Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

11/20/2018
08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Former FBI Agent James Gagliano: 'Cyber Touches Everything'

Former FBI Agent James Gagliano sees the worlds of physical security and cybersecurity increasingly merging in the area of critical infrastructure.

NEW YORK -- ISC East -- When James Gagliano joined the FBI in the early 1990s, Smith Corona typewriters still dominated the space on an agent's desk.

Gradually that changed, with three or four FBI agents typically sharing one desktop PC in an office. Eventually, especially after the September 11 terrorist attacks in New York, Washington, DC and Shanksville, Pa., laptops, smartphones and other digital equipment became standard gear within the agency.

Now, as the world faces an increasing array of cybersecurity problems, including cyber attacks that are targeting critical infrastructure such as ports, power plants and nuclear facilities, Gagliano notes that everything related to security is cyber centric.

"I saw the transition from the cyber side, and I also saw how cyber touches so many things in the realm of the FBI's focus, as well as in law enforcement and the security industry," Gagliano, now a retired FBI supervisory special agent, adjunct professor at St. John's University in New York, and current on-air analyst for CNN, told Security Now in an interview.

James Gagliano, retired FBI supervisory special agent, speaking in New York City.\r\n(Source: Scott Ferguson for Security Now)\r\n
James Gagliano, retired FBI supervisory special agent, speaking in New York City.
\r\n(Source: Scott Ferguson for Security Now)\r\n

"It has a piece of counter-intelligence, a piece of counter-terrorism, a piece of criminal, a piece of intelligence gathering, a piece of special operations and even a piece of our admin branches, which are the six branches that the FBI focuses on... We realize that in law enforcement that just like narcotics that touch everything, especially the way terrorists earn money illegally through drug sales, it's the same way with cyber. Cyber touches everything," Gagliano added.

An Army infantry officer before starting his 25-year FBI career, Gagliano admits he was slow to see cyber threats as a major law enforcement concern and focused more on physical security, including stints with the agency's SWAT unit and Hostage Rescue Team. (See Let's Get Physical: Why Protecting Hardware Is Essential to Good Cybersecurity.)

However, the big eye opener for Gagliano was the 2015 San Bernardino, Calif., attack that turned into a legal tussle between Apple and the FBI over gaining access to one of the suspect's iPhones. Eventually, the agency found a hacker willing to crack the company's encryption.

In his view, the issue became whether Apple would unlock the iPhone in this one case, or whether by cooperating with law enforcement, the company would allow the government to have access to proprietary methods that would allow agents access to any phone at any time by bypassing the encryption.

This is where Gagliano sees a balancing act in the new world of cyber threats and the role technology plays.

"It raises issue and I don't know what the sweet spot is," Gagliano said. "I understand the concerns from the private sector and I understand the concerns from people who say, 'I have a right to privacy and I don't want the government or anyone else to be able to get into my phone.' But I also come from a law enforcement background where I see so many incidences where that is necessary to keep people safe."

Another area of interest for Gagliano is the protection of critical infrastructure.

This is also a place where the interests of the federal government and the private section converge, especially as structures such as airports become more secure and hardened against attacks, and terrorists and other attacks begin to look for other targets that are less secure, such as industrial ports, water treatment systems, chemical plants, healthcare facilities and other critical infastructure.

At the same time, several high-profile cyber attacks have targeted the industrial control systems (ICS) that manage the safety systems of these facilities. These cyber attacks could cause damage by causing a facility-wide shutdown, or creating an entrance into network for a long-term cyber espionage scheme. (See Industrial Manufacturing Sector Increasingly Susceptible to Cyber Attacks.)

To counter the convergence of physical and cyber threats to these structures, Gagliano believes that the industry will invest more in red teaming exercises that can challenge the security of these facilities and pinpoint where the weak spots are.

"Red teaming is not predictive. It's diagnostic. The whole goal of that is to go in, whether it's a power plant or a security system on your laptop, is to probe to see where the weaknesses are, so it can't be some within the firm with a vested interest in its success, Gagliano said. "It has to be a group that quote-unquote does not have a dog in this fight. That can look at attacking systems, and figure out where the weaknesses are, and where the vulnerabilities are, whether it's a power plant or a stadium venue or something out there in the cyber sphere. I think read teaming is something you don't hear a lot about right now, but you will hear a lot about it in the future."

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
CVE-2021-32244
PUBLISHED: 2021-06-16
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
CVE-2021-32245
PUBLISHED: 2021-06-16
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" t...
CVE-2021-34201
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.
CVE-2021-34203
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify ...