors really operating on uh caffeine and grit and a shoestring budget and none of these cases that I mentioned would be possible without that effort along with the critically important efforts of our partners in the U.S attorney's offices around the country who have proven to be incredibly enterprising uh and and our work with them so I'm proud of that work I'm proud of the work that's being done in NSD and the U.S attorney's offices of the FBI and across the Department of Justice the cases I just discussed a few minutes ago they're they're not easy cases these are hard cases they're fast-paced they span International boundaries they sometimes involve often involve classified data or often highly technical data and they demand Innovative legal approaches um so these are actions that require time attention expertise so now now because of that and because of our recognizing that we are aggressively growing our national security cyber program so today I am announcing uh that we are establishing a new National Security cyber section netsec cyber for short within the National Security Division and this new full litigating section which now has the approval of Congress will place our work on Cyber threats on equal footing with our other NSD components the kind of terrorism section and the Counter Intelligence and Export control section the new section will allow NSD to increase the scale and speed of our disruption campaigns and prosecutions of nation state cyber threats um as well as state-sponsored cyber criminals money launderers often associated with them and other cyber-enabled threats to National Security um netsex cyber will give us the horsepower and organizational structure we need to carry out key roles of the department in this area this new section will have prosecutors who will be positioned to act quickly as soon as the FBI or an IC partner identifies a cyber-enabled threat and we will be in a position to support investigations and disruptions and this is really important from the very earliest stages um and in order to more closely integrate with the FBI cyber division natsex cyber will mirror the structure of the FBI and its cyber division organizing our leadership by geographical threat actor having prosecutors that are fully dedicated in National Security cyber cases will deepen our expertise and it will able enable us to better collaborate with our key partners and that includes in particular uh the criminal divisions uh computer crimes and intellectual property section um then the new section that we're announcing today will also serve as a a really important resource for prosecutors in U.S attorney's offices around the country as I mentioned these offices uh the U.S attorney's offices 94 of them around the country uh represent the tip of the spear in confronting many of the threats that occur in their districts and responding to highly technical cyber threats often requires significant time and resources and that's not always possible within the demands of these individual U.S attorneys offices so my goal for the netsex Cyber section will be to serve as something of an incubator where we're able to invest the time and energy early in these cases to ensure that they're properly handled um and then the section will also allow the prosecutors this is really important as well to work with our colleagues around the federal government who are focused on the policy process in particular that that policy process that's led by the National Security Council um so in conclusion the bottom line uh cyber security is a national security matter our cyber adversaries are Innovative and constantly adjusting their tactics to hide from our investigators and overcome our Network Defenders so the National Security division is committed to matching our adversaries by adapting our tactics and our organization as I've announced today to bring all of our tools and authorities and expertise to this fight so thanks I look forward to my conversation with you Jack and to answering your questions questions [Music] okay let me know if this is not picking up okay so I neglected to say that I am Jack Goldsmith I'm a professor at Harvard Law School and a senior fellow at the Hoover institution that's why I'm here today I know a little bit about National Security and cyber and so I'm going to ask you some questions starting Matt with what you just announced and then working out to some broader policy questions for the National Security division so I guess the first question is why now for this new section you talked about it I mean you talked about the successes you've been having and you talked about there being an incubator role right and and so could you just say more about that why do you need this new section now and it's a significant change in the bureaucracy I take it it's you're elevating it to the other the level of the other sections yeah you know so as you said Jackie you know you've downplayed your own background here but you're in you've served in the Department of Justice and have been a leader in that security and uh probably I don't know a week and you're in the Justice Department 20 years ago or so um but there really wasn't uh an effort around cyber security and cyber prosecutions and and we didn't have the same threat for sure but it was it was emerging and so I think now why the answer to the question why now is um is threat based um we're responding to the nature of the threats that we Face uh from the the countries that I discussed and what we've seen what I've seen in my time in the in the Justified as I returned a year and a half ago is that um we are in in our security division we're sort of fighting above our weight class we're having an impact but we're doing so with with a just a small handful of prosecutors and we need to take advantage of some of the expertise that we've developed and some of the efforts that we've you know proven to have been effective over the past few years and now just protect those resources and increase them um so there's just a it's really a it's a it's