Most Americans probably know how to get in touch with the police in cases where they’re physically threatened or hurt. However, reacting to a cybersecurity emergency isn’t so easy for the average person, says Andre McGregor, a former FBI cyber special agent.
In a keynote at FedTalks in Washington, D.C. on Tuesday, McGregor argued that while the government has gotten better over the years at thwarting hackers, things are fuzzy from a constituent perspective.
McGregor was the FBI case agent when Iranian hackers were allegedly attempting to hack the Bowman Avenue Dam in New York in 2013. He said the incident was “pivotal” in that it saw coordination among the FBI, other agencies, private sector vendors and utilities to aid in the investigation. But Mcgregor argued that the same story can’t be told for most breaches and cyberattacks.
“You’ve got to think that if someone broke into my house, someone broke into my car, you call 911,” he said. “But on cyber, they actually have no idea who to call.”
McGregor explained that he receives regular pleas from acquaintances to help them mitigate ongoing cyberthreats, and that they don’t know whom else to turn to. He read two such emails to the audience at FedTalks.
“The problem with this is that in no way that any one of those two people call 911 or be able to call 911,” McGregor said. “We actually have no service for the everyday average person to be able to get a response as it relates to cyberattack.”
The U.S. government’s cyber capabilities today are far-reaching and spread across multiple agencies. Cyber incident response responsibilities largely fall on the FBI and the Department of Homeland Security’s National Protection and Programs Directorate. The Department of Defense and the intelligence community also have a major hand in detecting and reacting to threats.
McGregor’s proposed solution is to consolidate the government’s incident response capabilities and create an emergency hotline for cybersecurity.
“We can’t have multiple agencies,” McGregor said. “We can’t have jurisdictional boundaries that are precluding us from being able to protect my mother, your sister, brothers, friends that unfortunately do not work in government and have access to the resources that we have.”
In the wake of foreign interference in the 2016 election, McGregor suggested that election security has the potential to spur the government to streamline its incident response.
“Election meddling is that one time … where we actually have people feeling like they were harmed,” McGregor said, adding that it may take a major incident before such consolidation would occur.
“Once we get to the point that we have a consolidated set of cyber resources in a single place … we will see a change of how cyber crime hits the United States,” he said.