WHEN: Today, Wednesday, October 5th
Following is the unofficial transcript of an EXCLUSIVE interview with Andrew McCabe, Deputy Director, Federal Bureau of Investigation, live from the Cambridge Cyber Summit hosted by The Aspen Institute, CNBC and MIT on Wednesday, October 5th.
Mandatory credit: The Cambridge Cyber Summit hosted by The Aspen Institute, CNBC and MIT.
WALTER ISAACSON: Thank you very much. So you're sitting here with a lot of people from MIT, a few from Harvard. How do you at the FBI, now that you have to move away from people carrying guns and badges and going after bank robbers to go after cyber criminals, how are you going to recruit your workforce of the future?
ANDREW McCABE: Yeah, it's a great question. So we still need quite a few of those folks that are carrying guns and badges, because our mission is broad and diverse. But never before have we been in quite the same situation where we have had such an incredible emphasis on recruiting and recruiting the right talent for the new threats. And that is, of course, this talent pool. So, folks, I'm taking applications. Meet me at the back of the auditorium if everybody is interested.
WALTER ISAACSON: Are you changing the rules of coming in? In other words, you now ‑‑ I've heard Jim Comey say this, you have a cyber squad. It's eight people, right, generally?
ANDREW McCABE: Give or take.
WALTER ISAACSON: Six or eight people. And they all carry guns. Do you actually think you're going to get ‑‑ maybe Harvard geeks but not MIT geeks, who are going to be carrying guns around everywhere?
ANDREW McCABE: No, no. And I don't know that that description is accurate. We've done a lot to recruit and hire computer scientists, technologists, analysts who have particular experience in the high‑tech field. So those kind of ‑‑ that traditional squad function of eight to ten to maybe twelve agents and a few analysts really kind of turned on its head on the cyber side. It's not strange at all to see within the squad you have discrete teams. It may be one agent and a computer scientist and two analysts who handle an array of cases from a particular sector or a particular geographic area.
So we need our gun‑toters there to be able to do the traditional work that they do in terms of collecting evidence and then working with prosecutors to get those cases forward. But more than ever, we need folks who have tech skills, who have the experience in the private sector and academia.
WALTER ISAACSON: Do you have to change the background checking requirements?
ANDREW McCABE: It's a little tougher because, of course, everyone who works for us has to be able to qualify for top secret clearance. So there's a certain amount of vetting that everyone has to come through, regardless of the work role they're going to fill. But I think the difference now is we're looking in different places for those candidates.
When I came in, it was predominantly lawyers and accountants, folks with foreign language ability, and then some other kind of diversified applicants. Now we're much more strategic in the way that we recruit and the folks that we's are looking to bring on board.
WALTER ISAACSON: We were talking a moment ago about the possibility of a revelation of what I will just call another sort of Snowden.
ANDREW McCABE: Okay.
WALTER ISAACSON: That's an inside job maybe. How do you protect against that sort of thing? And how worried are you that there are more and more people that will either both leak or sell information?
ANDREW McCABE: Yeah, yeah. I won't comment specifically on any impending revelations or ‑‑
WALTER ISAACSON: Feel free.
ANDREW McCABE: ‑‑ investigations. Thanks for the offer, but I'll demur on that one.
But generally our efforts in the kind of post‑Snowden world ‑‑ we've always had a focus on insider threat issues within the FBI. And we greatly increased the amount of folks that we have kind of concentrating on those efforts.
It's challenging for us because the insider threat problem exists in many different places within our organization. There are parts of it that look and feel a lot like counterintelligence. There are parts of it that look and feel a lot like traditional security issues. There are parts that look like our network security priorities.
So the challenge for us is how do you get the folks in those different stovepipes working together on the insider threat at‑large. We did that by creating an insider threat section. So an entire group of folks, some agents, many analysts, many computer folks, contractors, who really look at our own workforce and our own insider threat and vulnerabilities 24/7.
WALTER ISAACSON: One of the problems we're facing is the threat of a home‑grown terrorist, which that falls pretty much in your bailiwick now, along with DHS and your other related agencies.
ANDREW McCABE: Yep.
WALTER ISAACSON: How do you change ‑‑ how do you look at the changing nature of the threat and it changes what you do?
