Part of the bid for on intelligence issues including Mitch Mcconnell minority leader schubert and senators warner and berger the Senate Intelligence community is leading an investigation into russias interference. Keyes spoke yesterday at a Cybersecurity Conference he says he plans to serve the remaining six 1 2 years of his decade term as fbi director. [applause] thanks for the introduction to share some thoughts with you. This is the Perfect Place to have this conference and i am thrilled to be part i think there will be more it is of plenty places because the challenges of opportunities in this great city and region but because boston colleges a leader of thinking and educating these issues so this is a great place to have it you are sticking with me another six and half years of above to be invited back again any place called irish call is a neat place to have this given my background. And what the fbi thinks of the threat that we face and how the fbi is trying to redress that threat in the key parts of that approach will involve of partnerships and then i would like to take your questions you can ask me about anything i am very slippery and will not talk about anything i dont want to but questions have to come from the table will be begin by talking about the threat to. To state the obvious, the threats are too fast, too big and too widespread for any of us to address them alone. We need to Work Together to address them that is every bit as true as with cyberthreats. Like think of a stack of bad actors so at the top of the stack from the fbi perspective think china china, russia, iran, north korea that is the top of the stack. Just below that of our multinational syndicates backed are involved increasingly specialized roles to steal information and money and innovation through this cybervector and on behalf of the of Mesa Convention asian states nation States International cybersaid tickets then down the stack it is the hacktivists. Those that try to conduct cyberintrusions. The bottom of the stack is terrace. I put the map of bottom this because the terrorists are using the terrorist to communicate and prophesies but they have not yet turned to using the internet as a tool of destruction will logic tells us certainly will come in the future how do they operate . Obviously sophisticated focusing on larger targets in and looking to exploit of weakest weakest link as good as we become in the firewalls there only as good as the cybersecurity hygiene so the whole stack of backers is focused on social engineering to see if there isnt a way into a well defended network. Access, advantage of it is even about the loss of data and the corruption think about of harm to change blood types the intrusion of changing just a few digits and worry about the lack of access to data that shuts a business down. The impact is obvious as well. On an infrastructure and employees and custers and reputation and economy and security and increasingly attacks on the fundamental rights guaranteed to us as three people we cannot prevent every attack. The attack surface is too big that is too pronounced and ubiquitous but this behavior is subject to deterrence. If they are not motivated or enflamed by jealousy there is a lot of thinking that goes into cyberintrusions in reid believe there is an opportunity to influence behavior to impose awful this does say put their fingers to the keyboard. We believe we have to be more productive and less reactive and there are things that we can do together to address the threat to and that involves us with the fbi helping you in the private sector and partners to understand what are the bad guys doing . Hour they coming after us . What are their fingerprints . We also think part of this is making severs security a priority im talking to the people who will get it but it is important is not one risk assigned to some guy in the basement of enterprise because the threat britains the entire enterprise so must we thought of as the enterprise risk at the board level and something that has to be imbedded in every single thing that enterprise does have to Work Together to reduce the threat it to find people responsible and hold accountable and obviously wants any of us are hit we have to be effective that mitigating the damage. We think we have a role to play to help victims understand what has happened to them that is what we can all do together but what the fbi strategy is and give me feedback there are five parts to this strategy and they are simple andrea are trying to focus ourselves in a better way doing that in number of different ways that may not be apparent from the outside but the normal way the fbi assigns work is by asking the basic question, where did it happen . Reverend have been reassigned to that field office. Where did the bank area coker . In boston so boston works it. Where would the children victimized blacks boston division. With cyberit breaks down because were happened use a lot and up with the random manifestation of a threat coming from someplace on the other side of the year hitting many different places nd United States and it just happens to pop any particular place we think if we assign the work of that random manifestation we may not be at our best so we have the cyberthreat team model we are assigning cyber intrusion work based on who shows the tops to address that threat. Which field office demonstrated the greatest ability to respond and detect and thwart a particular sophisticated adversary . Whichever field office has demonstrated that recall that the strat of this. The strategic office. The physical machines that sits in a particular place recall those the offices that help we called them a the tac office. Those that show themselves greater at the threat even though that physical minyan manifestation will help in little rock. It has the unintended consequence of generating competition you want people to try to steal ownership of the threat i dont mean sneaky but showing you have the chops. That has the effect we come up with the of concept of counterterrorism at requires Response Data moments notice that our horrific that is what we have a flight team that is an expert that have the go bag with the model times they go to hit the spot so we surge expertise at that place. Also with cyber, it is called the cyberaction team or capped where there are experts even the wood is virtual behalf to be prepared to be physically present at the site of the cyberintrusion an emergency even to. These are experts who all over the country are part of the cyberaction team but we live the concept we do nothing alone will bring together a great talent to form a cybertaskforce to have the chops to think about how the threat is moving and most importantly it to get appropriate information the second week to focus ourselves is to steal your talent. New concede that the interest and not tie early aligned but and tired of dealing but to respond to the sophisticated a shortage of cybertrain talent we cannot compete with you on monday. You dont come to the fbi if you did we lie to you. In meaningful pursuits of the American People are want to be transparent about that but that pitch remake back to people is, be a part of the mission that is something that is hard and stressful that does not pay a lot of money how often does that sound . The good news there is a lot of people that want to be a part of that type of mission and to you do good in your time Status Survey last year of over 50,000 young people they ask them to name the ideal employer. Fbi was number five. Apple was number four that is painful to contemplate but we have to be ahead of them attracting people to be a part of this mission one of the major challenges was summed up by one of my daughters who said the problem is you are the may and which i thought was a complement and i said thinking you she said no. That is not a good thing who wants to work for the man . Said you are right bieber wrong because if people will the new with the men and women of the fbi wants to be a part of this mission so we are about to showing people what this is like the fbi is in the addictive life almost nobody leaves a matter what you look like for your background turnover is about the same. 5 it is addictive work soviets trying to show people what it is like to be a part of this mission with the you are the man trap is to be a little cooler than i may appear. To offer them the enterprise that is more agile were not going to beanbag chairs earlier trying to get close to that to make sure these great young people understand the opportunities for innovation and agility that they may not realize that comes from those creative people who joined the fbi to be a cyberspecial agent you need several buckets of attributes of integrity physicality if youre going to carry a weapon and you better be able to run and fight and shoot even if recession to is behind a keyboard. And the high intelligence and special intelligence those are rare attributes High Integrity your high intelligence cannot do a pushup those who can do pushups with anyone to smoke weed on the way to the interview so we need to figure out how to find people High Integrity and physical physicality and intelligence. Can we grow more of our own and then grow our own specialization to meet the need for the talent that we need today at 01 to give away today secrets but are there better ways to offer an interchange between public and private . One of the parts of the fbi culture is you come and you never leave or to make it easier for special agents to leave to go work in the private sector that comeback and work that the fbi. And then be will take great ideas from the people that we hire stealing your talent and focusing ourselves in a better way. Trying to shrink the world the cyberthreat has made everybody in nextdoor neighbor to everybody else. Belarus and boston are neighbors on the internet the bad guys have made is small we have to shrink back on behalf of the good people. On who has what responsibilities at the end of the administration he offer the clarity so to figure out what the bad guys are doing to understand the threat in a great way the department of romance security is for a threat mitigation helping people with hardened targets to avoid being victimized and helping people get back on their feet and for helping to make sure we all have the intelligence we need to mitigate responsibly that should not matter food recall one thing we have gotten better better late does not matter who you report the terrorism threat if you have a tip to a Police Officer or fbi agent does not matter because the information will get to the joint Terrorism Task force almost instantly. We have to get to the same place with cyber. Exactly he was doing what . We have to get to a place and we are pretty darn close that gets to the people who need that to act on it. That should be our responsibility we will make the world smaller maurer Intelligence Analyst even though we did say digital pratt moving at the speed of light if we are wise upon human relationships to strengthen the world we try to impose cost. Ill be added to this earlier, we want to make sure that when a bad actor sits at a keyboard that that will change behavior to the truly a lock people up to impose cost. How we find the cybercriminal . They go one honeymoons we are able to lay hands if we cannot lock people up is important we indicted actors from the Peoples Liberation army in china from iran engaged in Denial Service attacks. A wanted poster if that gets your attention. Then you dream of traveling and many flaws we are dogged people food just gave up recently and to jump out over the aircraft we dont give up your dogged people and that has an impact that changes in behavior to put the breath on the back of our net. Part of this grapples cyberspace is relatively new to all of us and we are trying to establish norms of behavior and among those that we have had with our counterparts in china is an understanding of remark that goes like this. Nation states engage in intelligence gathering. Railways have and always will our job is to catch and stop nation states to steal information for their vantage and