About a dozen military bases. More than 500 defense contractors. One of the largest concentrations of biotech in the world. All in one county.
And all in the crosshairs of cyber criminals.
San Diego County is considered among the most target rich areas in the nation when it comes to cyber attacks.
“If you take down all the power grids in San Diego, you take away a portion of the Navy’s ability in the United States,” said Eric Basu, president and CEO of San Diego-based Sentek Global, a technology service provider for the government.
“It’s a continual arms race: people trying to get in and people defending against it.”
While fears of a major infrastructure takeover are very real, smaller scale attacks are part of daily life for local industries.
For instance, the Navy’s San Diego-based space and naval systems command, or SPAWAR, is hit multiple times daily with breach attempts, Basu said.And hackers tried to get into San Diego Police Department’s computers recently, via the home router of one of the department’s vendors, he said, but were stymied by advanced cyber protection software.
“I’ve had four to five clients recently get calls from the FBI saying ‘Your stuff has been flowing over to China for the last six months,’” Basu said.
Who are these hackers? They are state-sponsored actors from countries such as China, North Korea, Russia and Syria trying to spy on the U.S., steal intellectual property — from drugs to drones — to better their economies or defenses, or perhaps cause harm to our infrastructure.
They are criminal organizations — often based in Eastern Europe and Africa — focused on stealing your personal information and financial scams.
They are “hacktivists,” or hackers that breach systems to make a moral or political statement. Sometimes, they are a combination of these archetypes (ie. criminal groups hired by foreign governments to steal intellectual secrets.)
And many times, they are untouchable.
That can be the most frustrating thing about cyber warfare for both victims and investigators alike. Maybe the leak of information can be stopped and prevented. Maybe a counter attack can even be launched. But rarely does justice come in the form of seeing the perpetrator in handcuffs in a courtroom.
“It’s a challenge,” said Supervising Special Agent Terry Reed, who oversees one of two cyber squads in San Diego’s FBI office. “It’s demotivating when the point of origin leads you to guys that we just can’t get our hands on.”
Stepping up recruiting
Cyber crime is so prevalent that cyber investigations are now handled by nearly every law enforcement agency, from Homeland Security Investigations to local police departments.
Hiring officers with the technical expertise needed for these complex investigations is becoming a major obstacle. Last year, Congress authorized the FBI to hire some 2,000 people, many of whom would be assigned to cyber issues.
“You don’t make a cyber agent by sending them to training,” said Reed. “It begins when they are very little, it’s a hobby to them, they grew up living and breathing technology.”
Finding the young minds with the right skill sets who can pass the rigorous FBI background and testing requirements is where it gets tricky. “It filters out a large population of people,” Reed said.
FBI Director James B. Comey made headlines last year when he said it has become harder to hire hackers to tackle cyber crime due to their apparent fondness for marijuana. The agency’s current regulations won’t allow applicants who’ve smoked pot in the past three years.
The government is also competing with the lucrative private sector for the same talent, though Supervisory Special Agent John Caruthers, who also runs a local cyber squad, says the FBI does have one advantage over corporate jobs: “The cool factor keeps them.”