Operation Cyber Shooter: cyber sleuths protect valuable PII

by Airman Jenna K. Caldwell
22nd Air Refueling Wing Public Affairs

9/29/2015 - MCCONNELL AIR FORCE BASE, Kan.  -- A man enters an office and walks right up to an individual on a computer. He holds a gun to the victim's head and demands their personal information and records.

The victim gives it to him without a fight, and the criminal leaves with all the data. This happens every single day to individuals, except criminals are not just breaking into offices with a ski mask.

Criminals can hold people hostage and steal their personal information through accessing their computer without ever leaving the comfort of their homes. Opening emails laced with malicious spyware can leave computers susceptible to security intrusions, allowing offenders to take whatever information they want.

22nd Communications Squadron Airmen jump to the rescue. Two senior airmen created a program to combat this exact kind of harmful activity. The newest program is Operation Cyber Shooter, which was inspired by the "active-shooter" training on base that prepares Airmen for armed assailants.

The program began a year ago, and has been under the continual care of two senior airmen.

"Network administrators send phishing emails out to individual units in an attempt to trick them into opening the emails," said Senior Airman Marquis Mello, 22nd Communications Squadron network administrator. "We monitor whether or not they fall for the tricks and then record the results with non-punitive action towards the email recipient."

Every time an individual views their emails, they are susceptible to a villainous attack. Perusing the inbox, the person lets the guard down and opens a message that appears to be from a credible source, but it is not. Like Superman being stabbed with Kryptonite, the individuals security is immediately weakened. Control of the computer is lost to a phishing attempt.

Phishing emails are a computer's kryptonite. They can contain malicious software that attempts to steal an individual's personnel information.
Operation Cyber Shooter is here to combat this type of criminal activity; they are the security forces in the line of defense to fighting and protecting the cyberspace domain. They see a warning signal of a security breach, and they are off to the rescue.

Operation Cyber Shooter is like a fighter pilots contingency plan; much like how the pilot has a plan to prepare for any situation, it identifies vulnerabilities in the system and creates a plan of attack. But instead of piloting an aircraft, it's testing and toughing Airmen against cyber threats.

"These test emails are strictly for training purposes and are harmless to the receiver," said Senior Airman Thomas Koch, 22nd Communications Squadron network administrator. "A lot of the information we collect is used to implement programs that educate individuals and improve security."

Other bases have already sent out calls for help from McConnell's Operation Cyber Shooter team. They are curious about the operation and how these two Senior Airmen were able to create programs that don't cause any true harm to individual's security.

"We don't mind helping other bases," said Koch. "We are ultimately looking for some really solid improvements all around. We want everyone to be aware and conscience of the multiple ways that they can be affected directly or indirectly by security threats."

Access to reliable communications and information networks is crucial to accomplishment of the Air Force's mission. It difficult to have effective operations with criminals out to compromise security. But with the Operation Cyber Shooter now in place, network administrators have an extra power to fight cyber crime, educate Airmen and keep information safe.

DoD Official Acclaims Transcom’s Cyber, Innovation, Acquisitions Strides

By Amaani Lyle DoD News, Defense Media Activity

NATIONAL HARBOR, Md., September 30, 2015 — The defense logistics program is “doing what it was built to do,” showing cost savings in recent years despite budgetary restraints, the principal undersecretary of defense for acquisition, technology and logistics said at the National Defense Transportation Association’s fall meeting here today.

At the event, co-hosted with U.S. Transportation Command, Alan F. Estevez praised Transcom’s “unparalleled” ability to deploy and sustain forces across long distances with a continued focus on acquisitions, innovation and cyber, even though fiscal year 2017-2021 budget plans could be built on the precarious 2016 budget, still in wet cement and pending congressional approval.

“We’re building off a ‘16 budget that doesn’t exist, … and whatever we get in the ‘16 budget is probably going to be lower than that $538 billion,” Esteves said of current defense funding that sequestration cuts could pare by $38 billion.

