Paul Abbate: Election Security | Gerald R. Ford School of Public Policy

Paul Abbate: Election Security

September 24, 2024 0:52:31
Kaltura Video

This event explores the FBI's evolving role in safeguarding U.S. elections, focusing on the agency’s efforts to counter cyber threats, disinformation, and terrorism. September, 2024. 

Transcript:

0:00:00.0 Speaker 1: So, again, welcome everyone for our discussion with the deputy director. If you haven't seen his bio yet, just incredibly accomplished career in the FBI. I've known the deputy director for 15 years, but his career goes far back beyond that. He started as a special agent in 1996, so coming up in almost 30 years of government service in the FBI. And then since 1996, he's had pretty much every job you could have in the FBI from being a street level agent in New York, other roles in New York City through 9/11, focused on both the criminal side of the FBI's work and also the national security side. And then after 9/11, went overseas and was in war zones in Iraq and Afghanistan, also was part of the FBI's response to the deaths of Americans in Benghazi, Libya in 2011, if you remember that. But probably the last 10 years of his career has been really sort of rocketing up the FBI sort of food chain in very senior management positions, both in field offices and inside FBI headquarters to now being literally the second most important person in the FBI as the deputy director. So, incredibly distinguished career, Paul. So lucky to have you here and really look forward to the conversation we're gonna have today.

0:01:37.5 S1: And also there was a lot of work of getting the deputy director here today. So from our side, the Weiser Diplomacy Center, Susan Page, and all your support in the AAB Ali Bosma. So just incredible effort to pull all the moving pieces together to get the deputy director here. And then on the FBI side, a number of folks as well that all made this visit possible. So I just wanna say thank you at the beginning to everyone. So with that, we're gonna get started on our conversation. And the way we designed the conversation today is to make it a conversation about the FBI's role in different aspects of election security, 'cause as we all know, we're six weeks out from another important election, and there's a lot of things going on with that from a national security perspective. But the FBI's role is very unique, 'cause whether it's from the broad sort of contours of national security and the more specific programs either in counter-terrorism, cyber security, the FBI is touching all these different aspects of how to keep the country safe from virtual threats and physical threats from a election security perspective. So our conversation is gonna delve into all those issues. But before I get started with the questions, Deputy Director, any opening remarks from your side before we get started on that?

0:02:56.3 Speaker 2: I really just wanted to thank you Job and express my thanks to everyone here in the university of Michigan community for welcoming me and us here today. I've had the opportunity to see some friends, quite a few that I hadn't seen for a number of years having worked here in the state of Michigan over a decade ago. So it's fantastic to be back, and it's fantastic to be here at the home of the national football champion.

0:03:24.7 S1: There we go. Go blue, right? Well done. Well done. Although you reminded us today, your alma mater, the University of Connecticut has one upped us on basketball national championships, so we're gonna have to get moving on on that, but so great to have you here as well. So why don't we just kind of get started and jump right in to some of these questions. And then we're also... I'm gonna look at the clock maybe closer to 4:45, but perhaps if we finish soon or we can get to some of those questions that either have been submitted already or those that come from you guys here with us in the room. So let's just first start on a kind of high level overview of the FBI's posture on election security overall. And so, as we know, there have been several sort of threats directed against the United States over the past, certainly the past decade, but probably even before that, when it comes to election security, again, either these threats are directed virtually or in the physical world. But with that step back perspective, what would you say are some of the key takeaways or how do you think the FBI has evolved given its focus on this really important topic?

0:04:37.8 S2: Yep, thank you. So we've been forced to evolve rapidly, particularly in the last few years. I really, we will cover this later, but we'll go back to about 2016 in terms of real change in the sphere of providing election security. We have a long history in that. In the FBI, it's one of the priority things that we do and protecting the integrity of our elections is fundamental to our democracy. We all know that, right? And the FBI has at the federal level, the primary role in that, along with a number of other collaborators and partners, we'll get into that as well. As we prepared for today's event, just looking back, I was kind of reflecting on the history, and you go back to the early '70s really. And even then, we had what was an election program or election protection program in conjunction with the Department of Justice, but it was much more rudimentary, I would say, back then in real world type of concerns and threats.