ANDREW McCABE: Boy, I could go on this one for quite some time. I won't bore you with that. But suffice it to say that the threat from home‑grown violent extremists, or HVEs as we refer to them, is the thing that keeps the director and I most on alert and up at night.
It's ‑‑ as he's analogized in the past, it's akin to searching for, you know, the needle in the stack of needles. It's made particularly tough because of the technological environment that we're working in now, which really, when you go back five, six, ten years in our focus on CT threats emanating from the Middle East and Pakistan, the al‑Qaeda threats, the al‑Qaeda‑affiliated threats, completely different in the way that they spoke to their target audience. So whereas terrorist propaganda was something that if you were already an adherent or leaning in that direction, you had to go out to the Internet, seek it, find it and pull it to yourself, now that's been completely upended.
ISIL is incredibly adept at not only producing propaganda that's slick and professional, but it's and targeted to specific audiences, it's multilingual, and they have, through the use of social media, been able to perfect pushing that material to anybody who's interested in it.
So you've taken the target audience of those consumers of really violent propaganda and expanded it by the leagues of thousands. Where we used to maybe be looking at hundreds of folks that we were concerned that were on that path to radicalization, now we're dealing with tens of thousands of very hard‑to‑identify monikers who are consuming this stuff on a daily basis. The vast majority of whom don't present a threat to us, but it's trying to divine which folks in that massive group of people, massive group of consumers of propaganda truly warrant the attention of our ‑‑
WALTER ISAACSON: And are you able to develop disinformation tools, ways to go after them, ways of spoofing or, you know, enticing them in some ways?
ANDREW McCABE: Yep. Yep. I mean, disinformation is a little bit outside our bailiwick. That's not an area that the bureau goes into. But we do try to ‑‑ as we do with every threat we face, we try to adapt and we try to work within the parameters of those threats. And in the kind of terrorist recruitment and radicalization space, that means interacting with folks who we think are engaged in that activity.
WALTER ISAACSON: When you interact with them, can you pretend to be somebody else?
ANDREW McCABE: You can, in the same way that you conduct ‑‑ we lawfully conduct undercover activities all across our programs.
WALTER ISAACSON: And so you will engage, pretend to be somebody else, try to gather information?
ANDREW McCABE: I think probably it's ‑‑ the best analogy is kind of the listening post, you know, the prisoner who reports back as to what his colleagues are saying. So it's about having access to those places, to those forums, to those communities where the sort of planning and operational activity is being discussed and being able to ‑‑
WALTER ISAACSON: And so somebody is on one of those forums, a group of people are planning and operational activities are being discussed. How often do you have the problem that at that point they go dark on you by being in an encrypted app?
ANDREW McCABE: Very often and more often lately. That progression towards ‑‑ I wouldn't say going dark, but that darker space provided by encryption, we see that increasing every day. In fact, it is a commonly used methodology in that ‑‑ particularly in the ISIL recruiters, to utilize open source to the greatest extent possible to identify, to spot and recruit folks, and then as soon as they feel like they have someone who shows potential, those interactions are immediately transferred over into an encrypted space.
WALTER ISAACSON: And if they're moved into an encrypted space, can you go to a court and get access to those conversations?
ANDREW McCABE: It depends on the space. It depends on the provider. It depends on where that provider is located. It depends on how that technology is constructed. More often than not, no. Many of the providers of the encrypted communications applications are overseas so, of course, we can't serve legal process on folks who are not here in the country. And some folks who are here, the providers don't have the ability to provide content on an end‑to‑end encrypted conversation.
WALTER ISAACSON: In other words, even an Apple or something may not, quote, have that ability?
ANDREW McCABE: That's right. That's right.
WALTER ISAACSON: And do you think they should be required to have that ability?
ANDREW McCABE: That's a great question. And, quite frankly, it's not one that you want me or the FBI answering. That is a policy question that should be derived from a vigorous conversation in our country. I think we're headed in that direction right now. We seem to be having that conversation with greater substance and depth. But that cuts to the very core of that balance between security and privacy.
So the fact that we now have communications applications that are essentially beyond the reach of lawful court orders, we have to decide as a nation, do we think that's a good thing?
