Major cybersecurity incidents can begin with behavior that gets almost no notice.
They might start with port scanning: something akin to a criminal discreetly trying the doorknobs of a house or a business, to see if anyone has left an entrance unlocked.
“That activity goes on fairly regularly,” said Nicholas Arico, supervisory special agent at the San Diego field office of the FBI, who said there is evidence of bad actors seeking entry to computer systems maintained by San Diego businesses.
The threat comes from nation-state actors such as Russia, China, Iran and North Korea, as well as from cyber criminals. There is evidence that hackers are attempting to spy or steal military or business secrets, according to leaders at the FBI’s San Diego field office in Sorrento Valley.
Bad actors, affiliated with or at least tolerated by foreign governments, are also looking to infiltrate company computer systems and lock out their owners, demanding a ransom for the return of data.
Adversaries may also be seeking weaknesses in critical infrastructure, or ways to cause chaos and confusion in society.
It is not the only warning that came from authorities this summer. FBI Director Christopher Wray on July 6 made extensive public remarks in London regarding the threat from the Chinese government and the risks of doing business in China.
Business leaders need to educate themselves about such threats, said Stacey Moy, who in March took over as special agent in charge of the FBI’s San Diego field office. They should also know that the FBI can be a partner with the private sector to counter such threats.
There is a value proposition here for business, he said.
Lisa Easterly, president and CEO of the Cyber Center of Excellence (CCOE), said the partnership with the FBI is worth pursuing. The government provides valuable information.
“The FBI is here to help you,” she said — and then, with some exaggeration: “They wear capes!”
Easterly’s organization is a San Diego nonprofit dedicated to supporting the region’s cybersecurity ecosystem. Now in its fifth year, CCOE’s FBI Executive Briefing Series supports the bureau’s industry engagement efforts and educates San Diego’s key sectors on the current risk landscape, mitigation strategies and available resources.
The FBI also meets with the business community with programs such as InfraGard, which has a San Diego chapter and periodic meetings. Its website is infragardsd.org.
The FBI also participates in DSAC, the Domestic Security Alliance Council, which is geared more toward Fortune 500 firms. Here the government shares specific classified information with top executives, once they receive security clearances.
It is prudent to build a relationship with the FBI early, before something happens, said both FBI officials and Easterly.
Easterly praised the government bureau for placing an emphasis on readiness and offering resources “left of boom” — that is, before something bad happens.
Scripps Health had a preexisting relationship with the FBI when, in May 2021, it was subject to a cyber security attack. The preexisting relationship turned out to be an asset, Moy said. Scripps Health provided important information that helped the FBI’s ongoing investigation of cyber threat actors.
In a statement, the FBI said public-private partnerships like this are integral to the FBI’s ongoing war on cyber crime including understanding tactics and providing information to organizations to help prevent these attacks in the future.
San Diego has plenty of things that foreign powers would want. With its technical prowess and its growing population, the region has become a Silicon Valley of the south, FBI officials said.
Defense contractors in the area work on sophisticated military equipment such as the F-35 and Triton military aircraft. Adversaries are looking for ways to blunt their effectiveness, FBI officials said.
The biotechnology businesses in and surrounding Torrey Pines Mesa are a second attractive target.
Just how attractive? Moy related one episode where the FBI heard from authorities in an agricultural region of the United States. A sheriff’s deputy came across a person taking soil samples out in a field. As it turned out, the stranger was eventually linked to the Chinese government, which wanted to bring genetically engineered seeds back to China for the country’s benefit.
If nothing else, a report from a business can give FBI analysts another piece of a puzzle they are working on — one that might bring a cybersecurity threat into clearer focus.
The FBI has a unique view, with input from other intelligence agencies and international partners, Moy said. Much is classified.
The process of sharing information with business goes both ways, with the FBI passing unclassified information back to the private sector. This can include technical data such as suspect IP addresses, domain names and specific types of malware used.
Arico said if a business finds intruders in one part of its network, the FBI might — based on information already received from other businesses — tie the intrusion to a specific threat group and suggest the business look for the bad actors in specific other places on the network.
“We have the ability to see a larger picture than what they might be looking at, and we can help protect them using those types of techniques,” Arico said.
The FBI can also alert businesses to specific scams that it is seeing.
Naturally, businesses may think twice about opening up to a law enforcement agency. Some might perceive it as risky, Moy said.
“We’re not regulators,” said John Kim, assistant special agent in charge with the San Diego field office. When the FBI responds to a cybersecurity incident at a business, he said, “our job is to conduct the investigation of why they are being targeted and who are the actual actors who are targeting them.”
It is not there to broadcast the news to the outside world. The agency is discreet when dealing with businesses, said Moy, Kim and Arico.
Establishing a relationship with the FBI can be as simple as picking up the phone, Kim said. He added that people can call his office directly.
To report thefts or crimes, businesses can reach the FBI’s San Diego office by phone at 858-320-1800, or they can contact the agency at FBI.gov.
Businesses and individuals can report cybercrimes to the FBI’s Internet Crime Complaint Center (aka IC3) at ic3.gov.
Tips on federal crimes and suspected terrorist threats may be reported to tips.fbi.gov.