FBI Agent Christopher K. Stangl Patrols Cyberspace from His Post in Newark

FBI Agent Christopher K. Stangl Patrols Cyberspace from His Post in Newark

 BY MARTIN DAKS, CONTRIBUTING EDITOR

NEWARK, NEW JERSEY-BASED Assistant Special Agent in Charge (SAC) Christopher K. Stangl has been with the FBI for more than a decade, investigating criminal computer intrusions, Internet fraud and other issues. The Newark office helped to crack a case involving two Iranian men who were charged in November with deploying SamSam ransomware, which crippled the operations of more than 230 hospitals, municipalities, public insti­tutions and other critical networks in the United States and Canada.

More than $6 million in ransom pay­ments were extorted, and the affected public and private institutions suffered an estimated $30 billion in damages. COMMERCE spoke with SAC Stangl about where the biggest threats to national security are originating, the kinds of cyber-risks companies face and some best practices to guard against hackers.

COMMERCE: Are any businesses at particular risk of a cyberattack? CHRISTOPHER K. STANGL: Many kinds of companies and other organizations, across the spectrum, are affected. The businesses themselves, their employ­ees, their customers and national securi­ty are all targeted. Even agricultural companies can be targeted, with attack­ers seeking their formulas and processes. Competitors want to find out how we engineer and harvest seeds.

 Q. Who’s behind these attacks?

A. The No. 1 threat today is the gov­ernment of China. But the United States is also under attack by Russia—which tried to influence the 2016 election —and Iran. They’re using malware and other means to try to get our intellectu­al property, and sensitive trade and mili­tary information. They’re also targeting the U.S.’s pharmaceutical industry.

Also, when U.S. companies want to do business in China, they often have to first enter into a joint venture with a China-based firm. This provides the U.S. company with access to the China market, but it also opens the door for the China business to steal U.S. secrets. We spend money on R&D, and China spends time and money on reverse engineering our secrets.

Consider the January indictment of Huawei Device Co., Ltd. and Huawei Device Co. USA with theft of trade secrets conspiracy, attempted theft of trade secrets, seven counts of wire fraud and one count of obstruction of justice. The indictment detailed Huawei’s efforts to steal trade secrets from T-Mobile USA and noted an inter­nal Huawei announcement that the company was offering bonuses to employees who succeeded in stealing confidential information from other companies.

Q. When does the FBI get involved, as opposed to a local police department?

A. That’s usually based on federal statutes and international partnerships. We can’t investigate everything.

Q. What can companies do to try to protect data?

A. Assess what information you own— including IP, customer data, blueprints and other sensitive information, and then protect it. Be on guard against cyberattacks, but also remember that companies and foreign intelligence serv­ices may send individuals or academics to penetrate a company here and access sensitive data. We support cultural and other exchanges, but we have to guard against subversive attempts.

Q. What are some best practices to secure sensitive data?

A. There are four basic steps. Protection, which involves safeguarding your data and systems. Detection, which involves identifying security events and incidents. Response, which focuses on what you’ll do if you do have an incident. And Recovery, or how you’ll come back from an attack or other incident. Securing your network architecture— including segmenting the network instead of linking everything by a central access point—can help to limit cyber incidents. Also, consider maintaining your most sensitive information on a private network that’s not connected to the Internet. ­­­

User-access should be restricted on an “as needed” basis. For example, an employee in accounting shouldn’t be able to access the payroll system. Multifactor authentication—typically a password and something else, like a dongle [a small adapter that plugs into a computer and enables the use of certain software]—should be utilized, and companies should also require employees to use a strong password. On an ongoing basis, employees should be educated about security policies, and the policies and systems should periodically be tested.

Q. What are some other cybersecurity defenses?

A. Encrypt sensitive data [so even if a hacker gets it, the information may not be usable], and maintain your sys­tem’s firewalls. Monitor inbound and outbound traffic as a way to detect intruders and compromised systems— for example, is your payroll computer suddenly sending out customer informa­tion. Establish a baseline of “normal” computer activity, like the applications that are typically running at certain times of the day, and then monitor the systems and be aware of abnormal activity.

Q. Do you think we’ll ever be totally secure online?

A. That’s a complex question. We deal with constant change and an evolving landscape of hardware and software. We need continuing joint efforts involv­ing developers and private individuals and government resources. We’re get­ting better but there’s a lot left to do. Once an attacker acquires your IP or other information, we can investigate the attack and perhaps initiate a legal response—but we can’t undo the damage.

View all featured articles