FBI Official: In Recovering from Cyberattacks, the ‘Who’ Isn’t So Important

Richard Cavalleri/Shutterstock.com

Attribution is less important than action.

Faced with a cyberattack, members of the FBI’s investigative team is less concerned with the perpetrator’s identity than they are in blocking the intrusion, according to one FBI official.

“We don’t have to have attribution completely figured out to take action,” said Donald Freese, director of the FBI’s National Cyber Investigative Joint Task Force, during Akamai's Government Forum in Washington on Thursday. “We’ve gotten much smarter about that." Freese said his team focuses primarily on two categories of perpetrators: nation-states and criminals.

If the team is initially unable to determine which of those is responsible, Freese said, “does it matter whether it’s nation state or criminal? No, it doesn’t.”

As the FBI continues to work with private sector threat mitigation firms, it has changed its approach to cyber damage control, Freese said, focusing on response instead of “hand-wringing.”