a recognition that in order to be effective we need to play a more significant we'll do that through more resources and you said so more resources you said that um previously the attorneys that were doing this were kind of in an informal way operating on a shoestring budget you called it yeah so what about now but do you still have that shoestring budget or do you have the resources you need to make this happen we're doing this out of hide now for sure we've got and we're adding prosecutors to this new section um and we're going to continue to do that over time but there's a I think rightly the the federal government is investing more and more in cyber security we see this with cisad DHS we see this with cyber command and NSA um and and at FBI and I think it's incumbent on us within the justice department to kind of keep up with the with the investment that our partners are making in cyber security again this is a just like in CT it's a big team sport um different counterterrorism counterterrorism I said CT right just like in counterterrorism it's a team sport and we need to understand their different authorities that are brought to bear by these different organizations like cyber command and FBI and and sister within the Department of Homeland Security but now we need to to make the same level of investment with within the justice department okay and you describe this new section as having it would be a full litigating section and you talked briefly about your relationship to the criminal divisions computer crime and intellectual property section and to us attorneys but could you flesh that out this is a full litigating section how does it relate to those other two groups of lawyers so this is uh this is internal doj right but it's really important to understand that the the the Criminal Division has a section that's been around for a long time focused on cyber crime and intellectual property that does amazing work and and has uh and has built out a level of expertise on cyber crime focused on criminal activity in in in involving cyber intrusions and and similar type of malicious cyber activity and they're our close partner um and then with within the U.S attorney's offices around the country particularly some offices have developed more expertise than others over time as you'd expect but they are often the ones who are in court on a daily basis right they bring these cases in court so our role in The National security vision is to collaborate closely with the Criminal Division understanding at certain times that at the early stages of a case might not know if it's a criminal case or national security case and so we work hand in hand with them as we coordinate and deconflict and then early on in a case we may be the ones in the NASCAR division to issue initial issue the first set of process you know subpoenas or use grand jury tools to understand the nature of the threat before we may even know which U.S attorney's office is going to work on it and so we're often that's why I use the word incubating we're early on in the case developing the investigation getting it started and then we make a decision okay this case belongs here or there and we and we partner with the U.S attorneys okay and you this is my last bureaucratic question and then we'll get to the more interesting policy questions um I think you said that the new section will mirror the FBI I don't know what that means can you explain that yeah sure that I mean part of the goal here is to the FBI has been uh increasingly effective and they've got a really strong cyber team um they've got a cyber division um that's organic organized geographically so they they understand where the threat actors are and the threat actors use different types of tools and malware that associated with those actors right and when it comes to nation state we know for example the types of tools that we associate with the PRC or Russia or Iran or North Korea so we're going to organize at a leadership level at least initially um our uh natsex cyber section to correspond to directly to the how the FBI's cyber division is set up so that you know again just very practically speaking when there's an intrusion um and there's a there's an agent or a you know a leader in the cyber division FBI he knows exactly who to call in our division to say I need your help we need to to a subpoena or let's keep going on this case and like there's a point to point constant sort of interaction between those two between us I mean the FBI is our key investigative partner right so mirroring how they're set up just makes total sense okay so I mean these bureaucratic questions are hugely important for the government being successful and for how the government runs but I want to uh brought and and you make a powerful case for the role of this new section but I want to broaden out some of the policy questions you raised you talked about um bringing indictments I think you mentioned an indictment against the moranian officials and I think this is fair to say that the vast majority of the indictments brought against officials foreign State officials especially who are overseas it's it's there's dim prospects of bringing them to trial bringing them to the United not zero but dim prospects of bringing them to trial and so I mean I've been and I'm not the only one a questioner or critic of this policy and I'm just wondering I mean and I know you disagree so the worry is that the signal that an indictment of a foreign official that can't be followed through on the the danger is you're revealing vulnerability you're acknowledging that they made their way in and had a successful operation you're signaling that you don't in the short or medium term have the prospects of bringing them to trial and you're announcing to the rest of the world that you know maybe our tools aren't so great because here we are admitting that we were infiltrated and implicitly admitting that we can't prosecute now I know there's a counter argument but that's the case that's a case against naming and shaming so what