MIL-OSI Security: Deputy Director’s Remarks to the National Football League 2022 Annual Security Conference

13

Source: Federal Bureau of Investigation FBI Crime News

Thank you, Cathy, for that kind introduction, and for the opportunity to be here with you all today.

As Cathy mentioned, our paths have crossed many times over the years, and I worked closely with her during my time at the Washington Field Office. I have incredible respect and admiration for Cathy – she’s extraordinary and the epitome of exceptional leadership.I am grateful to have worked with her and to call her a friend. Just recently in March, Cathy joined us at FBI Headquarters as a guest speaker for our celebration of Women’s History Month. We are grateful that she shared her story with people from across the Bureau. Each time I have the chance to see Cathy again, I am reminded of all that she did for this city as chief of the Metropolitan Police Department.

Cathy was always on-scene, leading from the front, visible, and constantly communicating with and reassuring the public during every incident and every major event. She was engaged, hands-on and everywhere all the time. In my mind, that’s what it takes to protect our communities. And all of the people in this room today know that well.

Protecting a gathering of thousands of people is a tall order on any day – but I would say, especially at a major event like a League game, with so many participants and spectators and so much at stake. So today, I’d like to talk briefly about what we’re up against – what we see as some of the most pressing threats to our national security … and how it all translates into security considerations for sporting event management and business operations. We’ve talked about these challenges before, but it’s more important than ever to stay focused and disciplined in our approach. I’ll touch on the growing cyber threat, the persistent threat of terrorist attacks, and, briefly, criminal threats to the integrity of sports.

I’ll start with the cyber threat. We’re increasingly concerned about the threat of cyber attacks against our country’s critical infrastructure, including the energy sector, emergency services, local government operations, and more. There’s a good reason for that. Over the past two years, the FBI has seen a wider-than-ever range of cyber actors threaten Americans’ safety, security, and confidence in this digitally connected world. Those cyber actors include cyber-criminal syndicates and nation states – and sometimes the two working in toxic combination. And they’re constantly developing new ways to compromise our networks and get the most reach and impact out of their nefarious operations.

We’re particularly focused on ransomware schemes. Not only have these schemes wreaked havoc on company operations and caused devastating financial losses, but they’ve targeted hospitals, 9-1-1 call centers, and even schools. And no one is immune from these attacks – including sports leagues, teams, and those of you who head up security for stadiums and teams around the country.

A cyber attack on this sector is an attack on our country’s economic security and on one of our favorite pastimes. And unfortunately, cyber actors have and continue to target sporting institutions and events. In 2018, six Russian nationals used malware called Olympic Destroyer to launch an attack against the opening ceremony of the 2018 PyeongChang Winter Olympics. They also used spear phishing campaigns and malicious mobile apps to target Olympic athletes, partners, and visitors – and International Olympic Committee officials. Those attacks were part of a larger campaign that included efforts to destabilize Ukraine and Georgia, and interfere in France’s elections. Multiple FBI field offices were involved in the investigation, which culminated in indictments of six individuals in 2020. And earlier this year we saw a professional sports team affected by ransomware. The same way we respond to all cyber incidents, we moved swiftly to provide indicators of compromise and helped mitigate the threat, all while working to safeguard the victim’s sensitive data.

We have the tools to investigate these malicious attacks, identify the perpetrators, and then impose risks and consequences on them. That’s part of our new cyber strategy, which you may have a sense of if you attended this conference last year and heard EAD Brian Turner speak. But it’s now such an integral part of how we operate that I want to give a bit more detail.

We’re using a full range of authorities as both an intelligence and a law enforcement agency, and working seamlessly with our domestic and international partners. Together, we’re working to defend networks, attribute malicious activity, sanction bad behavior, and take the fight to our adversaries overseas. The strategy centers on prevention and disruption – hitting hackers before they attack or before their intrusions can cause major harm. To dismantle them, we’re pursuing them on three fronts. First, we’re taking aim at the actors. Working with our partners, we identify who’s responsible for the most damaging schemes. And we take a broad view – everyone from administrators to affiliates to operators of services facilitating cybercrime. Second, we target their technical infrastructure. Seizing or disabling their servers, domains, botnets; disrupting their operations; raising their costs … all while gleaning valuable new intelligence on their activities. Third and finally, we’re going after their money. Knowing that virtual currencies are central to ransomware, we trace many transactions back to bad actors. Where we can, we’re also seizing the funds, or we’re shutting down illicit currency exchanges. We’re intent on making it harder and more painful for hackers to steal data and hold IT networks hostage. And while actors, infrastructure, and money are all important individually, we achieve the biggest impact when we disrupt all three together.

One of our most important resources in this fight is all of you – our partners in law enforcement and the private sector. We’re constantly looking to open new avenues to work together, and ways to help if you do get hit with an attack. We’ve now set up Cyber Task Forces in all of our 56 FBI Field Offices across the nation – similar to the Joint Terrorism Task Forces you may be familiar with. So, if you reach out for help, you’re going to get a whole team with specialized expertise … and with jurisdiction to go after any cyber threat actor. That’s at every field office.

At the agency level, our Internet Crime Complaint Center established its Recovery Asset Team – which we just call “the RAT” – in 2018. Out of the top 50 U.S. banks by assets, the IC3 RAT has partnerships with 45, including all of the top 10 banks. Every year, the team culls through thousands of public complaints to help fraud victims recover hundreds of millions of dollars lost to cyber-crime. And more-and-more companies are coming to us for help. RAT addressed 32 percent more incidents in 2021 than 2020, with a solid record of being able to help. And between 2019 and 2021, the number of ransomware complaints reported to the FBI through the IC3 increased by 82 percent.

