Cybersecurity

Wray tells lawmakers that FBI conducts cyber offensive operations

FBI Director Christopher Wray speaks during a news conference.

FBI Director Christopher Wray told Senate lawmakers on Thursday that his agency has been conducting offensive cyber operations against state and non-state cyber actors.

Wray said offensive operations are one of many tactics the agency employs to counter various cyber threats.

“Offense is a critical part of our overall effort to push back against cyber adversaries,” Wray said during a Senate Homeland Security Committee hearing in which he was testifying.

Wray was responding to a question from Sen. Mitt Romney (R-Utah), who wanted to know whether the agency has sufficient offensive measures to push back against cyber threats and whether it should do more of it.

“It strikes me that the only effective way to stop the attacks that come from a cyber nature is to attack back; that the best defense is a good offense,” Romney said as he was asking the question.

Wray was joined by Homeland Security Secretary Alejandro Mayorkas and Christine Abizaid, the director of the National Counterterrorism Center, to discuss threats to the homeland.

Although Wray did not provide specifics into the type of cyber offensive operations the agency has conducted, he did say that the department engages in other types of activities, including conducting counterintelligence operations, targeting adversaries’ infrastructure, disrupting malicious cryptocurrency schemes, and indicting cyber criminals.

In September, the Department of Justice unsealed an indictment of three Iranian nationals alleged to have hacked hundreds of computer systems of organizations in the U.S. and around the world.

DOJ officials accused the Iranian nationals of exfiltrating data from the organizations’ computer systems and attempting to extort money from them by either threatening to release the stolen data or keeping the data encrypted unless the hackers were paid.

The DOJ has also indicted Russian and Chinese hackers for similar charges. 

Other U.S. agencies have also said that they’ve engaged in cyber offensive operations against nation-state threat actors.

In June, Gen. Paul Nakasone, the head of U.S. Cyber Command, publicly confirmed for the first time that the U.S. had helped Ukraine on the offensive side. 

“We’ve conducted a series of operations across the full spectrum: offensive, defensive, [and] information operations,” Nakasone said during an interview with Sky News, a British television news channel. 

At the hearing, Wray said that by going after cyber actors, their infrastructure and illicit funds at the same time, the agency is able to “degrade and disrupt their effectiveness.”

However, he warned that deterring nation-state threat actors from continuing to engage in illegal cyber activity is much more difficult than disrupting their operations. 

“We’re not going to deter the Chinese or the Russians from spying, but we can make it hellishly difficult for them to do it,” Wray said. 

“And that’s what we’re after now [which] is imposing risks and consequences on the adversaries to hit them where it hurts [and] to make it harder and harder for them to really come after us with cyber means,” he added.