0:05:47.7 S2: The things that we protect against today, the potential for voter ballot fraud voter suppression, civil rights violations, campaign finance violations, that was the focus back then. There wasn't this whole digital and cyber world that we all in society is immersed in now that's produced threats that we never would've imagined before. So if we fast forward to that time, from that time to now, I would say steady state with the more traditional threats for a long period of time, which I touched on. And then we get to 2016, the attacks that came at our country from Russia, specifically in that instance, via cyber means hack and leak operations, spreading foreign malign influence, covertly hiding in the shadows of social media, those are new things that we've only encountered in very recent years, and that's been a very rapid evolution. And we've had to adapt, I think having been caught off guard as a government by that, and move very quickly to identify future threats, fill the gaps with regard to what's happening now, and work to protect our elections and our democracy in an urgent fashion.

0:07:21.1 S1: So then Paul, would you say that 2016 was sort of a watershed moment for the FBI from that perspective, sort of picking up on kind of the traditional focus areas, but post 2016 that election security is now looked at internally with just a different kinda lens, or has there been any internal kind of bureaucratic realignment or focus from that perspective?

0:07:42.0 S2: Absolutely, and I would describe it as a watershed moment, not just for the FBI, but for all of the agencies and departments at the federal state and local level that are engaged in conducting elections 'cause that's not a federal responsibility, as you know. I think that's important to reaffirm the carrying out and conduct of the elections is a individual state and locality responsibility bolstered by some components of the federal government, specifically DHS and CISA. And then we're engaged in security around that. Again, collaboration with many other partners at the state local and at the federal level. But yeah, when we look back to 2016 primarily focused at that time on kind of the more traditional and real world forms of threat that an election might face. And then you have the introduction by a sophisticated nation state actor against specifically Russia, using cyber means now to attempt to undermine and interfere with and influence our election outcomes here in the United States.

0:08:57.1 S1: Sort of picking up on just one...

0:08:58.7 S2: The game changer, really.

0:09:00.6 S1: Yeah. Picking up on one thing you said about sort of the FBI's sort of new focus and then collaboration with a bunch of different stakeholders and partners. Can you talk a little bit more about that relationship with DHS and CISA? 'Cause there's still, I think sort of a little bit of confusion about who's really responsible for what, and just sort of helping kind of demystify a little bit of that confusion or explaining to the folks in the room, how that relationship kind of works at the day-to-day level.

0:09:29.9 S2: Yeah, one, it's an exceptional relationship, and it's something that's been developed over time. And like any relationship, it requires nurturing each and every day, but we work together with each other, alongside each other, side by side each and every day. Not just to protect our elections, but to do many, many other things in the countering the threats that we face across a lot of different vectors. I know we're not here for that today, but it's really important the work that we do together with DHS. When it comes down to it, the responsibilities I think are pretty clear. I'll describe them here. CISA is very broadly engaged in protecting the voting mechanisms, the voting machines in support of, again, state and local partners, but working on the front line in support of those of the states and the localities. They provide support and assistance with the voting machines, mechanisms, balloting, all that kind of stuff, and really hardening that, so that cannot be interfered with. And they've been very effective at that together with state and local partners, because there really are not any documented instances where anybody's been able to, whether it's a sophisticated nation state adversary or anyone else been able to affect the outcome of election or get into that system and manipulate it. That's been researched, investigated and it's proven and that's what they do.

0:11:05.8 Speaker 3: Sorry to interrupt. Just give the acronyms before description. [0:11:10.6] ____. DHS and CISA.

0:11:13.2 S1: So Yeah, that's my fault. So the Department of Homeland Security, which was created in the aftermath of 9/11 in 2003, and I worked in, before I went to the FBI, so interesting in my own career are having worked in both places. But then, I think it was 2018, if I'm not mistaken, that an organization that used to have a different name in the department of Homeland Security was renamed and sort of rebranded as something called the... Boy, I was goof up the CISA name and if Jen Easterly or here, she'd hit me with a hammer. But it's the Cybersecurity and Infrastructure Security Agency.

0:11:51.6 S2: That is correct.

0:11:52.8 S1: Yeah. Right. So Jen, if you're listening or watching, don't... Hopefully I'm safe. And Jen is the director of CISA. So this is now the agency that is notionally responsible for protecting critical infrastructure and hardening the country from a defensive perspective on cyber security. Hopefully that answers the question. So.

