Gordon Snow talks about the challenges of cyber counterintelligence and the FBI’s role in federal cybersecurity efforts.
Snow, who took over as FBI assistant director in charge of the bureau's Cyber Division earlier this year, served in the Marine Corps for more than 10 years and has a master's degree in business administration and law degree. He has held bureau posts in Silicon Valley, Detroit and Afghanistan, which would seem to be the ideal background for someone in his position. In addition, he recently helped draft the government’s Cyber Counterintelligence Plan while detailed to the Office of the Director of National Intelligence, and he has directed the bureau’s National Cyber Investigative Joint Task Force.
But even for someone as prepared as Snow, leading the Cyber Division has to be a challenge. In 2009, the FBI’s Internet Crime Complaint Center Web site received 336,655 submissions. And cyber crime poses special challenges for law enforcement because online perpetrators can use various technologies to hide their identities. The problem is also inherently international, as indicated by the cyber intrusion agents that the FBI has stationed in foreign countries to work side by side with computer investigators.
Snow recently met with Federal Computer Week staff writer Ben Bain to talk about the challenges of cyber counterintelligence and the FBI’s role in federal cybersecurity efforts. The following excerpt has been edited for length and clarity.
FCW: Will the focus of the Cyber Division remain the same with you as chief?
Gordon Snow: [Previous chief Shawn Henry] laid a strong foundation, and as you can understand with technology and cyber being once again the change agent that it is, we change constantly on a day-to-day basis. But that strong foundation he and his predecessors in the Cyber Division have laid is what will remain the standard as we drive forward.
FCW: What does cyber counterintelligence involve?
Snow: We’re looking at what a foreign intelligence service is doing here in the United States and how we can protect against that. So we’re concerned about their access to our people, our organizations and our computer systems.… We’re always watching access to classified networks [and] penetrations of classified networks if they were to take place or if we see somebody moving into a realm where they’re starting to position themselves and we think that may be an issue. In addition, we’re concerned about all the unclassified information that’s out there.FCW: Have you seen any worrying trends involving cyberattacks by terrorists, other countries or criminal gangs?
Snow: On the criminal side,…instead of going out and harvesting a lot of the personally identifiable information and attacking…one individual, we’ve seen an emerging trend to attack small to medium-sized businesses [and] academic institutions.
FCW: What about the cyber threats related to terrorist groups?
Snow: The first cyber threat is terrorist groups and organizations using cyber as a means for recruitment, radicalization and communication. The threat that we mine down on here in the Cyber Division is them using their capabilities and tools as a point or vector to do damage to critical infrastructure or systems within the United States.
FCW: Is there a certain type of attack that average citizens should be particularly mindful of these days?
Snow: The average citizen should be mindful of everything. If average citizens started out with the fact that there really is no such thing as a secure system, I think they would move themselves far down the road…to computer security. Computer security starts at home, it starts with the individual…. You’re only as strong as your weakest link.
FCW: Are there threats that are specific to federal Web sites or systems?
Snow: When we talk about threats to the government system, we talk about what we can’t patch for. I can’t patch for an individual who receives a socially engineered e-mail, and I don’t have the protocols in place to watch that e-mail, to address that e-mail, or once again to get that education piece out to educate everybody that…clicking on that link that looks like it might be interesting could be my first step to the compromise of the system by downloading the malware that allows the adversary to move throughout my system.
FCW: Is there one threat that rises above all others for federal agencies?
Snow: No, it’s pretty much all cyber, all the time. So situational awareness is key. And while we may see trends of attacks moving from one flavor of the day to another, we definitely need to be cognizant of all threat vectors that come in.… Our corporate partners here in the United States ride on about 85 percent of the network, so we can’t solve this problem alone. No one agency can solve this problem alone.
FCW: What is the FBI's unique role in cybersecurity?
Snow: The FBI is the domestic human and technically enabled intelligence collection agency for the United States. So What we bring to the table is our collection [of intelligence] and our view domestically for all the other agencies in the intelligence community and in the law enforcement community. So I’m there to ensure, No. 1, that I address counterterrorism and counterintelligence [efforts] from the national security side and also from the criminal side.
FCW: How is what the FBI does with its National Cyber Investigative Joint Task Force different from what the Homeland Security Department does in terms of coordination?
Snow: Cyber network operations [are] split into three traditional arenas: cyber network attack, cyber network exploitation and cyber network defense. We would fill that gap that we would call cyber threat investigation. [For example], I’m trying to identify that individual behind the keyboard who's responsible for all the activity.
If it’s in the criminal realm, then I’m trying to find that individual. I’m trying to remove their capabilities, dismantle their organization and bring them to prosecution.
If it’s a national security realm, if it’s cyber espionage, for instance, from a foreign intelligence service or foreign state actor…I’m trying to stop that process; attribute that attack to an individual; [trying] to find out what their tactics, techniques and procedures are; and bring back our response from the United States along with the rest of my intelligence community partners.
If it’s cyber terrorism, then I’m tying to ensure that I impede that attack and stop it before it takes place and then dismantle that organization.… But once again, it’s a complete collaboration [with other agencies].
FCW: What are the big challenges in being able to determine who is behind an attack?
Snow: The challenge is always the same…. It’s very difficult to find positive attribution. On the national security side, the FBI and its partners from the U.S. government have made tremendous progress, and many of the investigations [have] identified actors that we believe are associated with different entities throughout the cycle that we discussed. On the criminal side, we’ve made tremendous progress even in the last two years.