Estevez warned that the Defense Department could end up with funding less than sequestration levels, at about $498 billion, under a yearlong continuing resolution. “Over the last six years, we’ve gone into a continuing resolution every first quarter,” he noted.

“All these things to save money for the budget actually cost the American people dollars and they cost your military combat power, and that is not a good place to be,” Estevez said. “But that’s the reality we’re living in today.”

Readiness, Force Structure, Modernization

In the meantime, he said, DoD and Transcom will build on the budget foundation the department has, with a lens on force readiness, force structure and modernization.

“The hollow force is not something we want to revisit,” Estevez said. “If we trade away our modernization, that means we end up fighting in the ‘20s and ‘30s with the tools that were bought in the ‘80s and ‘90s.”

Moreover, he said, competitors could suddenly nose ahead with better capabilities and acquisitions, depriving the United States of the battlefield edge it has enjoyed for decades. “One of the things we have lived with for the last 30 to 40 years is we never go into it in a fair fight, because we have better stuff,” he said.

Developing Cyber and Innovation

Transcom’s cyber networks, similarly to those of the Office of Personnel Management, are prime targets for network breaches, Estevez said. The military and industrial base comprise the logistics realm, he added, but a reliance on the commercial sector – particularly Silicon Valley -- will increase as Transcom bolsters its innovation and cyber capabilities. DoD has since set up a Defense Unit Innovation Experimental in Silicon Valley, where he said “great things” are going on.

“One thing we’re not going to get from Silicon Valley is a weapons system,” Estevez said. But there are some great tools that we can build into our weapons system,” he added, such as robotics and other technology in development there.

Acquisitions Improvements

Estevez also described improvements in Transcom’s acquisitions. “More programs are showing cost savings over the last five years in their acquisition than have gone up, which is a dynamic number,” he said.

Ultimately, he said, DoD senior leaders perceive logistics as one of the differentiators in readiness. “There’s always a risk of cutting too much on the logistics side, and we’ve got to watch out for that.” That logistics capability, he added, is what creates the capacity to go into combat.

As Transcom continues support of operations to thwart the Islamic State of Iraq and the Levant, with concurrent attention to logistics capabilities in Europe and across the Asia Pacific region, Estevez emphasized the command’s importance.

Importance of Logistics

“When Defense Secretary Ash Carter was undersecretary of defense for acquisition, technology and logistics, Estevez said, Carter told him in an amusing way how important logistics is, saying, “Logistics is like oxygen: when you got it, you don’t think about it. When you don’t got it, that’s all you think about.”

To keep the U.S. advantage, Estevez said, a Joint Staff and combatant command leadership summit is scheduled in the coming months. “We are going to have a contractor force out there no matter what fight we’re in,” he added, “and we’ve got to plan for how that contractor force is going to operate with us.”

Defense, Intel Leaders: Cybersecurity Priorities are Defense, Deterrence

By Cheryl Pellerin DoD News, Defense Media Activity

WASHINGTON, September 29, 2015 — Defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities, top officials from the Defense Department and the intelligence community told a Senate panel here today.

Deputy Defense Secretary Bob Work testified on

cybersecurity policy and threats before the Senate Armed Services Committee. Joining him were Director of National Intelligence James R. Clapper and Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency.

In his remarks to the panel, Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment.

“Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper added.

Integrating Intelligence

The primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, he said, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.

Clapper said President Barack Obama has directed him to form a small center that will integrate cyberthreat intelligence from across federal agencies, as do centers established over the years for counterterrorism, counterproliferation and counterintelligence.

In his remarks to the panel, Work said recent cyber intrusions involving the Office of Personnel Management, the Joint Staff and Sony by three separate state actors are “not just espionage of convenience, but a threat to our national security.”

Earlier this year, the department released a new strategy to guide the development of its cyber forces and strengthen its cybersecurity and cyber deterrence postures. The previous cyber strategy was released in 2011.