WALTER ISAACSON: Have we ever had that before?
ANDREW McCABE: I don't think we've had it in quite the same way. We have grappled with technology, right, at many different junctures in our history.
I mean, the FBI was born from the success of the interstate highway system, right? The ability of criminals to quickly and easily cross state borders, folks discovered they needed an investigative agency that could have that same ability.
The perfusion of telephonic communications, you see a clear connection to the development of Title III authority. So we are at another one of those watershed moments where we have to decide as a nation where do we want to strike ‑‑
WALTER ISAACSON: Do you think our political system is capable of making such a decision now?
ANDREW McCABE: They haven't shown a lot of promise lately. We seem to be ‑‑ there's an election going on in this country. I don't know if folks are aware of that. So that's been a bit of a distraction. But hopefully we'll get back to that business.
WALTER ISAACSON: Speaking of the election, to what extent is the FBI ‑‑ I think there are 1900 electoral entities in, you know, the St. Tammany Parish, you know, Registrar of Voters, all that. To what extent are you safeguarding them from having their voter roles compromised or anything a malicious actor could do?
ANDREW McCABE: We're working very closely with our colleagues across the government on that issue. In terms of the actual safeguarding, that piece of the problem really is more in DHS's lane. And obviously we work very closely with them on how they do that. The FBI comes in, as you know, typically once there's been a cyber incident, then the responsibility falls on us.
WALTER ISAACSON: So, in other words, if there's a cyber incident about to occur and you, maybe somebody, figures out somebody is trying to erase the voter rolls of Miami.
ANDREW McCABE: Right.
WALTER ISAACSON: Would the FBI know that before it happened? Would it be able to doing?
ANDREW McCABE: You know, it's entirely fact‑dependent. It would be impossible for me to answer that without having a kind of more robust review of the facts.
WALTER ISAACSON: Do you have the tools to do something? If you woke up and it's 6:00 a.m. and you say, boy, this is happening, we're going to try ‑‑ do you have the authority from the President? Do you have the tools you need?
ANDREW McCABE: So, we have the ability to see ‑‑ we have a greater ability to see threats coming to us now than we ever have had in the past. Do we see it all? Absolutely not. But when we see those sorts of threats coming in and we provide those notifications to private sector entities all the time, financial sector entities and the like, we certainly coordinate immediately and directly with the affected entity and assist them and DHS in doing whatever is necessary to repel that attack.
But the problem is, you don't see everything. The more information we are able to share with the private sector, the academic sector, the better our detection ability becomes. Because all of that code, all of that malware, all of those indicators get compiled into our datasets, and then it's easier for us to identify those things that are coming at us.
WALTER ISAACSON: Well, you were at breakfast this morning when that issue came up. I don't know if Anne Margulies is here. If she is, I will embarrass her slightly. Because it became part of the discussion, which is Harvard gets hacked, I think she said, every other day from a serious state actor. MIT gets ‑‑ since we're here, we'll be nice, gets hacked every day, not just every other day.
ANDREW McCABE: You said it, I didn't.
WALTER ISAACSON: Do they ‑‑ first of all, suppose you were the I.T. director. You're hacked. Do they know who to call?
Say this happened this morning ‑‑ it happened last night. Do they have a phone number to call and say, Hey, we think it's the Russians, and they've now taken all of our, whatever?
ANDREW McCABE: Yeah, absolutely. As you saw from Anne's response this morning, she has a good relationship with her local FBI field office. And that is what we seek for all of the players that we deal with. But folks should know that that is the place to call. We've tried to get better at communicating that message, the joint messages that we put out with DHS, to try to kind of clarify the lanes in the road and make it clear here's where you call.
WALTER ISAACSON: Would it be helpful to you if you could monitor those systems in realtime and get the data in realtime, as the hacks are occurring?
ANDREW McCABE: I mean, that's always helpful. That's the ideal position.
WALTER ISAACSON: What resistance do you meet when you want that?
