A: Eoyang - We need to reinstate a WH coordinator. As agencies work in their silos, we need a coordination point. We can't do good work it if we don't have a QB. Another is a better effort to gather data on cybercrime.

A(cont): COVID has brought on ransomware on hospitals. From tech, mid stage companies are being hit with ransomware. We need better data on the kinds of attacks that are happening. And finally: efforts on the international.

A(cont): We need to access which countries give us the best "bang for our buck" for information, we need to make sure the [international] people on the other side of the phone know how to assist.

Q: How do we make the private-public partnership work?

A: Judge - We have private sector companies providing funding, along with CISA assisting. We are having more people report.

A: Stifel - larger scale efforts are critical. At the less public level, we continue to struggle, but we have been having small successes. We have been encouraging small improvements like MFA.

Q: How should we be thinking about the broader disruption effort?

A: Stapleton - Every case is different. This is a fact dependent enterprise. And we need to work with our partners to see what is the most disruptive effect. We have to look at all of the angles and inquiry.

A(cont) - This also raises another important question. What are the priorities (w/ private-public). Cybercrime is important, but it's not a monolith concept. We need to figure out our priorities. And over the last year, our priority was ransomware.

Q: Let's dig into ransomware. Many orgs just pay the ransom and move on with things. How should we think about squaring up the public and private interests? What about public policy?

A: Stapleton - From the FBI's position, do not pay the ransom. And [ransomware] continues to happen is because it's profitable. From a law enforcement agency perspective, we do not recommend paying.

A(cont): That being said, we are not unrealistic of the positions of business, especially small and medium. Even if you pay, the FBI will still view you as a victim.

A: Judge - In certain countries, they have 24-7 services available to support victims. In the US, we do not have it. We need something in the US that services victims and does not overwhelm the FBI.

A: Eoyang - Agreed, the government needs to have more services to support victims. Lives are on the line here. We hoped hackers would have an ethical code as discussed earlier on during COVID, but they did not go through with it and staged attacks.

A: Stifel - As we gather more information about victims, it also needs to be used to prevent future attacks. We may be able to scale resources.

Q: 30 second version of what you want people to takeaway from our discussion

A: Stifel - We need to gather info from victims of crime and prevent crime. We need to work together. And look to new opportunities to build trust. Small steps can lead to a big reduction in risk.

A: Stapleton - Back up your stuff! And I value hearing from folk outside of the government. For the FBI, we recognize cyber is a team sport. We are open to hearing any possible solution. Cyber crime is one of the top 3 priorities of the FBI.

A: Judge - Read the Cyberspace Solarium Commission report, read the annex, read the Third Way docs, read everything. And talk to policy makers to advocate for solutions. Use your voice!

A: Eoyang - Cybercrime is a big and growing problem, but there is no silver bullet. People should be empowered to take steps to combat it. Everything we do is a step forward to combating it. We all have a piece in this and we need to work together.