DoD Core Missions

As laid out in the new strategy, DoD’s core missions are to defend DoD network systems and information, defend the nation against cyber events of significant consequence, and provide cyber support to operational and contingency plans.

“In this regard, U.S. Cyber Command may be directed to conduct cyber operations in coordination with other government agencies … to deter and defeat strategic threats in other domains,” Work said.

On cyber deterrence, Work acknowledged that he and Defense Secretary Ash Carter “recognize that we are not where we need to be in our deterrent posture,” and the revised strategy is designed to help improve cyber deterrence.

Deterrence works by convincing any potential adversary that the costs of conducting an attack far outweigh potential benefits, Work said, describing the three pillars of the cyber deterrence strategy as denial, resilience and cost imposition.

Cyber Deterrence

“Denial means preventing the cyber adversary from achieving his objectives; resilience is ensuring that our systems will perform their essential military tasks even when they are contested in the cyber environment; and cost imposition is our ability to make our adversaries pay a much higher price for malicious activities than they [expected],” the deputy secretary explained.

Work said that because nearly every successful network exploitation involving the Defense Department can be traced to one or more human errors that allowed entry into the network, raising the level of individual cybersecurity awareness and performance is critical.

“As part of this effort, we recently published a cybersecurity discipline implementation plan and a scorecard that is brought before the secretary and me every month,” he said.

The scorecard holds commanders accountable for hardening and protecting their critical systems, and allows them to hold their personnel accountable, Work said, noting that the first scorecard was published in August.

“Denial also means defending the nation against cyberthreats of significant consequence,” Work said, “and the president has directed DoD, working in partnership with other agencies, to be prepared to blunt and stop the most dangerous cyber events.”

Fighting Through Cyberattacks

On resilience, Work explained that adversaries view DoD's cyber dependence as a potential wartime vulnerability, so the department views its ability to fight through cyberattacks as a critical mission function.

“That means normalizing cybersecurity as part of our mission-assurance efforts, building redundancy whenever our systems are vulnerable, and training constantly to operate in a contested environment. Our adversaries have to see that these cyberattacks will not provide them a significant operational advantage,” Work said.

The third aspect of deterrence means demonstrating the ability to respond through cyber and non-cyber means to impose costs on a potential adversary.

“The administration has made clear that we respond to cyberattacks in the time, manner and place of our choosing, and the department has developed cyber options to hold an aggressor at risk in cyberspace if required,” Work said.

Measurable Progress

During his testimony, Rogers said the military is in constant contact with agile, learning adversaries in cyberspace who have shown the capacity and willingness to take action against soft targets in the United States.

Some countries are integrating cyber operations into a total strategic concept for advancing their regional ambitions, he said, “to use cyber operations to influence the perceptions and actions of states around them and shape what we see as our options for supporting allies and friends in a crisis.”

“We need to deter these activities by showing that they are unacceptable, unprofitable and risky for the instigators,” he added.

U.S. Cyber Command is building capabilities that contribute to deterrence, the admiral told the panel.

“We are hardening our networks and showing an opponent that cyber aggression won't be easy,” Rogers said. “We are creating the mission force -- trained and ready like any other maneuver element that is defending DoD networks -- supporting joint force commanders and helping defend critical infrastructure within our nation.”

U.S. Cyber Command has made measurable progress, he added. “We are achieving significant operational outcomes and we have a clear path ahead."

Det. 3 member receives NASA's Silver Snoopy Award

by 1st Lt. Alicia Premo
45th Space Wing Public Affairs

9/25/2015 - PATRICK AIR FORCE BASE, Fla.  -- NASA Astronauts Rex Walheim and Barry "Butch" Wilmore flew into Patrick Air Force Base, Florida, Sept. 23, 2015 to present Don Shelton, 45th Operations Group Detachment 3 deputy commander, the Silver Snoopy Award for his dedicated service to Human Space Flight recovery operations.