why why do you continue to do this and what's the value yeah so and first of all I recognize that that there are Skeptics about this approach uh and you're one of them I but I and we've talked about this you and I in the past because I look I think it's a really important part of our strategy and here's why um one when it comes to yeah going after nation state cyber activity it's not that much different than the other work we do in the NASCAR division whether that's going after terrorists or in Espionage cases going after spies we often don't have the prospect especially near term of putting handcuffs on somebody um but here's an important Point our memory is long right we are going to bring these cases and we're going to pursue Justice and we did this recently in fact with one of the alleged bomb makers in the Pan Am 103 case from 30 years ago that person's now pending trial here in Washington DC so we we remember these people who carry out these attacks and we go after them over time so that's that's one reason a second is we sometimes unseal these documents that the charging documents to send a message and we send a message to our adversary that we know what they're doing and we and that we've uncovered their activity um and some and that message is also sent to the private sector so they can better defend themselves and an example of that is the the case involving there's actually two indictments that we unsealed shortly after Russia invaded Ukraine just over a year ago um announcing and and spelling out in some detail what we understood about what Russian intelligence had done to go after critical infrastructure providers um and you know one as I said it it it sends it I think it does send a deterrent message because we're revealing to them that we know what they've done but we're also given the private sector backed up by the evidence you know alleged in a Department of Justice indictment um here's how here's the type of threats that you all are facing from these actors and give them a sense of what they need to do to better protect themselves because again it's pretty much on them you know in the private sector to invest in their own cyber security um the third reason I think that these indictments can can make a difference is they over time and you know this is something that you know your scholarship I know focuses on you you hope to develop some International Norms around cyber crime and and what rule of law Nations like the United States don't tolerate and by by if we didn't do this and we just stayed quiet or we only worked in the secrecy of intelligence activities we wouldn't I think have the same ability to develop the those Norms uh internationally so I think that's another Advantage but I look at some of those are untested and we'll see over time if who's right maybe we'll see maybe we won't I'm not sure how we'll know um but I want to pick up on one thing you said you said it's important for us to let them know that we can see where they're right there's been a sea change in the government since I was there in in the early 2000s since you started at the National Security division there's been a sea change it seems to me in the government across the government in the National Security division over time about it used to be the case that you wouldn't want them to know or that there was a view that the intelligence Community including NSD should not reveal what we know about what other what our adversaries are doing because it enables them perhaps to figure out what we're doing and therefore to deny access to us now clearly NSD and the government in general in a lot of contexts has gotten over that can you just explain in general why and how that works yeah I mean it's an ongoing conversation and it's a and it it's the conversation is always the same it's you know what do we need to say to bring a case what do we need to say to provide that message and what do we need to do to protect um how we got that information I think the difference in the distinct is it's it we're not saying in in these cases how we learned this information you know the how that's sources and methods that we protect um but sometimes we can say more about what we know without revealing how we know it and um where we can where we can and this is true in in all of our cases and in fact it's sort of a core function for the NASCAR division um created you know 15 plus years ago um that we are in a position to navigate this this tension between being able to publicly talk about what we do and and protecting um the ways the intelligence Community collects information and so we are the go between between the prosecutors and the intelligence Community that's true across the board but it is especially true in this context in cyber because often what we know we know from very sensitive collection methods um and so there are times we don't say we have to hold back um but where we can where we can be um open where we can send that message to adversaries where we can send that message to our own private sector where we can send that message to the American people you know so that they understand where we can be transparent they understand how their investment in intelligence is paying off I think those are all you know public you know values that we should that we should support you referred to operation Medusa which is as I understand it is a remote access technical operation and I think you alluded to the fact that this was an increasingly important tool can you say how much more can you say about that it's importance what it involves you work with the private sector in doing that and how much more can you tell us about that yeah I'm going to talk a little bit more it's I think it's a really an important part of our overall Playbook as I mentioned um you know obviously we prosecute cases but where we can the goal just like in the counterterrorism context is to stop an attack right or disrupt it at its very early stages as opposed to bringing a case down the road after an attack so in this context with like operation