Cyber Threats to State, Local, Tribal and Territorial Law Enforcement Agencies, Departments and Personnel – IACP Panel
The impact of technology on law enforcement agencies has been a continuous thread throughout International Association of Chiefs of Police Conference (IACP) this year in San Diego. While many agencies seek to build community policing strategies with technology in mind, an equal number are working to confront the ever-present threat of bad actors in the cyber realm.
Eric Sporre, assistant deputy director of the FBI, led a sobering panel on this topic today called “Cyber Threats to State, Local, Tribal and Territorial Law Enforcement Agencies, Departments and Personnel.”
Sporre noted that he began his career in the FBI’s white collar crime unit, but in 2002 was assigned to the Cyber Crimes group. Though he offered he is not a “native speaker” of the cyber world, there was training on the then up-and-coming computer intrusion space. To read between the lines, Sporre seemed to reassure attendees that they too could easily learn how to navigate this space.
He then reviewed a laundry-list of cyber threats the FBI is focused on worldwide – including state actors, organized crime, hacktivist groups and more. While Sporre admitted that the specter of cybercrime may mean something else to state and local law enforcement, those lines are beginning to blur, particularly with the rise of online radicalization of American citizens by ISIL.
Instead, Sporre focused on three key cyber threats that he said local law enforcement must be aware of: ransomware, business email compromises and doxing.
In regards to ransomware, Sporre offered that, “the best advice is: backup your systems.” He then stated that the FBI discourages organizations from paying the ransomware perpetrators, but regardless of the decision or pay the ransom or not, the FBI is committed to aiding victims of the crime.
And in the event that an organization has become the victim of a ransomware attack, Sporre’s advice was simple: come forward and work with state and local law enforcement.
He assured attendees that even in business email compromises – where attackers use social engineering to compel victims to transfer funds from their banking or business accounts – coming forward within 48-72 hours of an incident can typically stop the transfer of funds.
The discussion then moved to doxing, which Sporre noted “keeps him paranoid.” In these cases, foreign actors have been known to target and identify members of law enforcement, former military service personnel and others, compelling other bad actors to do them harm.
“Think about what you share online or what you put out there [for others to see],” Sporre warned.