ANDREW McCABE: This isn't speaking of any group. We see the same sort of concerns from the private sector, from academia, from kind of across the spectrum. Folks are uncomfortable with, to some extent, sharing ‑‑ providing that sort of access, sharing sometimes information about attacks that take place, because for obvious reasons it impacts ‑‑ they feel it impacts their reputation and their position in the community. Nobody likes to say, Hey, we've been hit.
But I think we're getting better at that. The director used to refer to it as the two policemen patrolling the neighborhood comprised of 30‑foot walls in all directions. You can see that there's nothing happening on the street. If you can't see behind the walls, you can't actually help out as to the emergencies that are taking place.
We've got to get to that point where folks are comfortable sharing information and ultimately providing access if we expect the FBI and DHS and our Secret Service and our other partners in government to be able to be more proactive in the way we address the threats.
WALTER ISAACSON: One of the things we heard this morning when we were just eating breakfast, it was not a formal session, was, I'm not that comfortable ‑‑ I mean, some people are saying, I am just not that comfortable, for reasons of academic freedom or whatever, that the FBI might be able to get into our systems.
How do you try to grapple with ‑‑ given all the revelations that the FBI and CIA and NSA have done, and frankly, things that weren't revelations when people thought they were. Like, they thought the NSA was reading all of our emails, which I'm not sure was exactly the case.
ANDREW McCABE: Right.
WALTER ISAACSON: How do you go about convincing people, Hey, I'm from the FBI and I want to get into your database.
ANDREW McCABE: We're here to help?
Yeah. it's tough. It's tougher in some places ‑‑ more so in some places than others. We understand that skepticism. We have ‑‑ we've not been perfect. We've had our own ‑‑ our own flaws in the past.
I think we've done an incredible job of trying to stay connected to that legacy in a way that informs our decision‑making as a modern organization, that impacts our ability to recruit and train our new agents. And for all those reasons, we ‑‑ it's a core ‑‑ it's part of our core values, right, to maintain that connection to our history and to constantly focus on our core mission, which is protecting the United States of America and its citizens, and upholding the Constitution.
So that's the place that we come from. Despite that, we understand that folks are always skeptical of government to some extent, skeptical of us, for whatever reasons they may have had. You only break through that skepticism and that reluctance through partnerships.
We've put an incredible emphasis on our partnerships with the private sector, particularly over the last few years. We are trying to be more responsive. We are trying to be more agile in the information that we disseminate to the private sector and the way that we are actually showing we're here to help.
But that next step is true collaboration. And, ultimately, we just have to continue working, through that position of trust, and enable folks to put us in the place that we need to be to help them stop those sorts of threats.
WALTER ISAACSON: You just mentioned that you learned from your history, you're always aware of your history, the missteps, the FBI and the intelligence community has made throughout the history. As you know, your colleague, the director, Mr. Comey, has, under the glass of his desk, the order in which J. Edgar Hoover said he wanted to wiretap Dr. Martin Luther King, and Bobby Kennedy's signature on it.
ANDREW McCABE: That's right.
WALTER ISAACSON: How do you train each new generation not to let that happen again?
ANDREW McCABE: Yeah. So in many ways, you have to be consistent in the way you message your understanding of that past and how you're going to shape the future. And we do that ‑‑ in the last few years, we have completely restructured our training of new agents and analysts who essentially walk in the front door together and begin their FBI experience as collaborative partners, rather than the kind of separated approach we used to use.
One of the steps in that training is every agent and analyst comes to D.C. and participates in a program that includes both the Holocaust War Memorial and the Martin Luther King Memorial in the capital. And it is opportunities like that, we kind of take them off the firing line, off the driving ‑‑ off the driving courses and the tactical work they do at Quantico, to step back and reposition on those core values and that sacred trust that we hold with the American people to uphold the Constitution and protect their lives and well‑being.
WALTER ISAACSON: And that trust is needed in order to get academics ‑‑
ANDREW McCABE: That's right.
WALTER ISAACSON: ‑‑ private companies to be able to say, "Yeah, you can have access in realtime to everything coming in and out, say, of our databases to try to protect it."
One of the things ‑‑ we'll hear from John Carlin soon. But one of the things that happened is there's been a new law that allows that type of sharing and some would indemnify you from anti‑trust, from whatever other problems you could have if you agree ‑‑ what it's called, an ISAC, where you sort of roll it all up into a database that people can look at.