The Silver Snoopy Award is an astronaut's personal award given to only the top 1% of individuals who have made significant contributions toward enhancing the probability of mission success, or made improvements in design, administrative/technical/production techniques, business systems, flight and/or systems safety or identification and correction or preventive action for errors.

Shelton's wife Lisa and daughter Chelsey Sears attended the presentation of the award, and Lisa pinned the silver snoopy onto Shelton's shirt.

Lt. Col. Mike McClure, 45th OG Detachment 3 commander, commended Shelton for his contributions to America's Human Spaceflight program.

"It takes people like Don to truly make America's crewed-space program what it is today, and will be in the future," said McClure. "His hard work and dedication to our mission have enabled us to be successful in doing what we do best -- keeping astronauts safe, thus enabling the next generation of space exploration."

Assistant Attorney General John Carlin Delivers Remarks at the National Cyber-Forensics and Training Alliance

Wednesday, September 23, 2015

And thank you to the National Cyber-Forensics and Training Alliance (NCFTA) for organizing this Executive Summit.  Since 1997 – long before the cybersecurity conversation was in the forefront of American minds and back when one of the biggest threats to industry was spam – NCFTA has been a leader in bringing together law enforcement, private industry and academia to share information to stop emerging cyber threats and mitigate existing ones.  Today, nearly two decades later, as the threats we face have grown to include malware, nation state-sponsored theft and critical infrastructure attacks, among many others, your work has become only more important.

You should be commended – not only for the work you do each and every day, but for your foresight.  You recognized long ago that we are most secure when the government and private sector share strategies and best practices on secure information access, threat detection and incident response.  As a result, you created the model that others should follow.

Discussions like this one today, and the collaboration you undertake on a daily basis, allow us to learn from one another, so that the same actors, using the exact same tools and signatures, cannot simply move to a new victim when they have been kicked out of another organization’s network.

And that is both critically important and incredibly urgent.  Because while we gather here in Pittsburgh to work together to make this country safer, our adversaries likewise gather together to strategize against us.  Nation states have developed entire economic espionage campaigns against us and our corporations – relying on their own kind of public-private partnerships to do us harm.  Right now, other nations’ governments issue their own calls to action, threatening our livelihood, our economic security and our safety.

That is why this conversation is so important.  To keep our nation secure, to enable American businesses to compete fairly in our global economy and to ensure we have an early warning system to help mitigate threats, we need to work together.  When a foreign government attacks, private industry cannot and should not go it alone.  Your own government ought to help you.  And we will.

The Role of the National Security Division

That is precisely why the Department of Justice’s National Security Division – or NSD, for short – was created.

After the devastating attacks of September 11th, it became clear that the Justice Department needed to reorganize to tackle terrorism and national security threats more effectively.

We needed a single division to integrate the work of prosecutors and law enforcement officials with attorneys and analysts in the Intelligence Community.  So, nearly a decade ago, Congress created the department’s first new litigating division in almost half a century: NSD.

In the years since NSD was created, it has become increasingly clear that the same things that motivated our creation and guided our efforts to combat terrorism were equally true in the cybersecurity realm.  We have a host of tools available to us to combat online threats to the national security – criminal prosecution, sanctions, designations and diplomatic options – and we have the ability to pick the best tool or combination of tools to get the job done under the rule of law.

Our attorneys live by that approach.  We use all available tools to combat online threats to the national security and have ensured that we have the necessary expertise no matter who is behind the threat, what their motivation is, or what tool we need to use.  Under unified NSD leadership, we have integrated the full range of national security expertise of the department under one roof and we bring broad and varied skills and expertise to cyber issues.  And we created the nation-wide NSCS Network, which consists of over 100 specially-trained federal prosecutors in every jurisdiction, who focus on combating online threats to the national security.

The Threats We Face

That integration is critical as we face an onslaught of new threats and intrusions that raise national security concerns.