Medusa what we were able to do was to identify an FSB uh tool that had debuted for 20 years to great effect and we were able to what I can say is we're able to disrupt it but we worked to do that we worked very closely with the private sector and with the intelligence community and with foreign government so it again it's a little bit about the Playbook of our other Nest security cases where we have multiple stakeholders when we work on one of these cases and we've and we we coordinate our efforts to the extent we can with the private sector and with and particularly with foreign governments both on the intelligence side but also in the law enforcement side to have Maximum Impact and related to the private sector what is the role of the private sector reporting or notifying you that they've suffered a breach or some kind of adverse activity um and how does that happen does the new section have a role in that I assume you need to know you need to know what's going on in the private sector to be able to protect the private sector but how does that relationship work and will the new section have a role in that at all yeah I mean you know most of that interaction is the FBI right and and private sector companies right that at the field office level private sector companies particularly those that are you know within the crosshairs of nation state right cyber actors they have a relationship um with the FBI you know as as you know I I was the chief trust and security officer at Uber for a number of years before coming back to government and and ran our cyber security program I knew who the FBI field office leadership was who worked on Cyber we met on a monthly basis to talk about cyber threats so that that relationship was really strong um the the goal is for the FBI and then for us you know in you know as relatedly us in the NASCAR division to have that relationship so that when there is a threat or there's certainly there's malicious activity that those companies understand that we have a victim-centric approach and that they will come to us and tell us what they're seeing because when they do we are going to be better able to defend them we treat them as victims not as perpetrators and that's a really important Point um because we want them to come forward um we recently um you know there have been recent cases there's this case involving um Hive ransomware uh where we were able to actually provide the decryption keys to protect private sector companies but what we saw in that case was only about 20 percent of the companies had come forward but those 20 percent had given us the information we needed when I say we the FBI the information the FBI needed to understand that that ransomware and to develop the the ability to to unlock the the data so that that that's a great example of where coming forward really enabled the FBI to then better protect these companies from that activity so one upshot is the more that companies have these relationships with the FBI and Report these things the more you can protect them is that right exactly the more they come forward and and that and then the better that relationship is I think we're much better able to then defend them both after an attack you know to resp in a responsive mode but even before where we can give them an early warning or a heads up that this is the type of activity that that we see here's why we think you might be vulnerable and here's what you may need may consider doing to prevent protect yourself better okay let's switch to a final big topic and and I imagine this is taking up a lot of your time and that is section 702 50702 reauthorization um why don't you briefly tell us what supplies the 702's reauthorization is and then and then I have some questions about it sure and and I I and this is familiar to I know folks in the audience here uh but section 702 is a a new or relatively new amendment to fisa from 2008 uh that uh is due to expire at the end of this year at sunsets um by Statute at the end of this year unless it's reauthorized um I just testified before the Senate Judiciary Committee along with a number of colleagues last week to um really emphasize the critical value that section 702 provides I don't think there's really any doubt about the value that it provides in terms of protecting the National Security because the way it works is that it enables the intelligence Community to collect against non-us persons overseas without obtaining an individualized probable cause warrant when we target those individuals who are not us persons and who are outside the United States and who have no Fourth Amendment rights and over the past 15 years it has become just increasingly important as a tool for collection the the challenge we face now is that in some of the implementation of the of this tool particularly the FBI has made some significant mistakes and has a poor compliance record of the past several years and so there's really a trust deficit that we're dealing with with Congress to to make sure that um well we're dealing with that trust deficit and it's incumbent on us to to demonstrate that we can we in the bureau and the just department and the intelligence community at large can be trusted to implement this tool responsibly and we've made a number of changes to to demonstrate that we can do that but um we have some work to do to continue to convince Congress and the American people of that and one thing you've been trying to do I mean the original dominant justification of 702 was a counter-terrorism justification right and I've noticed you've been emphasizing you may have done this in your testimony that there's that 702 is valuable for far beyond counterterrorism one component of which is cyber security right can you explain how that works and why yeah I mean the tools agnostic on the nature of the threat right it was the initial justification was counterterrorism but it has proven to be extraordinarily adaptive and agile uh and it's now uh been used in a number of other contexts whether that's Chinese Espionage uh and