Breach Response , Data Breach , Insider Threat

5 Cyber-Tied Takeaways from Comey's Senate Testimony

FBI Director Defends Clinton's Email Decision Before Election, Discusses Bureau's Insider Threat
5 Cyber-Tied Takeaways from Comey's Senate Testimony
FBI Director James Comey appears before the Senate Judiciary Committee.

FBI Director James Comey says he made the right decision to disclose to Congress that he reopened the investigation into Hillary Clinton's use of a private email server as secretary of state, although that revelation made 11 days before the Nov. 8 U.S. presidential contest might have swayed the election toward Donald Trump.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

"Look, this is terrible," Comey testified at a May 3 hearing of the Senate Judiciary Committee. "It makes me mildly nauseous to think that we might have had some impact on the election. But honestly, it wouldn't change the decision."

During the 4-hour long hearing, Comey touched on a number of cybersecurity-related matters, including the FBI investigation into Russian interference in the presidential election and possible Trump campaign ties to the Kremlin; how the bureau is aiding state and foreign government election officials on how to battle Russian meddling in national elections; working with technology companies to resolve the problem encrypted devices pose to counterterrorism investigations; and the threat insiders pose to the FBI's information systems.

1. Clinton Investigation

On Oct. 28, Comey sent letters to the chairs and ranking members of oversight committees to inform them the FBI reopened its investigation. Shortly thereafter, the letters were leaked, causing significant problems for the Clinton presidential campaign. Comey said the bureau reopened the probe because of discovery of classified materials on the laptop of the husband of Clinton aide Huma Abedi, former Rep. Anthony Weiner, who was under investigation in an unrelated matter involving sexting. Comey said he was told by FBI technical experts an investigation into the newly discovered classified materials could not be completed by election day, so he decided to inform the leaders of the oversight committees. As it turned out, using specially written code, the FBI completed the investigation into the classified materials before Nov. 8 and concluded no crime was committed.

When deciding whether to inform the committees, Comey said he faced two difficult choices. "I could see two doors, and they were both actions. One was labeled 'speak,' the other was labeled 'conceal,'" the FBI director said. "There's an election in 11 days, Lordy, [speak] would be really bad. Concealing, in my view, would be catastrophic."

2. Russian Influence Probe

Democratic members of the committee criticized Comey for revealing the reopening of the Clinton investigation, but not providing any details before the election on the FBI's investigation into the Russian hacking of Democratic Party computers and possible ties between the Kremlin and the Trump campaign.

Comey, at least for now, said he wasn't going to comment on a continuing Russian investigation. With few exceptions - the Clinton case being one of them - the FBI does not comment on investigations while they're underway or those in which charges are brought. "We're not going to say another word about it until we're done," he said. "Then, I hope in league with the Department of Justice, we'll figure out if it doesn't result in charges, what if anything will we say about it, and we'll be guided by the same principles."

Asked by Sen. Patrick Leahy, D-Vt., of Trump's contention that China might have hacked Democratic National Committee computers, Comey sidestepped any direct criticism of the president. "The intelligence community with high confidence concluded it was Russia," Comey said. "In many circumstances, it's hard to do attribution of a hack, but sometimes the intelligence is there. We have high confidence that the North Koreans hacked Sony; we have high confidence that the Russians did the hacking of the DNC and the other organizations."

3. Combating Russian Election Influence

Comey said he didn't see any vote tampering by the Russians in the past election, although Kremlin-backed hackers targeted several state voter registration databases. He said he expects Russian hackers to increase their attempt to sway U.S. elections in 2018 and 2020, as well as elections of U.S. allies. The director said the FBI will help states - as well as foreign allies - to harden their election-tied networks. "That's one of the most important things we can do is equip them with the information to make their systems tighter," he said.

He also said the FBI is informing U.S. election officials, as well as those of its allies, of the tactics the Russians employ to sway elections, including IP addresses and phishing techniques they employ. The director also warned about Russia's disinformation campaign, "pushing out false information, echoing it with these troll farms that they use. I think one of the most important things we can do is tell the American voter this is going on.

"You should be skeptical, you should ask questions, you should understand the nature of the news that you're getting. We've delivered that same message to our European colleagues, and an interesting thing is happening: Tthe marketplace of ideas is responding to this."

4. Going Dark

Comey said criminal and counterterrorism investigations are being stymied by encryption on suspects' mobile devices. From Oct. 1 through March 31, he said law enforcement couldn't gain access to nearly half of the more than 6,000 devices in which courts issued search warrants. "That is a big problem, and so the shadow continues to fall," he said.

Technology makers have made encryption a default on their devices to safeguard users' privacy. Comey said the FBI and tech leaders have continued to discuss this matter over the past 18 months, although a practical solution has yet been devised. "We care about the same things," he said. "We all love privacy. We all care about public safety. And none of - at least people that I hang around with - none of us want back doors. We don't want access to devices built-in in some way.

"We're having some good conversations. I don't know where they're going to end up, frankly. I could imagine a world that ends up with legislation saying, 'if you're going to make devices in the United States, you figure out how to comply with court orders,' or maybe we don't go there. But we are having productive conversations, right now, I think."

5. Insider Threat

Sen. Jeff Flake, R-Nevada, asked Comey about how the FBI is securing sensitive data in its systems. Comey responded that safeguarding such data is a constant worry for the bureau. He said the FBI on his watch stood up the Insider Threat Center, headed by a senior bureau executive. "I want someone waking up every morning worrying about how might we lose data, who might be penetrating us, either our systems or as a human asset," Comey said.

The director said the bureau invested heavily to protect its IT with the best firewalls and intrusion detection systems. "But if your people are engaging in either negligent or intentional misconduct, all of that's defeated," he said. " So we're spending a lot of time trying to make sure we have a rich picture of our people that is constant and doesn't depend upon 5-year polygraph reinvestigations, but that shows us flags of a troubled employee in real time. That's hard to do and build. Technically, it is a matter of law and policy, but we're working very hard on it."


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.