FBI launches cyber threat info-sharing platform

In keeping with ramped-up efforts to coordinate with the private sector in addressing cyber threats, the FBI has launched a pilot version of its new iGuardian portal that enhances information sharing between the agency and trusted partners, a top FBI official said July 30.

The initiative builds on programs previously established by the FBI, including its Guardian and eGuardian counter-terrorism and collaboration systems, which iGuardian expands on for cyber incident reporting and response. The initiative also draws on InfraGard, a partnership between the FBI and roughly 58,000 commercial participants for sharing expertise and information related to cyber crime.

"We recognize collectively that we have had to dramatically increase our outreach to the private sector," Rick McFeely, executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch, said at the AFCEA Global Intelligence Forum in Washington. "We recognize that if we're to keep pace and ultimately surpass our cyber adversaries, we must have that two-way flow of information. Because of that, we've truly undergone a paradigm shift, operationally, in how we respond to the cyber threat."

The FBI is modernizing how it works with the private sector, but its latest measures are rooted in post-Sept. 11 threat response tactics, McFeely noted.

"InfraGard started out more as a high-level threat briefing at the unclassified level, and then we realized the tremendous amount of companies out there [involved with] critical infrastructure," McFeely said. "So we expanded this to have a way for them to report electronically. ... Our local field offices were not getting proper information, the right information, and it wasn't standardized."

The new iGuardian template, rolled out via a secure online portal, is launching as a pilot program, but McFeely would like to see it expand.

"If it's successful, we're hoping that this is something that at one point we can be able to roll out universally to a much wider audience," he said. "Obviously our concern is the critical infrastructure sectors out there. They'll probably be the next up. We know from a technological standpoint that it works, it's working now, and we have a very high degree of faith that this is going to work."

The FBI is focusing on other efforts as well, including pilot-program tools for analyzing malware – much like how the agency analyzes fingerprints – and sharing that information among private-sector partners. Additionally, the FBI is working on sharing IP addresses and other technical indicators of attacks, as well as embedding cyber agents with other agencies, including international law enforcement, McFeely said.

The cyber measures are a step forward for a department that McFeely admitted "was not a very good partner" to the private sector until recently. But Cyber Command Intelligence Director Rear Adm. Sean Filipowski said further action is needed on cybersecurity – action that is out of the hands of the FBI, Defense Department or any other executive branch agency.

"The development of the legislation to enable that [improved public-private partnership] will enhance our capabilities and this mission in cyberspace," Filipowski said. "The threat has increased over time, and changed over time as well. We've also seen...more technology out there for a mid-grade or low-grade actor to take advantage of in cyberspace. That's important to remember – that means there are many more potential actors and threats to our networks than we've seen in the past."