uh counter-narcotics fentanyl for example working with foreign Partners there but also in particular on the Cyber threat and um you know Chief information security officers cisos all over the United States should be very thankful that we have section 702 because of the amount of intelligence we get through 702 that we then are able to provide companies to better protect them again in a specific example um that we that I've talked about is the really notorious Colonial pipeline ransomware attack where we used 702 threat intelligence to identify uh the Chinese hacker and then to recover uh some of the rants um so um really important uh tool in that case but that's just one of many examples of where 702 has provided critical intelligence in a cyber context so you mentioned the challenges uh to renewing the authorization and some of the troubles that the FBI has had so where do you see this is my last question where do you see the debate now how do you see it flying out I'm what are the main issues going forward where are we yeah I mean there's really One Core issue uh that I think stands out and that is the FBI's ability to take 702 data that's been collected by NSA which FBI gets a small portion of about three percent of the overall collection so very small fraction but they get it's really important because that three percent relates to threats inside the United States where the FBI has an open national security case so the issue is the FBI's ability to just to Simply query that data just like you might query your own Gmail account when you're looking for an email from somebody the FBI conducts queries of that data and sometimes they do so using a US person identifier and the debate is should they have to get a warrant for example to do that um I think that would be an extraordinarily bad idea that's not legally required and it would basically shut down the FBI's ability to search data query data that's already been lawfully collected and I'll put it in the Cyber context um imagine hypothetically that a U.S company has been attacked um the the that company's name and some of the technical indicators that are associated with that company would be really useful for the FBI then to look at 702 data so say there's a working assumption that it's Russia that's behind that attack of that company for the at the very earliest stages one of the first things the FBI is going to want to do is put that name of that company and some of the technical information which might also be U.S person information um into its database to look to see is this attack limited to this company what has there been anything exfiltrated can we associate it with uh the FSB or Gru Russian intelligence activity and there's not going to be probable cause in all likelihood at the early stages to search a name of a company right I don't know what probable cause would look like in that context so I think some of these ideas uh perhaps well-intentioned are are really misguided and would not be operable misguided because it really Narrows the significance of the program but okay so my last question yeah but can I say one more thing misguided because it it misunderstands a central lesson of 9 11. is that it would basically recreate a divide between foreign intelligence collection and and what the FBI can do to protect us here in the United States and that's not the nature of the threat but do that just by slowing down really the ability the FBI to to take advantage of this collection okay so my last question is I mean you acknowledge and the government's acknowledge that there have been problems with compliance there's there's a larger political Dimension here which we can set aside but there have been serious problems with compliance not not short-term they've been medium-term problems with compliance with 702 and so how can we the question is how can you fix those compliance problems in a way that gives Congress and the American people confidence while maintaining the uh the virtues and powers of the tool I mean that is the Crux of the problem right you just you just you know in a nutshell I identified the challenge and and one thing that I guess I would say is like it's not a fix the problem it's a process right so compliance requires sort of ongoing understanding of the nature of the problems what's causing those problems and then taking steps to address them and one of the things that we've done most recently and it's a very simple fix and it's really had a significant impact and that is when the FBI first set up this system basically by default when they searched all of their databases of other cases and other you know sources of information they were by default searching this raw section 702 data and and so many many if not the vast majority of the problems that they committed mistakes they committed were by inadvertently searching this data we just flipped that default setting to require that FBI agents and analysts affirmatively opt in and then justify that search before they conduct it and that's reduced the number of quote about U.S person queries by 90 plus percent so over what period does that happen that's over well it's over the last year and a half um that that change was implemented but understanding that problem taking steps to fix it and then measuring our success as we move on to the next challenge because there are going to be other mistakes and other problems but that's why you know we need to demonstrate that we can be trusted with with this sensitive information no question but I think that's an example of where we have made taken significant steps to address a problem and that it's paying off okay great we have time for a few questions if anyone has some if you just announce who you are please yeah Mike I wrote this formally with DOD um but the state-sponsored terrorism one thing you did not mention was retaliation I mean why are we taking retaliation if not why not so you know one of the reasons I don't talk about retaliation I mean so a lot of what happens uh in terms of how we might be responding to