0:12:11.7 S2: That's the primary responsibility when it comes to elections of CISA for the FBI and this is partnered with CISA, but it's all about prevention and protection and stopping the threats before they have an impact on our elections. So that's all about, that's an intelligence driven undertaking. So we're working together every day to collect information intelligence from a variety of sources and then synthesize that, and then share it with potential victims so that they can put themselves in the best position to protect whatever it is we're seeking to protect and that applies in this realm to election security. And then beyond that, the FBI, our lead role is investigating the threats. It's determining who's threatening our elections, our country, whether they've had success in that regard, hopefully getting in front of it, but if we don't, holding them accountable and then bringing to them to justice and calling them out essentially for the criminal conduct that they've engaged in.

0:13:18.2 S1: Okay. Thank you for that. So I wanna dive a little bit deeper into some specific focus areas of the FBI, and this also maps to how the FBI's organized bureaucratically as well, or organizationally. So let's talk a little bit more about the FBI's specific focus on cybersecurity and how that impacts the cyber division within the FBI, which is also relatively new, at least in the history of the FBI. So we talked a little bit before about 2016 Russian campaign as sort of being a watershed moment and sort of the, how it led to some new changes in the FBI. So can you talk a little bit more, Paul, about sort of based on what was a uncovered in the aftermath of the campaign, kind of what were some of the key cyber tools or techniques that the Russians managed to use, and then how has the FBI adapted on the cyber side to try to prevent those in the future, or deter them or combat them?

0:14:15.6 S2: Yeah. The Russian government used two primary techniques to attack back in 2016. One, they targeted individuals associated with the both of the campaigns, and they hacked into their emails. They took content from those emails, and then they leaked them out publicly to influence to undermine to embarrass whatever effect that that would have. That's what they do. We call that a hack and leak operation. Stealing somebody's emails and then putting them out out there publicly to have an impact on the reputation, and to essentially to embarrass them. That was one of the primary modes of attack.

0:15:01.4 S2: The other was using social media and going out again, covertly 'cause if things are done overtly, that's not necessarily a criminal act, even from a foreign government. But when a foreign government under our criminal law comes in and works to hide their identity, or those who are working for them, and obscure that and then deceive our citizens, the public to believe it's somebody else, that's what they were doing. So they set up literally thousands of fake social media accounts on Facebook and other platforms, and then use that to disseminate messages to cause greater divisions between and among people here in our country to spread misinformation and disinformation to influence toward the outcomes that the Russian government might have sought at that time and generally spread what we call malign influence through those fake social media accounts and doing all that in a hidden covert manner.

0:16:09.5 S1: So then if those were the tools or the tactics that the Russians used, now nearly a decade later, kind of what inside the FBI sort of organizationally, how have you or how has, like the cyber division or other elements of the FBI sort of responded to that to try and at least detect it on the intelligence side, or perhaps again, prevent it from happening from other kind of cyber authorities that the FBI has?

0:16:33.2 S2: Yeah, I think it's important to note none of those techniques were necessarily new at that time or unknown to the FBI or other law enforcement partners or the intelligence community. It's just the way that they were leveraged at that time and specifically targeting the US elections. That was the new thing, the innovation that really caught everyone off guard. So there are a lot of lessons learned, that emerge from that. We have the expertise in the bureau to investigate even highly technical operations like that, that are occurring in the cyber world. But it really comes down to in order to identify that in advance, get ahead of it, stop it or hold people accountable for that conduct. It really comes down to, I think, communication, collaboration, information sharing and movement of information rapidly, really in real time.

0:17:37.8 S2: And that's when we talk about what could have been done better and what we're doing now, it really comes down to that. And I would say internally for the FBI, we hadn't optimized the level of collaboration and communication between internal components, specifically our counterintelligence division and our cyber division, which has been in existence for 20 years now. So that's not a new thing for the FBI either. And then outside with other intelligence community partners like the national security agency specifically like a collector of signals intelligence that contributing to the building out the threat picture and providing information that we all can act upon. So I think post 2016, recognising that, working to implement those lessons learned, we did advance quickly and we've seen that that's been effectively applied in subsequent elections, midterms and presidential elections.