And what else needs to be done legally to make people feel "I can trust you in real time rolling up all of my cyber intrusion data into a database"?
ANDREW McCABE: Yeah. Well, I don't know what needs to be done legally right now. I think we have a pretty good framework with the creation of the portal that you've just referred to. We've done that really more to organize ourselves in the way that we interact with the private sector to give the private sector one point of contact on that kind of initial reporting. We've clarified the lanes in the road with the presidential order in terms of how we respond to an incident and who's responsible for which pieces, whether it's infrastructure protection or it's conducting the investigation that enables us to understand that it's the Russians or the North Koreans or the Iranians, whoever it might be. So I think we've made some progress on the legal side.
The harder piece is that cultural one that we've been talking about. And I don't want to ‑‑ I don't want to mislead you. A mistrust or a lack of trust with the FBI specifically is not the only driver. That is not the only thing that creates reluctance on the part of the victims, whether they're private sector or academic, to want to expose the fact that they've been ‑‑ that they've been victimized by a hack. There's obvious economic repercussions. There's shareholder value issues. So it's a complicated mixture.
WALTER ISAACSON: Couldn't you pass a law that said there couldn't be derivative shareholder lawsuits if somebody discloses in realtime that they've been hacked?
ANDREW McCABE: I think I'm going to have to defer that one to Mr. Carlin.
WALTER ISAACSON: All right. I hope he's watching so he can prepare an answer.
ANDREW McCABE: Yeah, I'm sure he's picking up.
WALTER ISAACSON: But would it help you? I mean, leave aside whether it's legal or whatever, would it help you if there were just more incentives to share data that way?
ANDREW McCABE: Of course, of course. More information is better for us. That's ‑‑ that's how we're going to ‑‑ that's our chance of getting out in front of this threat. And that's where everybody wants us to be, right? You heard it from Ann this morning. They want to know when it's coming. The only way to know when it's coming is to know when it's been here, to understand that malware, to understand those signatures and have that knowledge as we conduct the kind of intelligence collection that we do.
WALTER ISAACSON: You know, one of the hacks in the news has been the various Russian intrusions into everything from a couple of state‑elected systems, the DNC, to State Department and White House, I think a couple years ago, which were somewhat public.
What is the role of the FBI in saying to this whole group, "We can nail this case? We know who did it and how?" And do you generally know who did it or sometimes you just can't figure it out?
ANDREW McCABE: You know, there's ‑‑ it's a great question. So our role is to go back through the event and see if we can establish ‑‑ see if we can establish attribution. Right? And we do that through a deep and complicated forensic analysis. And in some situations, you're able to do that and be able to say conclusively, in a way that you could prove in court, "Yes, this is what happened and this is the party that's responsible."
WALTER ISAACSON: I'm sorry, those are two different things, to be able to know what happened and to know it in a way you can prove in court.
ANDREW McCABE: That's right.
WALTER ISAACSON: Why do you conflate those two?
ANDREW McCABE: Because your knowledge of what happened may be based on tools or techniques that you're not able to expose in court.
WALTER ISAACSON: Right. That's what I'm saying. Those are separate things.
ANDREW McCABE: Right. So those could be two separate things.
WALTER ISAACSON: But in the case of the Russians, say, might it be that you know for pretty much sure but you don't want to have to prove it in court, but we have a system where you have to prove it in court if we're going to name the Russians?
ANDREW McCABE: I don't know that we have a system where we have to prove it in court to be able to name any party that may have been involved in a hack. And that's what we were talking about briefly this morning, the difference between an assessment and kind of a forensic conclusion.
And so our role in that whole of government approach is to drive towards that forensic conclusion. Whether you're going to then take it to court and indict somebody and try to prove a case or you're just going to be able to say publicly, "Here's who we feel strongly is responsible."
Aside from both of those alternatives, you have the assessment which can be based on many different things. It is very different to be able to say that the United States government feels with some degree of confidence that a particular state actor was involved. That assessment could be based both on the forensics, which might get you close but not all the way, but it may also be based on other intelligence collection streams that you have. And so there are sort of different levels of attribution that you may be able to do at any given time.