steal stuff to make money and in order to prevent this from the nation state engaged in espionage we have agreement with the chinese that the framework makes sense we have seen positive steps toward embracing the framework to understand of criminal activity to help this investigate the criminal activity whether indictment or arrest or prosecution to name or call that out to make people think about us before they put the figures on their keyboard and that requires digital literacy. In the good old days you could execute a search for donna drug location to find a black composition no work no book for they would right who got the key los into got the money the lookouts in the runners but today that same search warrant requires you to take and exploit lawfully come drives, laptops, tablets all digital devices and to do anything in the criminal investigative world requires digital the judges were trying to look at better training and Better Partnership to lift the tide across the United States. The fbi cannot get to all fraud and intrusion. Im told people get emails from these telling you that i and in nigeria. I dont ever need you to wire me money but day rip people off subsidies to a investigate that and that is almost Corporate Partners and the last part of the strategy is we have to get better to work with the private sector. You are the primary targets everything sits on your networks because that is where the bad guys go as a nation state or the of rochester or hacktivists or equivalent of a the bank robber. The majority of intrusions in this country are not reported they are kept from us that we just need to take care of this and get on with our business we need to mediate the threat and paid the ransom and move on with operations. That is a terrible place to be. It is great to hire as private Sector Companies but if the information is not shared with the sale will lobby sari youre kidding yourself if you thank you will be immediate this to go away because it will never go away. Well come back to hit you and your neighbor and your family it is shortsighted to conclude our interests are not aligned when it comes to this people say interest hourlong term or shortterm because of the nature of the threat. Had we get you to talk to us to explain how we operate and why we are practiced and expert trading like the victims that you are. We have gotten very good over the last 100 years to treat victims of Violent Crime like the victims that they are but to make sure they are read victimized by a process in disclosure of personal information so they are not traumatized by our engagement also in the cybercontext the company that suffers the intrusion is a victim and will be treated that way by the fbi. I know that one of the obstacles was a general counsel who was worried about what will happen to the information we share with the government . We will need lawsuits will live violate an obligation . What does that mean with our regulators . Theres too much risk. Lets radiate and move on. Mediate and move on we have a track record of hundreds of investigations to arm protect your privacy we will not share data and we will have an adult conversation at the beginning to explain here is what we will do with the information you will share with us though the general counsel chief Security Officer can make a judgment about the risks and benefits maybe you decide i dont want to cooperate but it is high and the likely that you will. Your main question is what do you need from us . I would suggest this for you to get to know was before there is the intrusion. You all have a significant facility you know, the layout with the Fire Department the generator plant in this setup that and i intellectual property or details but they know when laugh so in the midst of a crisis with smoked bacon find their way to save the lives of the people who work with you every need to get to a similar place. We could respond to the attack on saudi very quickly to read mediated to stop the bleeding because we knew them. Bought their secrets period males but there chief information Security Officer the contours of their network, a physical locations and enough to be on the ground within minutes or maybe even hours because sony had taken the time to get to know us. And armed with that we found our way through smoke to do good which was the victim of a terrible intrusion and attack. If you are a the officer of the private enterprise into dont know someone will have a significant facility, you are not doing your job. Were not looking to know your proprietary information that we need to know if in a difficult circumstance. Is conversations beyond the formal framework for close since the 80s there has been a statute called the classified information procedures act working for of many years that if we give you information and you end up using the criminal prosecution, will you jeopardize our sources or methods . We say no. There is a statute to protect your information but that did not get it done. It took case after case for the fbi to show the cia that it could work and be will protect information that builds a culture of trust and understanding. Like to stand here all day long hubby can protect information we have to show it to you case by case to build a reservoir of trust and hope you will engage in those conversations that is a majority of cyberintrusions and how can we stop that from happening again . And although we havent talked a lot publicly over the last six months i want to talk about the impact of ubiquitous strong description on our worker want to urge you to continue to engage on a difficult subject. The advent of default and strong encryption is the improved me fbi investigates theres always a quarter of a room where the fbi operates for those who have access to encryption and then cover their information. Just when it was getting exciting. That is all the time we have. Thank you laugh laugh so picture a room there is always a corner that is dark with sophisticated actors spies common nation states who would find ways to encrypt their data and find ways of their co