0:18:42.9 S2: So that now, we're really ahead of the threat. We're coming out in front of it. We're identifying these things, so we can go out and share information with others to prevent it from happening. So that would include social media companies. For instance, if we gather intelligence information that a foreign government, a hidden actor is setting up fake social media accounts, we're gonna go appropriately to that platform, that provider. We're gonna let them know in advance. We're not directing them to do anything. I think that's very important to note. The government doesn't have the ability to tell the social media companies to take any particular action, but we're sharing with them threat intelligence about conduct that's incurring on their platforms that may be illegal under our criminal justice code, but also violative of their terms of service and then they're free to take whatever action they want, if they choose to.

0:19:44.0 S2: We're also warning victims. So if we see a nation state, whether it's Russia or somebody else, going after a specific victim through a spear phishing attack, trying to hack into their email, and we're continuing to do this, we will go to that individual as a potential victim and tell them privately, this is what's happening. You're being targeted. And this is the vector, including the email, that it may come in through and what form that may take so that they can protect themselves and avoid clicking on that malicious link that would allow the hostile actor to come in and breach their email account and steal their information.

0:20:22.4 S1: Another sort of related question to this whole notion of information sharing, what about state and local stakeholders? Because obviously with the process of elections, and you mentioned this already, that that is a state and local run activity. So how does that part of the information sharing domain work in terms of information that either the FBI receives or other parts of the government? How does a state and local entity that may be involved in the voting process, how do they receive something?

0:20:54.2 S2: It's fully integrated. So we're sharing any information that relates to a threat that we possess is gonna go out real-time to whoever that may affect and whoever is in a position to provide or elevate the level of protection relative to our elections, the information systems behind it, whatever it may be. So I think that's another advancement, the relationship and the regular rapid communication that we're having with those within the states who are responsible for the conduct of elections. That would be the Secretary of States and their offices, election boards, and also law enforcement, because you often need State's Attorney Generals and the state police, among others, are involved in this framework of providing security for our elections.

0:21:50.5 S2: And it's essential, which we are doing, that the entirety of the information necessary to stop the threat is shared with everybody across the board at every level, federal, state, and local. And I can assure you that that is happening. Today, it's been happening for a long time, and it's in part based on the lessons that we derive from some of the failures of the past.

0:22:11.8 S1: Last question just on this topic, but also on the information sharing. Is it also coming bottom up as well to either the FBI or DHS and then shared laterally instead of it being collected perhaps in Washington and then sort of being passed down?

0:22:28.0 S2: It's always. We know one of our agencies is a single source for information. Again, this is part of collaborating and building out the entirety of the pictures and connecting all the dots. So, yes, again, through the partnerships we've formed now and now the experience together engaging in this important work have developed that. So anyone is expected to bring any piece of information to the table side to side, top to bottom in order to put us all in the best position to achieve the outcomes that we want.

0:23:06.4 S1: And that's where I think we want to be as a country, because in the post 911 world that I was in, in counter-terrorism, we really struggled with that when it came to information sharing about threats, for the most part, that were perhaps emanating overseas and potentially gonna be directed here. And we had a lot of fits and starts trying to figure out, how do we take all that really sensitive, super classified information that's based about our for the most part talking about foreign threats and then share it with this whole array of stakeholders here? So it sounds like a lot of key lessons have been learned from that sort of counter-terrorism experience for a different kind of threat on the election security side. Okay.

0:23:45.2 S2: Very much so and I would continue to layer on that that you just make me think more about this international partners are critical in this as well, particularly allies and particularly our five allies partners, that's Australia, New Zealand, Canada, in the UK, common democracies, ways of life, values that we share. Those allies are being targeted as well by the same adversaries including Russia, China, Iran and North Korea. So we share information between and among each other as well across all threats but relative to elections specifically. Also, and then we touched on this, but the private sector, that's a two-way street also. So while we're bringing information that may inform actions relating to a threat to a social media provider or telecommunications company, they are often bringing information to us as well for action, especially when it comes down to physical threats and what we call threats to life that people are unfortunately receiving in large volume online now.

0:24:58.9 S1: Right. And again, that is so different from the world of counter-terrorism where you would never really have the private sector or state and local government be the first source of information about a threat for the United States. It was always for the most part coming from the national security world in DC. So picking up on that theme about sort of counter-terrorism and its sort of relationship to this issue of election security. So can you share with us, Paul, the FBI's assessment of the current terrorist threat landscape to the United States, both on the foreign side and on the domestic side as well?