WALTER ISAACSON: And so you were able to do a pretty robust one on the North Koreans.
ANDREW McCABE: That's correct.
WALTER ISAACSON: On the Sony hack.
ANDREW McCABE: That's correct.
WALTER ISAACSON: I mean, I assume since the President came out and said so. I'm not revealing anything there.
Do you feel that you're not yet at that stage with the Russians?
ANDREW McCABE: Well, I can't really comment on the activity that most folks believe included Russian involvement. But it is not ‑‑ it's not without precedent. Obviously you mentioned Sony. The indictment of the five ‑‑ three L.A. officers, probably another great example. We've had other cases that I think fit that same mold in the last couple years. So that's out there. That's in the kind of realm of the possible.
WALTER ISAACSON: Getting away from cyber for just a moment, even though it's a cyber conference, when you're looking at the threats now to the homeland that the FBI has to deal with, how has the threat landscape changed? And is cyber something you keep separate or is it integrated into all your threats?
ANDREW McCABE: That is a great question.
You know, the threats seem to change every day in our main lines of business. Right? So our criminal investigative work, our counterintelligence work, our counterterrorism work. And then, of course, there's cyber.
I would say the thing that's most different today is cyber is bleeding into every one of those business lines, if you will. There is not ‑‑ our most significant work on the criminal side, on the CT side, and on the counterintelligence side is all very heavily driven by cyber vectors. So cyber tactics and techniques, whether that comes from just communication, recruitment, planning, or the way the actual attacks are taking place.
So the challenge for us is how do we take that kind of nugget of cyber expertise that exists in the cyber division, how do we keep those folks focused on that true kind of traditional cyber intrusion work that we need them to stay focused on and yet spread their expertise, their tactics, their investigative techniques out to the workforce at‑large. That is a challenge for us right now. We have thousands of agents and analysts and many of whom who have been doing their work for many years and may have not participated in that kind of education and training process that our cyber investigators have.
So, it's how do we kind of tilt the scales back even a little bit and spread, kind of share the wealth of those cyber tactics and techniques? It's something we're working on.
WALTER ISAACSON: And, finally, what would you say in this zip code or two, the O2138, 02139, with the best students in this field, what would you say to them about why they should be engaged with you?
ANDREW McCABE: Right. So, I mean, they have incredible opportunities, and they are a talented and diverse bunch. If I could give them any advice, it would be to seek out those opportunities, especially at this point in your life, to do good instead of just doing well.
And that is not just with the FBI. That's FBI, CIA, NSA. Across the spectrum of our intelligence community, there are incredible opportunities to serve your country and to do the work that you find fascinating and compelling. It's a great experience, and there's some great organizations to work with. So I would encourage them to consider it.
WALTER ISAACSON: Well, thank you for doing it.
ANDREW McCABE: Thank you. Appreciate it.
With CNBC in the U.S., CNBC in Asia Pacific, CNBC in Europe, Middle East and Africa, CNBC World and CNBC HD, CNBC is the recognized world leader in business news and provides real-time financial market coverage and business information to approximately 386 million homes worldwide, including more than 100 million households in the United States and Canada. CNBC also provides daily business updates to 400 million households across China. The network's 15 live hours a day of business programming in North America (weekdays from 4:00 a.m. - 7:00 p.m. ET) is produced at CNBC's global headquarters in Englewood Cliffs, N.J., and includes reports from CNBC News bureaus worldwide. CNBC at night features a mix of new reality programming, CNBC's highly successful series produced exclusively for CNBC and a number of distinctive in-house documentaries.
CNBC also has a vast portfolio of digital products which deliver real-time financial market news and information across a variety of platforms including: CNBC.com; CNBC PRO, the premium, integrated desktop/mobile service that provides live access to CNBC programming, exclusive video content and global market data and analysis; a suite of CNBC mobile products including the CNBC Apps for iOS, Android and Windows devices; and additional products such as the CNBC App for the Apple Watch and Apple TV.
Members of the media can receive more information about CNBC and its programming on the NBCUniversal Media Village Web site at http://www.nbcumv.com/programming/cnbc.
For more information about NBCUniversal, please visit http://www.NBCUniversal.com.