In the Sony hack late last year, we saw a foreign, state-sponsored actor wage a destructive attack intended to chill the speech of a company in the United States and U.S. citizens.  The Sony attack was perpetrated by North Korean-sponsored hackers who destroyed computer systems, stole valuable information, released corporate data and intellectual property at significant cost and threatened employees and customers.

As a hybrid threat, presenting national security and criminal concerns, we see both state and non-state actors using the Internet to steal our intellectual property and export-controlled information at unprecedented levels.  As the President said recently, industrial espionage and the theft of trade secrets is fundamentally different from the traditional intelligence-gathering functions that all states engage in.  China’s campaign to steal trade secrets and other proprietary information is “an act of aggression that has to stop.”  As the world’s two largest economies, the United States and China have a vested interest in working together on this issue.  President Obama is prepared to address these issues with the Chinese, recently saying that “this will probably be one of the biggest topics that [he will] discuss with President Xi” during the upcoming visit.  Just this week the Wall Street Journal published a transcript of an interview with Chinese President Xi Jinping in which he agreed that cyber theft of commercial secrets and hacking attacks against government networks are both illegal.

Similarly, we have also seen an uptick in the theft of personally identifiable information in bulk quantities.  A concerted series of malicious cyber activity targeting OPM – the agency that manages personnel records for federal employees – resulted in the compromise of millions of sensitive records, including background investigation files for national security clearances.

Similar intrusions over the past two years have targeted several major health insurers’ customer financial and medical information and even airline passenger travel reservation records.  Just this month, a New York Blue Cross Blue Shield provider revealed that it was the victim of a massive breach, exposing the data of more than 10 million people.

The challenge transcends this rampant information theft, as malicious actors are seeking to build the capabilities and develop the access necessary to disrupt United States critical infrastructure.

In short, online threats of all types are increasing in frequency, sophistication and scope.  And these threats are occurring against a background of increasing worry about the nation’s overall network security.  The past year has seen the announcement of several significant software vulnerabilities – some now so famous that they have their own brand names, such as Heartbleed, Shellshock and Stagefright.

This year, the Department of Homeland Security’s Computer Emergency Readiness Team published a list of 30 “high risk vulnerabilities” that, according to DHS, are exploited in “[a]s many as 85 percent” of attacks on critical infrastructure organizations.  These included several software vulnerabilities that were disclosed years ago, including one as far back as 2006.  This means that companies are not falling victim to new and unidentified exploits, but rather, to vulnerabilities that have been known for almost a decade.

Finally, new threats appear on the horizon.  We know that terrorists seek to exploit our reliance on weak or outdated network security to harm our way of life.  To date, terrorist groups are largely experimenting with hacking, but this could serve as the foundation for developing more advanced capabilities.  We’ve also seen calls to action through Internet jihad by both Al Qaeda and ISIL and our international partners have experienced attacks conducted by purported jihadists.  We are concerned those groups will not hesitate to deploy offensive capabilities if they are able to acquire them.

The threat from these terrorist organizations has a second and equally troubling dimension: unprecedented and sophisticated use of social media to radicalize and recruit new associates for heinous attacks.

Al Qaeda was very guarded with its brand and selective in its recruiting; by contrast, ISIL blasts out tens of thousands of social media messages daily, calling for sympathizers worldwide to act in ISIL’s name – at a time, place and method of the attacker’s choosing.  ISIL claims credit, whether successful or not.

Although ISIL uses social media and open platforms for recruitment, they conduct their operational planning through encrypted communications using mainstream technology.  It is important that those providing the services take responsibility for how their services can be abused.  Responsible providers need to understand what the threats are and to take action to prevent terrorist groups from abusing their services to induce recruits to commit terrorist acts.

Our Response: U.S. Government All-Tools Approach

This audience knows all too well that adversaries with extensive resources can pose a serious threat to anyone’s network.  Our collective response must extend beyond awareness campaigns and scanning e-mail for phishing attacks.  We also need the ability – after a sophisticated hacker has gotten in – to detect and disrupt that attacker.  Then, we need to respond to the attack in a way that will deter future foes.