0:25:37.0 S2: To be very direct on both sides, international terrorism, domestic terrorism, the environment that we're in right now is elevated and it's extremely severe and it's dangerous. I would note, however, that it's been persistent. There are some out there that earlier, if you go back last year and maybe in the year or two before, some were, in my view, diminishing or trying to bring down the threat from terrorism, both here and around the world. From our view in the FBI. We're the ones that hold the cases. We see it directly. We have the best insight into that. The threat of terrorism, whether domestic or international, has never gone away. It's remained persistent. And particularly after the attacks of October 7th last year, it's been extremely elevated in nature and the danger is great both here and around the world from terrorist organizations.

0:26:45.5 S1: And, again this is a struggle for the FBI but a lot of other organizations but how does the FBI sort of balance the demands between those two types of threats even on the terrorism side because your authorities and capabilities are very different on the foreign versus the domestic so how do you find like the right balance between those two?

0:27:06.4 S2: Well, there are differences in the authorities, we treat them at an equal level. We have to, because any one terrorist in any one case, we're talking about a potential loss of life, which is the essence of our job to protect and the most important thing that we do. So they've always been at equal level. There may be shifts in the number of cases. But overall volume reflects a stark example of what we're facing out there. And I'll give you the numbers. If we look on the domestic terrorism side, right now within our portfolio of ongoing case, active cases today, we've got about 3,000 active domestic terrorism cases that we're pursuing in the FBI, 3,000. And that's 3,000 individuals with intent or potential intent to cause harm to people. On the international terrorism side, it's even worse. We have about 4,000 individual cases, people who are inspired by violent extremist ideologies from international terrorist groups like Al-Qaeda and ISIS and are potentially or seeking to do harm to people. And that's what we're working to counter each and every day.

0:28:33.1 S1: So with that framing, which was excellent, can you just give a little bit more perspective to the folks in the room here about just how does that work at a day-to-day level within the FBI from the Joint Terrorism Task Forces that are in 56 field offices throughout the country? How does that sort of machinery work between launching an investigation, collecting intelligence, to then shifting to the other side of the domain to the criminal side where now you're trying to build a criminal case and actually arrest someone before they can actually pull off an attack, either against US interests overseas or here inside the US?

0:29:13.5 S2: I'll give you the framework first and then a case example. So as you mentioned, in each of our offices around the country, we have a Joint Terrorism Task Force, or JTTF, and we have one at the national level too. And again, it's a collaborative partnership. Between and among many at the local, state, and federal level, and across as well. And it's really, really thorough. Like just about any law enforcement or intelligence agency that you can think of, including here in your local area, is a part of that as a full member of that we're working together each and every day against the subjects of the cases that I mentioned before. Again, the work's done on the front line that's in the field, from a headquarters standpoint, we're there to serve and support the field and give them the resources that they need and remove obstacles that may be in in the way so that they can do this important life-saving work. A recent case that I'll mention that's public occurred out in Idaho.

0:30:11.6 S1: And this is typical of what we're seeing today. It's a lone actor not connected directly to a foreign terrorist organization, a person that we refer to as a homegrown violent extremist or HVE, somebody who's been inspired by something. It could be another person. It could be online. Someone who's been radicalized toward the commission of a violent act driven by a terrorist ideology. And we had this person in Idaho who got on the radar probably about two years ago. He was expressing these types of thoughts and potential action. And somebody gave us a tip. They called in a member of the public, reported him. That allowed us enough information under the law and our policy and guidelines to open an investigation officially.

0:31:13.4 S2: And then we began pursuing it. We use the least intrusive steps and move that up depending on the urgency of the case. And that one went on for a pretty long period of time. Again, I think it was up to almost two years. And this person's stated intentions began to escalate, really, and reflect an intent to commit violence. And he finally formed a plan where he was going to attack an identified local church which was about two blocks from where he lived in town in Idaho. And he laid out how he was gonna conduct that attack. He stated that he wanted to kill as many people as he could. And then he was gonna do that at other locations in town and was ultimately willing to give up his own life as well. Within that, we were able to collect evidence where he made a tape-recorded statement pledging his allegiance to ISIS and stating that he was planning to do this at their behest.