nation state activity in this context is not publicly acknowledged um you said you're from DOD obviously DOD has cyber command cyber command operates uh can can take offensive operations at the direction of the president some of those have been revealed publicly but you know others may not have been so I think it's a it's a capability that the United States has developed and uses uh where warranted other questions yes sir with record sir thank you good to see you again good to see you um has the justice department been affected by the movement breach that has impacted several agencies including OMB USDA I'm curious is there any progress in investing in the region of agencies that has it so it's an ongoing investigation so I'm really as I know you appreciate limited what I can say about it something we're looking closely at but it's an ongoing investigation so I can't say anything further about it has the justice department impacted so I'm not going to comment on on it because it's ongoing other questions yes sir I'll hop in John Cyclery let it go a little convoluted and I might have missed this but um on an edge case where there's a cyber crime incident in the state in the states in a new um litigator from the cyber security section steps in do they step in above their equivalent at the criminal at the criminal cyber division like you were talking a little bit about the I'm just trying to understand that first kind of uh interaction yeah it's a good question and and you said she's bureaucratic but if you'll it knowledge me a little bit these are very important they're very important um so we're partners and and on you know equal footing with the Criminal Division so you have the Criminal Division and the National Security Division and there's an Assistant Attorney General over the Criminal Division Kenneth polite he's my colleague um and it's the case that you know if there's an if there's an attack or some sort of intrusion at a company for example um or at a government agency we may not know initially is that that is that a nation-state case is it does it involve National Security or is it a criminal case involving you know criminal actors and we'll work that together until we can resolve who should be in the lead but there's not we're on equal footing as we as we make those determinations and this is where intelligence can make a big difference because often um it's the case that our intelligence agencies will have some insights about who's behind an attack at the very earliest stages so understanding uh very quickly that this is a Russian intelligence activity uh versus uh you know an Eastern European criminal group for example um you know very early on we might be able to make that judgment and be able to assign the case accordingly and and you know in every case I've been involved in there's there's been sort of a very easy way or at least a very collegial way to work that out and if you don't mind this follow-up just your courses what was happening in the past does that just mean NSD as like a voice in the process earlier no but we've always had that that sort of process and sort of relationship what what this does though what having a necess security section a natsex cyber section does is that it gives us just more in terms of resources it's our commitment to invest more in terms of resources and also to uh you know protecting those resources I think anyone who's worked in an organization understands like when you have multiple demands um and when when our cyber prosecutors were in CES they did Espionage cases they did exporters they encounter intelligence and Export control section so CES but they did all these cases they did transnational repression they did you know export control Trade Secrets uh theft so taking those prosecutors and dedicating them to a section elevating that section in terms of its important and importance in its profile will help to protect those resources as we continue to grow any other questions Matt thanks very much thank you Jack thanks everybody appreciate it [Music] okay [Music]
Info
Channel: Hoover Institution
Views: 4,275
Rating: undefined out of 5
Keywords:
Id: tI1CCPS5ULM
Channel Id: undefined
Length: 47min 20sec (2840 seconds)
Published: Tue Jun 20 2023
Related Videos
China's Response To War In Ukraine | China’s Global Sharp Power | Hoover Institution
Hoover Institution
22K
Victor Davis Hanson Diagnoses The Dying Citizen
Hoover Institution
1.9M
Sudden Rise of Cybercrime in India | Mint Explains | Mint
Mint
10K
The Port of Leningrad: From Late Communism to Crony Putinism | Tomasz Blusiewicz
Hoover Institution
6.6K
Brazil vs. Colombia Highlights | 2024 Copa América
FOX Soccer
314K
UK Elections: Last Week Tonight with John Oliver (HBO)
LastWeekTonight
3.1M
U.S.-China Competition and Indo-Pacific Security
Center for Strategic & International Studies
25K
Justice Department Announces Arrests Related to U.S. National Security
NowThis Impact
34K
What the rise in AI means for national security | ABCNL
ABC News
8.5K
ABC World News Tonight with David Muir Full Broadcast - July 2, 2024
ABC News
386K
Biden Nominee In "Panic Mode" After Josh Hawley Releases The FBI's Secret Memo!!
Crochê Cirlei
270K
EP-66 | Trapping ISI agents, cyber espionage & defending India’s digital assets with Pavithran Rajan
ANI News
1.8M
Portugal vs. Slovenia Highlights | UEFA Euro 2024 | Round of 16
FOX Soccer
1.1M
French Elections, China's Services, Starmer Ahead of Sunak in UK Polls | Daybreak: Europe 07/03/2024
Bloomberg Television
4.1K
(Victor Davis Hanson) Is There Hope for the 'Dying Citizen'?
Pepperdine School of Public Policy
130K
Exclusive: Stormy Daniels shares new details of her traumatic encounter with Donald Trump
MSNBC
90K
'Authoritarian impulses': What SCOTUS immunity ruling could mean if Trump wins
MSNBC
35K
Watch The Beat with Ari Melber Highlights: June 14
MSNBC
323K
The True Cost of Equality | Victor Davis Hanson
John Anderson Media
261K
HIGHLIGHTS - Brasil vs Colombia | Copa América 2024 - J3 | TUDN
TUDN USA
222K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.