CNET's Dan Patterson interviewed Leo Taddeo, chief information security officer at Cyxtera Technologies and a former FBI special agent in charge of cyber operations in New York City, about the continuous challenge of balancing incoming cyber threats. The following is an edited transcript of the interview.
Campaign 2018: Election Hacking is a weekly series from TechRepublic sibling sites, CBS News & CNET, about the cyber-threats and vulnerabilities of the 2018 midterm election.
Dan Patterson: When you have conversations with your colleagues, how do you prioritize learning versus action? And there are a lot of other priorities that the FBI works on in the, even the private enterprise work on, so how do you prioritize where and how to spend money and actions? What type of conversations do you have?
Leo Taddeo: Right. This is a continuing challenge for the FBI, for US law enforcement, and for the US intelligence community. And that is, how do you stack cyber threats against all of the other threats that are facing us? Counterterrorism, for example, is a program that can't be ignored. Our own FBI efforts against public corruption, and major crimes here in the United States can't be ignored.
So as an FBI executive, there's a balancing. You don't have infinite resources, you don't have unlimited budgets, and you have to allocate according to the potential impact that you are trying to prevent, the potential adverse impact that you're trying to prevent. So for someone like the Director of the FBI to remove agents from an important program like counterterrorism, and transfer them to the cyber program is an enormously difficult decision to make because what we address on the cyber program may wind up being unaddressed in a different program, and the answer for most of us is just hire more FBI agents and analysts and solve all of the problems that we have. But that's not such a simple solution.
SEE: Network security policy template (Tech Pro Research)
First of all, it's expensive, and there are other competing priorities within government. Second of all, it's difficult to find enough FBI agents and analysts that are qualified, that can pass background checks, that can accomplish the mission. And to deploy them effectively takes time. You can't just borrow a person off of the street, like you can, for example, in a private enterprise. If I needed 10 additional accountants, I can go to a consulting firm and they would provide 10 trained accountants for me, for the time that I needed them. That's not true with special agents. There is no private consulting firm that the FBI can go to, to surge when they need it. It's all organic.
So, in summary, it's a continuing challenge to balance all of the threats that we have, and to understand what the potential adverse impacts are, and to allocate the correct amount of resources given the unpredictability of the adversary.
- Why phishing remains a critical cyber-attack vector (TechRepublic)
- How to inoculate the tech herd from IoT cyber-infections (TechRepublic)
- Cybersecurity and the 2018 Midterms (TechRepublic Flipboard magazine)
- Watch out for Google's new-look sign-in page: It's not a phishing scam (ZDNet)
- Why more people don't use simple two-factor authentication (CNET)
- Google is releasing its own 'Titan' security key to prevent phishing (CNET)
- Security awareness and training policy (Tech Pro Research)
- Homeland Security creates anti-hacking center to protect industries (CNET)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.