The government must take concrete and decisive action to respond to these threats.  Along with our partners in other federal, state, and local agencies, we intend to raise the costs of state-sponsored offenses against our nation, both for targets in government and the private sector.  We want to reach the point where the costs outweigh the benefits of targeting our systems and stealing our data.

For example, last year, here in Pittsburgh, we brought the first-ever charges against state-sponsored actors – the five named members of the Chinese People’s Liberation Army Unit 61398 – for computer hacking, economic espionage and other offenses directed at six American companies in the U.S. nuclear power, metals and solar products industries.   

It was true when we said it in May 2014 following the PLA indictment, and it remains true today: we are aware of no nation that publicly states that theft of information for commercial gain is acceptable.  It is time for us to, once and for all, come to a common agreement about acceptable state behavior on the Internet.  Ambassador Susan Rice recently reiterated this point in a speech at the George Washington University, stating that, “Cyber-enabled espionage that targets personal and corporate information for the economic gain of businesses undermines our long-term economic cooperation and it needs to stop.”

And, when those norms are not abided by, we must hold responsible individuals and entities accountable and increase the costs of their activity.

The need to increase the costs of malicious activity online is especially obvious in light of the destructive acts targeting Sony Pictures.  North Korea’s use of computer network attacks to destroy computer systems and deter and punish Americans from exercising their First Amendment rights is unacceptable and indefensible.

Only weeks after the attack, we were able to publicly attribute that a nation-state was responsible.  That, alone, is significant, because attribution can be very difficult.  Unlike terrorists, who claim credit for attacks, our online adversaries often try to hide their conduct.  Of course, naming those responsible publicly is only the first step.

This is a national security problem, and it demands a national security solution.  That includes holding perpetrators accountable and increasing the cost of their activity in other ways as well.  Until nation states and terrorists stop stealing and waging bullying, destructive attacks, we must actively disrupt and deter them.

Whether you are the Syrian Electronic Army, North Korea, ISIL or a state-sponsored hacker, we must demonstrate that we can and will find you.  And when we do, there will be consequences.

The United States is pursuing a comprehensive, whole-of-government strategy to confront malicious actors who seek to harm critical infrastructure, damage computer systems and steal trade secrets and sensitive information.

The criminal justice system is a central and effective component of this disruption effort.  Indictments and prosecutions are a clear and powerful way, governed by the rule of law, to legitimize and prove allegations.  It is a necessary but not sufficient tool to bring to the fight.

But it is not the only tool we possess to communicate our expectations regarding acceptable online behavior.  We must be strategic; we must evaluate the full range of options – law enforcement, intelligence, diplomatic, military and economic – and use the most appropriate tool to respond.

Earlier this year, President Obama signed an Executive Order that provides a new means to respond to significant online threats.  The executive order authorizes the Secretary of the Treasury, in consultation with the Secretary of State and the Attorney General, to impose sanctions on individuals or entities that engage in significant malicious cyber-enabled activities – that could threaten the national security, foreign policy, or economic health or financial stability of the United States.

Of particular interest, the order will allow us to hold accountable companies that knowingly receive or use trade secrets stolen through cyber-enabled means.  These beneficiary companies are taking advantage of the hard work of Americans and harming our competitiveness.

This executive order – and the profound consequences for entities sanctioned under it – should make companies think twice before hiring hackers or making use of information that they know was stolen.  If they don’t, we will take appropriate actions, which can include sanctioning those companies and cutting off their access to U.S. markets.  This is the same approach we have taken in counterterrorism and counter-proliferation.

Some of the nations that steal from us also have obligations under international trade agreements, committing to protect intellectual property rights.  Our colleagues in the office of the U.S. Trade Representative are currently exploring the tools at their disposal under those agreements, and whether the World Trade Organization and other rules could provide ways to challenge state-sponsored trade secret theft. 

