Continuing an eight-year tradition, Boston College and the Federal Bureau of Investigation hosted the ninth annual Boston Conference on Cyber Security on October 9, featuring a lecture and panel discussions with leaders in the disciplines of emerging technologies, operations and enforcement, and cyber and national security concerns.
The conference is now being held at Boston College Law School, where the Masters in Legal Studies in Cybersecurity, Risk, and Governance program was recently established under the direction of Kevin R. Powers. Among the featured speakers and panelists at the event were experts from the FBI, Guidehouse, Boston Celtics, The Kraft Group & Affiliates, Boston Red Sox, Boston Bruins, Bain Capital Ventures, Hinckley Allen, FINRA, and the Department of Justice.
After opening remarks by Dean Odette Lineau, who highlighted the strategic priority of cybersecurity in this day and age, Brett Leatherman, assistant director of the Federal Bureau of Investigation’s Cyber Division, gave the keynote address. He began with an overview of the impact of cyber threats at local, state, and international levels, stating that in 2024 alone, Americans reported 1.5 billion in cyber crime losses to the FBI’s internet crime complaint center.
As the lead government agency for cyber threat response, the FBI has four key pillars of its cyber mission. First, is to take players off the battlefield, identify, and arrest them. “We excel at removing the cloak of anonymity many cyber actors hide behind,” Leatherman said. He also spoke of recent international FBI operations that have led to the arrest of cyber criminals, such as those belonging to the cyber criminal group Scattered Spider.
The remaining pillars include pressuring the threat, leveraging domestic authorities to inform intelligence communities and citizens on how to better defend their networks, and keeping the work victim-centered. To accomplish these goals, Leatherman referenced Rule 41 of the federal rules of criminal procedure, which outlines government search and seizure methods and allows the FBI to disrupt botnets and malware. As an example, he pointed to a Boston-led operation where the FBI dismantled a Russian intelligence-controlled botnet and removed over 1,000 weapons from the botnet’s arsenal. “I’m proud to say that everyone in this room is safer because of that Boston-led operation,” Leatherman said.
He stressed the importance of organizations having an existing relationship with the FBI. “The best time to meet us is before you need us,” he said. Information-sharing with the FBI is key to their efficiency and effectiveness. Another crucial way to protect yourself and to prevent further harm from cyber attacks is to have an incident response plan in place that is up to date and rehearsed. Finally, report the compromise. “The FBI is focused on helping you,” Leatherman said.
He also noted the distinct shift in operational behavior by the People’s Republic of China (PRC), specifically, the Chinese Communist Party. Their cyber attacks, he said, “are tied to China’s long-term plan to become not just a world super power, but the world super power. The good news is, we are not defenseless. The PRC cyber actors thrive in the shadows, but when we shine a light on them, they are forced to adapt, rethink, and, in some cases, walk away or burn down their infrastructure.”
Next up on the conference’s agenda was a discussion on how technology and data privacy tools impact stadiums, players, and fans of major sports teams. The panelists were representatives of all four major Boston sports teams, as well as William B. Evans, Boston Cellege’s chief of police and former Boston Police Commissioner.
Moderated by Powers, the conversation primarily centered around data collection and the use of biometrics as each panelist highlighted ways their company educates players and coaches, as well as staff and employees, on cybersecurity, from password strength to data segregation. The Boston Celtics’ Richard Pruitt and Boston Bruins’ Shannon Torgerson discussed the importance of stripping software programs of any irrelevant data, and what it looks like to store biometric data for both customer convenience and security.
Referencing Leatherman’s earlier address, the panelists discussed their own experiences with incident response plans and the importance of coordinating physical security with cybersecurity. “The key is preparedness. We don’t write plans for them to go on a shelf,” said Michael Israel of the Kraft Group.
Cyber security is both a tech issue and a business issue. “Cyber is at the center of almost everything we do on the team,” said Randy George of the Boston Red Sox. In order to protect the treasure trove of confidential information and sources, collaboration with other teams among industries is key.
The second and final panel of the conference, moderated by B. Stephanie Siegman of Hinkley Allen, addressed winning strategies through law enforcement and private sector collaboration.
“Nothing I speak about is done in a vacuum,” said Doug Domin of FBI Boston, a point Cindi Bassford of Guidehouse expanded on to include community impact.
Bassford spoke about how many cybersecurity professionals have been slow to adopt AI. “I’m on the flipside,” she said. “I’ve seen a lot of success working side by side with AI. These [cyber] attacks are coming so fast and furious, we need these bots to help us defend ourselves.” She explained that what would take a human half a day to understand can be ingested and “spit out” by AI in seconds, free of typos, leaving analysts to avoid wasting time correcting wrongly inputted information. Quick to assure the room that AI is not replacing people, she added that “we are just making them more efficient and effective.”
Echoing something said earlier, Bryan Smith of the Financial Industry Regulatory Authority emphasized that cybersecurity is a business problem that is “about people, process, and technology.” Mark Sutton of Bain Capital described it as less about partnership and more about relationships. “If something is going wrong in my environment, I can pick up the phone and call them directly and get help. That is most important for us to be successful in defending against adversity.”
Read Boston College Chronicle‘s article about the event here.
Photograph by Caitlin Cunningham, Boston College