We’re also focused on sharing information through cybersecurity advisories. These advisories identify specific malware signatures, indicators of compromise, and tactics, techniques, and procedures. At the same time, we recommend that all of our partners take some steps to protect themselves.

First and foremost is to be extremely vigilant. You know your networks best, and chances are you’ll be the first to learn of a cyber attack conducted on your system. Second, we always recommend having a solid cyber incident response plan that includes instructions to call your local FBI field office if something happens. And third, we encourage you to review those cybersecurity advisories I mentioned, so that you’re working with the same information we have. Now more than ever, it’s critical that we keep our information flowing, fortify our networks, and stay on guard.

Next I want to talk about the threat with the potential to do the most physical, real-world damage, with potentially tragic consequences, and that’s terrorism. We’ve been briefing on the terrorist threat for the past 20 plus years, and there is no doubt we must remain vigilant on it. To be sure, by putting so much of our authority and resources behind the terrorism fight, we’ve made it really hard for international terrorist organizations to plan intricate, complex physical attacks. That doesn’t mean that kind of threat is gone. ISIS and al-Qaeda are still committed to attacking the U.S. and the West. They regularly put out calls for lone actor attacks. And the greatest terrorist threat we face is posed by those lone actors, or small, isolated cells.

We refer to those as homegrown violent extremists, and they typically radicalize online – inspired by some terrorist organization. But because they aren’t talking back and forth, coordinating with someone overseas, there’s no communications to intercept and no group to infiltrate. And as they’ve increasingly favored using guns, knives, and cars against soft targets, that limits the opportunities to see attacks coming. So, this is a really hard problem. And its scope is massive. We currently have about 1,000 homegrown violent extremist cases open, spanning all 50 states and all 56 FBI field offices. And then, separate from the homegrown violent extremists who are inspired by global jihad, we’re also concerned about what we call domestic violent extremists, who are motivated by issues happening at home.

Over the past few years, we’ve elevated two of the sub-groups within the domestic violent extremist category to be National Level Priorities – the same level as ISIS and Homegrown Violent Extremism. Those are the racially or ethnically motivated violent extremists – particularly those advocating for the superiority of the white race. And the anti-government – anti-authority violent extremists, which includes militia violent extremists … anarchist violent extremists … and sovereign citizen violent extremists. The FBI currently has more than 2700 domestic terrorism investigations ongoing. No matter which category the attackers fall into, they are eager to exploit security vulnerabilities in spaces with high attendance and a lot of media attention – like sporting events and music venues – to hurt as many people as possible. That’s where the attacks can have the greatest impact, in their view.

So, how do we address this? Just like with cyber, we at the FBI believe we have the best chance of thwarting these attacks when we effectively share intelligence and leverage our partnerships. We need a clear picture of what’s happening in communities across the country. And our partners, for example in the Joint Terrorism Task Forces, which some of you here may be part of – help us get there. The task force model allows us to share information quickly, surge resources where they’re most needed, and collaborate with our partners most effectively.

We’re also keeping companies and law enforcement agencies up to date with partner calls, situational reports, and intelligence products. On top of that, we’re working collaboratively with community groups to provide training on preventive measures. In so many cases, family members, peers, and associates are the best positioned to detect hints that someone they know may be considering violent action./So, a huge line of effort for the FBI is educating companies and the public on how to detect extremist conduct – in person and online. These are all avenues through which we share threat information and strategies to combat those threats.

Information is crucial, because when targets are unknown, soft targets are at highest risk. Of course, the information flow and coordination don’t stop at our borders: The FBI has 63 legal attaché offices around the world. So as the NFL holds more events overseas, we hope to partner with you there as well. In short, we firmly believe that each organization brings its unique abilities to the table, but it requires tremendous teamwork and cooperation to pull everything together into a unified whole.

I also want to briefly mention a program we’ve had in place for a number of years now, and that’s our Integrity in Sport and Gaming Initiative. You’ll hear about ISG from our Criminal Investigative Division later today, so I don’t want to steal the spotlight from that team. They’ll cover what the FBI is doing to combat threats of influence from organized crime groups and other criminal actors targeting leagues, athletes, coaches, referees, and others.

The main point I want to make right now is that behind this initiative, there’s a great deal of passion – not just for investigating sports crimes, but for the sports themselves. At the heart of our efforts is a recognition that sports hold a special place in our country and with the American people … and we’d hate to see the country’s most popular sport get undermined. So even though the ISG grew out of our Transnational Organized Crime program, one of the main tenets of the initiative is to preserve the integrity of our sporting institutions and to provide support. And we’re determined in our pursuit of those who prey on sport for profit.

Earlier I talked about the importance of intelligence … and I must say it’s great to see that our private sector partners like the NFL are on the same page with us about that. In fact, it looks like you’ll soon be hearing from Robert Gummer. Before he became the NFL’s director of intel operations, Rob was one of the FBI’s senior national intelligence officers. They make up sort of a brain trust at the Bureau. If there’s anyone who knows the importance of intelligence – that the common connection for countering these threats is understanding them, sharing information, and working with partners to disrupt threats before harm occurs – it’s Rob.

I do appreciate the opportunity to meet with you today, and I hope the partnership between the Bureau and the League will continue to be a strong one. With the NFL season schedule set to be released tomorrow, tens of thousands of Americans will start making plans to attend the games. Millions will be getting excited to watch on TV or online. So the stakes are high, like they’ve always been. And we all want the same thing – to make sure every game goes off without a hitch … to keep fans safe. I want to thank you for choosing and devoting yourselves to the important work of protecting the American people. And I want to assure you that the FBI will continue to work ever more closely with you as the threats continue to evolve. It’s a privilege to join you here. Stay well and be safe. Thank you.

MIL Security OSI