Importance of Private-Public Sector Partnership

Despite our ability and willingness to deter this conduct, no one is immune from malicious cyber activity.  We know that we will never achieve impenetrable defenses – no network wall is high enough to keep a determined, sophisticated actor out of our systems.

But you can take steps to mitigate the risk, and protect yourselves and your companies.  Part of the response must be to ensure that that your systems are resilient to attacks.

And, it is crucial that you not go it alone.  This challenge requires a new kind of partnership between the government and industry – such efforts will be crucial to defending our companies and our citizens from these threats.  For the government’s part, we are committed to building this partnership.

We currently share sensitive information with you so you can defend against attacks in real time and engage in disruption efforts.  In the past year alone, the FBI presented over three dozen classified, sector-specific threat briefings to companies, but we need to keep getting better.

We’re working to lower the barriers to information sharing even further.  At the Department of Justice, for example, we’ve clarified that certain laws are not impediments to sharing information with the government to protect against cyber threats.

The Department’s Antitrust Division published guidance reaffirming that companies who engage in properly designed threat information sharing will not run afoul of antitrust laws and the Criminal Division published guidance to help clarify that companies can and should share certain aggregated threat information with the government.

We also continue to work with Congress to improve and update the legal framework for sharing threat information.

After an intrusion or attack, if a company works with law enforcement, it puts us both in the best possible position to find out exactly what happened and to remediate and prevent further damage.  The evidence is often fleeting, so early notification and access to the data is extremely important.

In addition, we may have seen the same indicators of malicious activity in other incidents, so we can conclude who was responsible and identify possible impacts and means of remediation.  Importantly, it also allows us to share information with other potential victims.  One company’s vulnerability is everyone’s vulnerability and it is critical that we work together.

The Department of Justice may be able to use legal authorities and tools that are unavailable to non-governmental entities.  As a government, we can also enlist the assistance of international partners to locate stolen data or identify a perpetrator.

These tools and relationships can greatly increase the odds of successfully apprehending an intruder or attacker and securing lost data.  Finally, this cooperation is vital to successful prosecutions or other enforcement actions that can prevent criminals from causing further damage to victim companies and others.  Prosecutions, sanctions and other steps will help deter would-be hackers.

A united front is critical because the threat you face includes hackers with the full backing of their governments and hackers that are part of sophisticated, international criminal syndicates.  You shouldn’t have to face those threats on your own and you don’t have to.  We are here to help.  At the same time, it is increasingly clear that dealing with expanding cyber threats must be a team effort.  You bring vital expertise and information to the effort, just as the government brings essential resources and capabilities.

There are many good sources of recommendations concerning how to respond to breaches across the U.S. government, including DHS and NIST.  Within the Department of Justice, our Criminal Division recently issued “Best Practices for Victim Response and Reporting of Cyber Incidents.”  It covers a number of subjects, but let me highlight one of its key takeaways: When companies suffer a breach, they immediately face a host of difficult choices, and that reality is not lost on us.

We understand that the decision whether to call law enforcement, in particular, is difficult.  Companies must weigh numerous considerations that can seem to cut in opposing directions.  What are the ramifications of publicizing this breach?  Will employees be embroiled in lengthy legal proceedings?  Will the government treat my confidential and proprietary information with the care and discretion it deserves?

We understand these concerns, and we can assure you that we will roll up our sleeves and work with you to try to satisfy them.  We understand also that your customers, employees and investors, when they finally do learn of a breach, will also ask you whether you worked with law enforcement.  Increasingly, they see that as a necessary step; they want to know that you are doing everything you can to address the breach, including informing law enforcement.

To repeat what I said at the outset: We are in this fight together.  As you work to make your organizations succeed and to protect their assets from adversaries – both state-sponsored and otherwise – always keep in mind that we in government stand ready to assist your efforts.

Thank you again for having me.  I look forward to your questions.