0:32:11.5 S2: He was also separately, which we derived through our investigation through getting financial records with legal process, that he was sending money overseas to ISIS to fund their terrorist activities around the world. So it was a combination of things, all of which violate several criminal statutes, including providing material support to a terrorist organization. So we ultimately built that case and before he was able to act, the JTTF there locally was able to go to court, get an arrest warrant based on those facts, and then go out and arrest him before he was able to cause harm to anyone.

0:32:49.2 S1: Thanks for sharing that. That is definitely a success story because...

0:32:53.0 S2: And I wanna add, just to drive the point home, the idea that the fact, the reality, that this is a very severe threat environment that we are in. We get together at FBI headquarters, as we talked about earlier today, each and every day at 8:00 AM. We focus on all the cases, prioritize. It's a very rigorous approach that we take to this. And I can tell you, you heard the numbers on the cases. There's not a week that goes by or day that goes by that we're not talking about a case like this. So you can go out, research it online. You'll find numerous other examples of cases that have been made public now where we were arrested, NHV or even someone connected acting at the direction of a terrorist organization. Thus preventing something from happening. But unfortunately, we have a number of others out there that we're continuing to pursue and that are ongoing right now.

0:33:44.3 S1: Another case that hit the headlines a couple of weeks ago was an individual in Canada who wanted to travel into the United States, I think into Brooklyn, and conduct a similar kind of attack. And it always takes this really interesting combination of intelligence and collaboration and sometimes luck to find that person and then start ramp up the process that you just described.

0:34:06.3 S2: And again, that's a good example of the international partnerships coming into play, because there, our Canadian counterparts in the RCMP, the Royal Canadian Mounted Police, had identified and were on to this individual earlier on. They brought us into it, recognizing the threat posed here and his intent, stated intent to come into the United States and commit an attack, as you described. And we were able to work with them real time to track him as he moved toward the border. Then they ultimately intercepted him before he got there, arrested him with Canadian charges, and now we've come in behind that with US charges and will likely move toward an expedition in that case.

0:34:48.6 S1: All right, so two good success stories of preventing someone who wanted to do harm here in the United States. So I know I've asked you a lot of questions over the last 30 to 40 minutes, but why don't we do this? Why don't we open up the floor to questions? I know there were some questions that were submitted previously, and there might be others that folks here have. So, Gail, do we have the questions that are coming in online or that have been submitted? Okay.

0:35:24.7 Speaker 4: Has the FBI re-evaluated its strategy in preventing domestic threats in response to the two recent assassination attempts on the life of former President Trump?

0:35:36.4 S2: That's something we were already focused on. Again, we're investigating each of those attempted assassinations. We're working on that urgently, like everything we do. And I would defer to our colleagues in the US Secret Service on the front line from the protection standpoint, which is their primary mission. But, we do work, again, hand in hand with that agency as well. And we're sharing any and all information we're developing as a result of our investigation with them to inform their tactics, techniques, and the procedures they employ to protect those that they're charged with keeping safe.

0:36:29.9 S5: A lot of the questions were about domestic election security, but this is kind of like an amalgam of all of them. The trend is moving from what started as foreign influence to increasing use of domestic maligned influence as accepted behavior is concerning. Groups that were mentioned were the Proud Boys or MAGA election officials who might try to decertify a legitimate Harris win in their state. How do you think about managing this challenge?

0:36:58.8 S2: From the FBI perspective. We're focused on conduct or actions that violate federal criminal law. Specifically, more broadly than that, we're also focused on, and more importantly, protecting people's life and physical safety. So that means within that, the stuff that's out there online, social media. We're focused on preventing acts of violence and threats of violence, things that, again, that violate the criminal law. So we have to be, I want to be pretty precise here in terms of what the FBI does. We're all well aware of what's out there, but there's no law against putting false information out in the public realm or via social media or on the Internet. As we talked about before, if a foreign government or actor is doing that and they're hiding that, that would violate law.

0:38:08.5 S2: That's something that we would work to investigate, identify, and hold whoever is behind it accountable. But when we talk about domestic activity, recognizing our constitutional rights, freedom of speech, and the protections that we all hold so dearly and that we in the FBI are charged with protecting. That's part of our mission statement to protect the American people and uphold the Constitution. We've got to be really careful within that and focus only on those things that are actually pose a threat of harm to other people or place lives at risk or violate the criminal law. So within what you described there, that's our focus.

