First up at #ACcyber, Amy Hess, of the FBI to talk about how the FBI's dealing with cyber threats.

"FBI approach to cyber is the consistent with experience and authorities."

Hess makes analogy to founding of FBI and automobile (as Comey did a week ago), talks about breadth of experience (but not about having to teach everyone to drive).

Also raises hybrid threats. Cites APT10 example.

Indictment here: justice.gov/opa/pr/two-chi…

Says China is going toe to toe with Russia in use of hybrid threats. Cites Russian hacking in response to attempts to punish Russia for doping in the Olympics.

nytimes.com/2018/10/04/spo…

Also, talks about Iranian hackers' use of SamSam.

justice.gov/opa/pr/two-ira…

Hess notes that the US issues red notices for indicted foreign nationals to make it more difficult to travel. Cites:

courant.com/news/connectic…

arstechnica.com/tech-policy/20…

Hess talks about dark market takedowns.

Also references use of sanctions when you can't get hands on victims.

Hess says must remind selves, victims aren't just countries, but people.

Hess urges companies to have:

-Incident response plans.
-Pre-existing relationships to FBI.

FBI realizes that companies face:
1. Losses from being victimized
2. re-victimization in the response process..

Hess notes FBI provides classified briefings to partners about potential threats.

Cyberthreat intelligence is a shared responsibility between government and private sector.

Hess runs through FBI structure to address cyber threats.

Encourages people to reach out and get to know FBI cyber agents, talks about agents deployed overseas.

Encourages everyone to report incidents to IC3.gov

Hess provided a useful status update on where FBI stands on cyber.

But, and this is me, not her, we calculated that despite the high profile arrests only 3 in 1000 malicious cyber incidents see an arrest. Read more here: thirdway.org/report/to-catc…