Q&A with Alan McHugh, Chief, FBI Cyber Division, Cyber Crime Tactical Intelligence Unit: “The Time to Call the FBI is Now”

Most CISOs understand that one of their key phone calls after a ransomware incident will be to the FBI, but what they may not appreciate is that it shouldn’t be their first to that organization. That’s because the emergency call will be much more effective, and the response much more efficient, if a relationship has been established ahead of time. And the outreach won’t be seen as a bother, but rather be embraced, according to Alan McHugh, Chief, FBI Cyber Division, Cyber Crime Tactical Intelligence Unit. McHugh, who recently spoke with healthsystemCIO Editor-in-Chief Anthony Guerra, also said organizations that reach out for help shouldn’t fear a loss of control, as the FBI is looking to support, not dominate, the situation.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

It might be chaotic, and it will be chaotic for the victim and for the incident handlers, but it’s not as chaotic for us because we’ve been there before and we’ve done that. So one of the things I’d like to think we would do is we could come in there and offer some sense of organizational sanity on a day that is completely insane.

So there are skills, there are unique, tailored technical skills, investigative skills, negotiation skills, and crisis management skills that we bring to the table that we think are invaluable.

I would say when to call the FBI is today. I know that sounds strange but you should call the FBI today to establish these contacts, establish these relationships, so that you can build up trust.

Anthony: Welcome to healthsystemCIO’s interview with Alan McHugh, unit chief of the FBI’s Cyber Division, Cyber Crime Tactical Intelligence Unit. I’m Anthony Guerra, founder and editor-in-chief. Alan, thanks for joining me.

Alan: Thanks to you, Anthony. I appreciate the chance to be here.

Anthony: Very good. All right, Alan, lots of fun stuff to talk about today. Serious issues but we’re going to have fun with it, right?

Alan: Sure.

Anthony: We should be able to do that. Okay, tell me about your role with the FBI.

Alan: Well, yes, you never know, we always like the opportunity to share who the FBI is, who we are and what we do, especially in what we’re going to talk about today, the cybercrime space, we have a very unique and I would say powerful role in this space. Today is a perfect opportunity because one of our strategy pillars is try to engage the public in understanding mutually understandable threats between public and private sector, and in this case, the healthcare sector.

I’m the unit chief of the Cyber Crime Tactical Intelligence Unit, essentially all of my resources are focused on analyzing and investigating cybercriminal incidents, threat actors, groups of individuals, ransomware gangs, or variants if you will, but we also build an information data resource that lends awareness to a defensive posture as well. We use our incident information to inform network defense strategies. My unit, our reason for being, is we are, in the cybersecurity parlance, intelligence as a service, we support operations, we also raise awareness on criminal threats to a lot of different audiences.

Anthony: All right, very good. So does the FBI have any resources broken down by industry? So for example, obviously we’re here, we’re focused on healthcare, that’s our audience. Do you have resources split up that way or is it not done that way?

Alan: It’s more focused regionally throughout the nation, right? So we have 56 field offices, we have overseas offices,