0:38:57.0 S4: Another question is, due to the rapid evaluation of cyber warfare, either how is or how can the FBI change its policies to become more adaptable to these evolving threats?

0:39:13.9 S2: I think we've been doing that. It's a good question, but if you look at... We're always working to be better. Again, as I said before, we're always working to stay ahead of the adversary, and it's an adaptive game. It's like any criminal enterprise that we're facing, whether it's a nation state or a more traditional criminal actor, they're trying to get better at what they do to get money or accomplish whatever criminal objective they're out to do. And we're trying to stay ahead of them, and it's like with anything, it's a competition in that sense. Within the cyber realm and cyber crime specifically, I think we have made a lot of progress. And if you look, and this is public, these are public operations that we've put out there. Now, we've gotten much more technical in terms of the approaches we're taking and the actions and the actual impact. So if you look at something like the Hive ransomware or LockBit, these are two of the largest ransomware enterprises or variants that have been out there in the last few years, each have impacted hundreds, maybe even thousands of individual victims and organizations, resulting in hundreds of millions of dollars of damage and losses to the people and organizations. We went in each of those instances, our teams did.

0:40:40.6 S2: We're really proud of the work that our people are doing on the front lines through technical means and with legal process that supports it. Went in and again, covertly unbeknownst to the criminals and the criminal enterprise, got into the technical infrastructure, the servers and the systems that the criminals are relying upon to carry out these ransomware attacks. We got in there, so I had visibility unbeknownst to them and everything that they were doing. We were able to get victim information in advance in decrypt keys and share that with victims privately to prevent losses, and then ultimately after a period of running this operation for a number of months, again, highly technical, we're able to take the whole thing down. So that was a combination of arrest of those behind it together with dismantling that technical infrastructure, again, through technical means, taking down the servers, taking them offline so they can't do anything further.

0:41:45.9 S2: Through that and then seizing their money as well, we've also done some remediations where again, we'll get literally a search warrant issued by a court here going with respect to botnets, large botnets that are being run by, in one instance by, again, the Russian government, to carry out a variety of nefarious activities. And we're able to through a technical operation, reach out to the infected routers. These are in homes and offices around the country and even around the world, and take the malicious code off of those machines and remediate the system. So it's really a highly technical approach. These are things that have really developed and been implemented by the teams, not just the FBI, but with partners that I've mentioned as well. Within I would say the last couple of years, and we're staying focused on that as well. So with the strategy, it's the technical piece, which is advanced significantly.

0:42:48.8 S2: It's the more traditional piece as well, we're still arresting people if we can get their hands on them, 'cause often they're in safe haven countries around the world like Russia, where they're protected and then we're going after, which is a traditional proto of the Money Colonial Pipeline is a good example of that, where we were able to go in and again, through a technical operation, but found it on legal process here issued in the United States and go take back and seize the crypto currency that had been paid to the ransomware ad group by Colonial Pipeline, I think we'll be able to recover $4 million. And so in that case, it's a significant recovery of money that was able to be returned to the victim through a technical operation.

0:43:35.4 S1: Really great insights on the requirements for the FBI on these highly specialized skills and how it aligns to the cyber mission. So you're speaking to a room full or a lot of students here, so what would you say, picking up on that theme, what are the skills that you as a Deputy Director of the open, running this global organization, what are you looking for in terms of the people now coming in to the organization on sort of that technical side, because in years past, perhaps decades past the appay wasn't sort of pulling a lot of those folks with those kind of highly specialized or technical skills in, so is that another one of these big changes that's been underway in the FBI. And what's the message you'd wanna deliver to the students in the room here who are thinking about careers in national security or the FBI.

0:44:27.1 S2: Given all that, it's definitely a focus of our outreach and recruiting efforts now. We're very fortunate in the organization, but we can never be complacent, we look for diversity in our workforce and always backgrounds. We have very high standards for any of the roles we've gotten the bureau in terms of getting into the bureau through a series of tests and the background investigation and everything involved with that. I think we mentioned before, when we look at our workforce where we are, we do have specific tracks that we've had traditionally that we continue to adhere to. We look for language skills, we look for attorneys, we look for certified public accountants, we have many individuals from law enforcement and the military coming into the organization. We have people from the business world and the private sector coming in as well. It's really important to have that diversity of background and the people coming into the organization to accomplish the work most effectively and to have trust and credibility with the citizens in the communities we serve now. Within all that too, more recently, as you noted, yes, we have had a focus on computer science, information technology, cyber security and things like that, that are really important to achieve the technical objectives that we're talking about now, that we might not have imagined just a few years ago. Yeah.

