Cybersecurity

FBI director wants more cooperation from ransomware victims

FBI Headquarters (Photo by Kristi Blokhin/Shutterstock) 

Law enforcement needs a way to get ransomware victims to cooperate in cybersecurity investigations, FBI Director Chris Wray told Senate appropriators on Wednesday.

"If we don't solve the riddle of how to get the private sector promptly and transparently working with us -- and more and more companies, I should say, are doing that all the time -- but if we don't make that sort of the norm, we're going to have a heck of a time winning this conflict," Wray said at a budget hearing. He declined to endorse specific policy proposals but told lawmakers that "anything that helps provide more incentive for that to happen, I think is a step in the right direction."

Cybersecurity is a big part of the FBI's budget request. The Bureau wants $40 million in new money for cyber investigations in support of 155 new positions.

"A huge part of that will be going very much to the ransomware campaign that we're working on," Wray said. "We did about 1,100 different kinds of disruption actions against cyber adversaries last year. I'm talking about arrests, criminal charges, convictions, dismantlement [and] disruptions."

Wray said the FBI was going after "the entire criminal ecosystem" around ransomware heists, including not just the actual perpetrators but also helpers and infrastructure providers. "We're trying to go after the money," Wray said.

"We've got to take a little bit of our page out of the counterterrorism strategy book, everybody working together focusing on prevention and disruption, and that's what we're trying to do," he added.

The director reiterated the FBI's guidance for targeted companies not to pay ransoms to hackers, but also said that "the most important thing is that [victims] reach out and connect….with us as quickly and transparently as possible."

The bureau's fiscal year 2022 budget proposal includes $15 million in new money to support 22 new jobs to help the FBI improve their own cybersecurity.

"Those funds will help us secure our infrastructure and limit vulnerabilities that threatened the FBI's mission," Wray said.

On the encrypted communications front, the FBI's institutional position hasn't changed from the Obama and Trump administrations: the bureau wants providers to be able to decrypt and produce encrypted communications with law enforcement on the basis of a legal order.

"We are not asking for, and do not want, any 'backdoor,' that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else," Wray stated in his prepared testimony. "Unfortunately, too much of the debate over lawful access has revolved around discussions of this 'backdoor' straw man instead of what we really want and need."

The FBI has been pushing for some voluntary industry-government cooperation on end-to-end encryption since former Director James Comey first cautioned in 2014 that impenetrable communications apps were enabling criminals to “go dark” and commit crimes outside of the reach of law enforcement.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected