Cybersecurity issues have dominated headlines in recent months, from Facebook’s data breach to a ransomware attack on Boeing, another on Atlanta (which reportedly cost the city more than $2 million), and the Justice Department’s indictment of nine Iranians charged with executing a massive hacking crime.
Special Agent Aristedes Mahairas, who leads cybersecurity operations for the FBI’s New York field office, cites these events as examples of the wide-ranging cyber threat landscape. It’s the latest role in his distinguished 22-year career with the FBI.
“These threats are diverse, they are complex—some in their design and some in their implementation—but they’re all dynamic, they’re all constantly changing,” he says.
And the culprits can be equally varied: nation-state actors from Russia, China, Iran, and North Korea; disgruntled employees; transnational organized criminal syndicates; or cyberterrorists.
Meanwhile, Mahairas notes, the cyber “attack surface” is growing. By 2020, there will be an estimated 50 billion Internet of Things devices, which can range from medical equipment to household items like refrigerators, home thermostats, and baby monitors.
“That’s 50 billion points of entry if not properly secured,” he says. “If you have the processing power of millions of devices now being overtaken by a central command and control server directing all to attack at one time, that creates a big impact.” In 2016, a series of coordinated attacks by Internet of Things devices temporarily downed numerous websites and social media platforms.
Anyone, Mahairas stresses, can be the victim of a cyberattack. He has written columns on the particular risks to big law (hackers may seek trade secrets, IP, and strategy information held by firms) and the judicial system (imagine the catastrophic deletion of sensitive testimony, evidence, or motions).
“The preparation is better than the cure, always,” Mahairas says. “So, what are we doing to minimize the attack surface, our vulnerabilities? And in the cases of a compromise, have we established an incident response protocol so that we can rely on muscle memory because we’ve trained through it appropriately?”
To be as prepared as possible, Mahairas focuses on building relationships with companies in the New York City region.
“We want to meet you and have a cup of coffee on a sunny day before the rain comes in,” is how he put it in a recent Yahoo Finance interview.
Similarly, he’s intensified public-sector recruiting efforts for the FBI’s Cyber Task Force. Like the long-running Joint Terrorism Task Force, the Cyber Task Force pools the resources of multiple local, regional, and federal law enforcement entities.
“The synergies it establishes from an investigative perspective and the force-multiplier effect it has on the investigative unit are critical,” he says.
In the last two-and-a-half years alone, Mahairas has been able to triple the number of partners in the Cyber Task Force.
One of the newer partners, the Westchester County Police Department, brought an especially valuable asset to the group: a canine named Harley. She’s one of about 20 dogs in the world capable of sniffing out the presence of a special cooling chemical present in USB drives, laptops, cell phones, and other devices cyber criminals may conceal.
Mahairas attended NYLS as an evening student while serving as an undercover FBI agent. (He earned his B.A. in Political Science from Baruch College.) He says that the IRAC approach to legal analysis—issue, rule, application, conclusion—sticks with him today. His job often calls on him to field competing strategies from his team of cyber-investigators and to ensure that the team buys into the final approach.
“I don’t think I’ve ever had a position where I’m not, in one way or another, taking that approach,” he says. “The training I received at NYLS has been a huge part of my everyday life.”
Meet other NYLS alumni whose work takes them to the front lines of emerging issues in NYLS’s digital magazine.