"FBI approach to cyber is the consistent with experience and authorities."
Also raises hybrid threats. Cites APT10 example.
Indictment here: justice.gov/opa/pr/two-chi…
nytimes.com/2018/10/04/spo…
Also, talks about Iranian hackers' use of SamSam.
justice.gov/opa/pr/two-ira…
courant.com/news/connectic…
arstechnica.com/tech-policy/20…
Also references use of sanctions when you can't get hands on victims.
Hess says must remind selves, victims aren't just countries, but people.
-Incident response plans.
-Pre-existing relationships to FBI.
FBI realizes that companies face:
1. Losses from being victimized
2. re-victimization in the response process..
Cyberthreat intelligence is a shared responsibility between government and private sector.
Encourages people to reach out and get to know FBI cyber agents, talks about agents deployed overseas.
Encourages everyone to report incidents to IC3.gov
But, and this is me, not her, we calculated that despite the high profile arrests only 3 in 1000 malicious cyber incidents see an arrest. Read more here: thirdway.org/report/to-catc…