0:46:00.2 S1: When the news came out that in this Colonial Pipeline ransomware case, people remember from 2021, that took some time, but eventually a few million dollars were recovered of this crypto currency, I couldn't believe that. That sounded like a headline you would not have heard associated with the FBI in years passed. So I think it speaks to the skill and the talent that the Bureau has developed over these years, but I wanted to make sure we kinda hit on that point as well. All right. Any other questions? We probably have time for just one or two more.

0:46:34.2 S5: Depending on how things go, the week of the election, how are state and federal agencies preparing for a 2.0 of January 6, 2021.

0:46:46.8 S2: A lot of lessons learned there as well. We've already seen the level of readiness and prepared ways. I look back to just after January 6th, the inauguration, I think the lessons learned from that in terms of, again, using one's imagination, trying to look over the horizon. Think about what threats are coming at us and how they form. I think that's all. We don't take anything for granted. But I think the level that has been achieved now in the recognition of the consequences of another failure like that have put everyone across the board at all levels, state, local and federal, in a position to prevent something like that from happening again. Whether it's at the Capital or elsewhere around the country. When key events or dates come up now, whether it's the election or things that may follow from that, there's a real focus collaboratively, there always has been, but I would say it's more urgent and again, incorporates lessons learned from the prior event, again, to prepare and make sure that that doesn't happen. So I think the country is well fortified for that, and everyone is in the game and in law enforcement and intelligence, public safety, focused on making sure that nothing like that happens.

0:48:29.8 S1: And just to add to that, this didn't really grab a lot of headlines, but it was out there in the public domain that, was it a month ago or a few weeks ago, that the Electoral College recount, or whatever that date is gonna be in 2025. That has now been designated a National Security special event, which means that it is going to get the full package of security from the federal government, much like the inauguration or the Super Bowl or other major events that you would associate being, or given that designation. And I think that speaks to your point about how seriously the federal government anyways is taking the potential threat of another replay of January 6th. Probably time for one more question.

0:49:20.8 S4: On a more personal level, what advice would you give us young students in the room for our future professionally or personally.

0:49:29.3 S1: Good question to end on, so.

0:49:32.1 S2: We got into this a little bit of earlier. I think... Think about public service. The things we've talked about here today, the threats that our country and our citizens are facing and the adversaries that are coming at us, other countries, it's a threat to our way of life. It's a threat to our democracy, it's a threat to the freedoms that each of us enjoy here in this country. None of those can ever be taken for granted, and with that in mind, I would encourage you all to be drawn toward service in the public realm in any type of role, at any level, to contribute.

0:50:22.6 S2: And even if you don't do that, I would ensure that you stay focused on these things and whatever you choose to do in life or pursue, and make sure that you're supporting the efforts that we... If you're not in it, in law enforcement, intelligence and public safety, you're doing to keep people safe and provide the support and respect to those that are operating in that realm. And from a just an individual standpoint in terms of pursuing whatever your goals may be, I would just say, stay focused and disciplined on it. Work hard, be a good citizen, a contributor.

0:51:15.6 S2: If you see something that you think is a miss, or like might pose a threat, report it, call in. Give the FBI a call, or your local police department. Don't turn the other way. Every little thing matters, every little piece of information that comes into us or our partners, we do more so than ever put that together, and it often leads us to a place where, in a position, which is our goal to prevent bad things from happening, whatever form that may take. Most importantly protecting people's lives, and again defending the country and protecting our democracy and our way of life here. So I would just think about what role you can play in that and how you can contribute.

0:52:06.2 S1: Well, thank you, Paul, for your remarks and the wisdom and the insight that you shared on the range of questions that I had and other folks that submitted as well. And thank you again for your friendship over all these years, and for taking the time out of your incredibly busy schedule to literally spend your entire day with us here at the University of Michigan. So thank you again. Big round of applause for Paul.