Four years later, the FBI and the community of incident response security professionals who often work with the bureau’s agents says the FBI has significantly changed how it communicates with hacking victims — the better to avoid another DNC-style debacle. In interviews with WIRED, FBI officials never explicitly admitted to a failure in the case of the DNC’s botched notification. But they and their private sector counterparts nonetheless described a bureau that has revamped its practices to warn hacking targets faster, and at a higher level of the targeted organization — especially in cases that might involve the upcoming election or the scourge of ransomware costing companies millions of dollars across the globe.
In December of last year, for instance, the FBI announced a new formal policy of immediately notifying state government officials when the bureau identifies a threat to election infrastructure they control. But the improvements go beyond warnings to state officials, says Mike Herrington, the section chief of the FBI’s cyber division. “I see a key change in practice and emphasis, getting our special agents in charge keyed up to gain the full cooperation of potential victims,” says Herrington, who says he’s personally notified dozens of victims of hacking incidents over his career. Those “special agents in charge” are higher-ranking than the typical field agents who have notified victims in the past, notes Steven Kelly, the FBI’s chief of cyber policy. Kelly says that those special agents have also been instructed to aim their warnings further up the victim’s org chart. “We want them to be reaching out to the C-suite level, to senior executives,” says Kelly. “To make sure they’re aware of what’s going on and that they’re putting the right amount of calories into addressing the issues so that these things don’t get ignored or buried.”