If your organization were to experience some sort of cyber incident – e.g., an intrusion of your network, theft of your intellectual property or sensitive data, Internet fraud – does your company have an incident response plan that includes notifying federal law enforcement? If so, do you know what agencies like the FBI do when they respond to a cyber incident? Better yet, do you know that a fundamental part of securing your networks involves developing a trusted partnership with the FBI before a cyber incident?
Since the private sector is at the forefront of seeing nefarious cyber activity, the FBI seeks their partnerships to assist its operations. Risk managers within private industry are the “gatekeepers” for sharing information with the government. However, those individuals do not always know how the information will be protected and used and therefore are reluctant to partner with the FBI. To enhance private industry’s understanding of the government and its functions, the FBI established a Chief Information Security Officer (CISO) Academy in 2015. This initiative was a combined effort between the Department of Justice (DOJ) and others within United States Intelligence Community (USIC) and law enforcement partners.
The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the opportunity to interact with them during their stay. Bunking at the FBI Academy not only allows for further liaison with law enforcement and CISO Academy staff, but also affords them the opportunity to see what life is like as an FBI trainee.
The agenda for the course includes a variety of topics that range from traditional cyber crime to nation-state and insider threats. The course allows for open dialogue between the participants, who come from across the 16 critical infrastructure sectors, and the FBI and its interagency partners. Case studies are included in the program and keynote speakers from the Department of Justice provide key insight into the investigations. Not only do dynamic discussions take place during these presentations but conversations continue in the evening hours and throughout the week through planned after hour activities.
The program also weaves in a few new agent courses which provides further opportunities for participants to gain a better understanding of the FBI. These courses include firearms training and an overview of defensive tactics. The CISOs also can partake in early morning runs along with new agent trainees. The course concludes with a capstone table-top exercise which allows participants to discuss incident response capabilities and challenges.
To date, the FBI has conducted five CISO Academies with over 120 alumni having graduated. The FBI Director has spoken to each of the classes and encourages open conversation between him and the participants. The program’s popularity has grown over the last few years through word-of-mouth, highlighting the value of the CISO Academy. As a result, the FBI strives to hold two CISO Academies every calendar year.
Graduates expressed the value of the course in gaining a better understanding, not only of the FBI and Federal government, but also other critical infrastructure sectors. Private industry participants and the FBI staff leave the program with a sense of comradery and trust that enhances information sharing and continuous dialogue that ultimately enhance the fight against cyber adversaries. Many of the graduates maintain contact with their fellow participants after the course and share valuable information with each other on cyber matters.
FBI Cyber Division Unit Chief Stacy Stevens, whose unit handles strategic partnerships with private industry, says “The CISO Academy serves as a small snapshot of the work the FBI has undertaken to enhance its partnerships with private industry. Oftentimes there is a misperception by private industry that federal law enforcement is unwilling to exchange information or intakes data without reciprocating. However, the FBI is leaning forward in its efforts to share information with industry, understanding that it must also protect sensitive operations. Balancing information sharing with operational integrity is oftentimes difficult. However, the FBI realizes the importance of private industry partnerships in connecting missing pieces of a puzzle which could ultimately identify cyber attacks before they happen.”