The FBI’s cyber chief is prioritizing preparation for stepped-up Chinese threats, enhanced confrontation of adversaries in cyberspace and quicker intelligence sharing with industry as the bureau enters the second and final month of a unique cybersecurity awareness campaign.

Brett Leatherman, who took over as assistant director of the FBI’s cyber division last summer, listed those topics as his three top priorities in a recent interview with CyberScoop. At least two of them overlap considerably with the bureau’s current awareness campaign, Operation Winter SHIELD.

It’s the kind of thing that might normally be more expected to come out of the Cybersecurity and Infrastructure Security Agency, which once had its own shield-themed campaign, rather than the FBI.

‘We’ve never done a media campaign like this before,” he said. “But while it’s atypical for a law enforcement agency to do this kind of technical media campaign, we thought it was incredibly important because it translates that law enforcement perspective [into] meaningful ways that industry can move the needle towards increased resilience across critical infrastructure, industry, government agencies and beyond.”

As part of the campaign, the FBI is highlighting 10 recommendations, like protecting security logs and implementing phishing-resistant authentication, that stem from the FBI’s incident response mission.

“The 10 recommendations that we’re making right now are not a surprise to many people out there who work or have cyber over the last few years, but it’s important that we also highlight that these 10 controls are the ways that we continue to see actors getting into fortune 100 businesses and small to medium businesses in virtually 99% or greater of the investigations we run,” Leatherman said.

The campaign has involved localized events for industry, podcasts, international appearances, coordinated messages with cyber-focused companies and more. They sometimes emphasize different threats based on where they’re held, or specific cases that demonstrate how not following the 10 recommendations has led to a past real-life breach. 

In the Honolulu field office, for instance, the FBI held a cyber executive summit with critical infrastructure owners and operators and other key partners. There, the emphasis was on how Hawaii is a potential target of Chinese hackers, especially with the possibility of a People’s Republic of China invasion of Taiwan in 2027.

Securing 2027 is the first priority for Leatherman as assistant director of the cyber division. The idea is to “defend the homeland against an increased PRC targeting of the homeland,” should a China-Taiwan conflict have U.S. spillover.

Leatherman’s second priority is better contesting U.S. adversaries in cyberspace, with joint, sequenced operations — “technical operations through our lawful authorities to remove capacity and capability from the adversary.” That includes looking for ways to enhance those operations with AI.

And his third priority circles back to information sharing with industry. Leatherman said the FBI has some unique cyber threat intelligence capabilities and wants to share it more quickly, so it can have an immediate impact.

Leatherman said Winter Shield is meant to serve as a complement to CISA’s work and vice-versa. The international component of the campaign still has an eye on the homeland, he said. “We’re helping partners understand the Internet is so interconnected now, companies are international, and if you just do this work here in the homeland, you’re at risk of actors targeting your international operations and pivoting into U.S.-based work,” he said.

The second Trump administration’s approach to the FBI has raised concerns from Congress, former agents and elsewhere about whether the bureau’s cyber focus is being curtailed. The bureau has lost veteran leadership, and FBI data that a top Senate Democrat released points to personnel being shifted to immigration-related tasks, including those drawn from cyber work. The administration has also proposed budget cuts for the bureau.

And the FBI’s parent agency, the Justice Department, has shut down a team that combats cryptocurrency crimes amid industry backlash toward U.S. government actions in cases like  Tornado Cash, which the Biden administration accused of abetting money laundering from ransomware outfits.

Leatherman said FBI Director Kash Patel and other bureau leaders have been strong backers of the FBI’s cyber mission.

“We have not moved resources from [the] cyber division,” he said. “We still have our virtual asset unit, we still have our Virtual Currency Response Team, all those teams responsible for tracking the stolen crypto from” North Korea.

“We’re doing regular tracing. We’re trying to seize that when we can,” he said. “We’ve increased our ability to target nation-state actors given the support of FBI leadership, so we have not moved resources off the threat and we continue to prioritize both threat actor pursuit and victim engagement.”

The post The FBI’s cyber chief is using Winter SHIELD to accelerate China prep, threat intelligence sharing appeared first on CyberScoop.

Some cybersecurity advice has been around for ages: Frequently change passwords, avoid public Wi-Fi. But most experts say a lot of that knowledge is rooted in myth.

On Monday, an initiative launched to counter those stubborn misconceptions, on the notion that their persistence is actually harmful to what keeps people secure.

Bob Lord, a former top cyber official at Yahoo, the Democratic National Committee and adviser at the Cybersecurity and Infrastructure Security Agency, unveiled hacklore.org — a portmanteau of “hacking and folklore” — to combat those cybersecurity superstitions.

Myths have always been around, handed around over time as “hard-earned” wisdom, as the site notes. “We used to wear amulets to keep ourselves safe,” Lord told CyberScoop. 

But security practitioners and people who use tech don’t have unlimited bandwidth, he said. 

“Our goal is to help everyday people and small organizations focus on the simple, fact-based steps that truly protect their data and devices—keeping software up to date, using strong passwords and passkeys, enabling multi-factor authentication, and recognizing social engineering,” the site explains. “By replacing fear with facts, we can make digital safety advice more accurate, actionable, and effective for everyone.”

As part of the initiative, Lord got more than 80 cybersecurity professionals to sign on to an open letter calling for a shift toward practical cybersecurity guidance that works, with cyber executives from major companies and organizations like Okta and Microsoft alongside experts in cybersecurity and academia as well as Lord’s former boss at CISA, Jen Easterly.

Out, they say: advice about never scanning QR codes, never charging devices from public USB ports and regularly deleting cookies. In: using multifactor authentication and a password manager, and keeping apps and devices updated.

The idea is to consolidate this “hacklore” in one place where anyone can read it or share it with others. The letter is also aimed at software providers, putting in a good word for “secure by design” and “secure by default,” two initiatives aimed at improving software security that Lord worked on at CISA. (Lord is now with the Institute for Security and Technology, but hacklore.org is a personal project.)

Lord isn’t sure where the project might go next, beyond the big launch. But he’s hoping it can make a dent in a phenomenon that “won’t be easy,” as he acknowledges. “Ask me again in a year,” he said.

The post This campaign aims to tackle persistent security myths in favor of better advice appeared first on CyberScoop.