Raysyn Roach-Vaden is a Federal Bureau of Investigation agent recently posted to Israel.
He works within the US embassy as the FBI assistant legal attaché for cybersecurity, collaborating with local police, security and government agencies to share vital information about cyber threats to public or private entities.
Collaboration among governments, agencies and private companies globally are crucial to keep hackers at bay, he said. In an ideal world, to counter the growing cybersecurity threat, some kind of a cyber-UN would be set up, in which all relevant information is shared in real time among trusted partners. He has been at his post in Israel only since May, and in that “very busy” short time he has already worked on cases involving national security threats, ransomware, hackers and online fraud.
As with any investigator, he says, his days don’t follow a pattern. The one good thing about working for the FBI is that he’s “never had a normal day,”
Roach-Vaden has been with the FBI since 2010, starting off as cybersecurity investigator and special agent on a variety of investigations, and supervising the management of complex cases relating to the Dark Web and ransomware. Then he was posted to Israel.
Roach-Vaden spoke to The Times of Israel last month, on the sidelines of the Cyber Week cybersecurity conference at Tel Aviv University. Excerpts of his quotes have been edited for brevity and clarity.
What do you do in your role?
I am the FBI cyber assistant legal attaché. The FBI has a presence in almost every embassy as a legal attaché. I concentrate on building relationships in the cyber space with cyber investigators in multiple agencies, including the security agencies, the Israel Police, and I am now building relationships with the National Cyber Directorate.
I arrived in May, and as soon as I arrived, there have been a lot of opportunities to work side by side with the Israel Police and agencies to investigate and combat the cyber threat. In general, I’ve been able to coordinate on national security threats, ransomware, I’ve been able to work on hackers, online fraud. Those are the types of cyber investigations that we’ve been working very closely with, but we are prepared to work even closer, as needed.
Do your investigations mainly affect the US?
We normally concentrate on anything that affects the United States, either victims, subjects, or someone using something in the US infrastructure. There has to be some US nexus or the FBI cannot be involved. But we do work closely with sharing information on threats that we see. We share information, as we see it, because we realize that everyone is a victim here. We work with the Israel Police, when we see a cyber threat, maybe it hasn’t reached Israel yet, but we want to provide the information when we can.
Are you the first FBI cyber assistant legal attaché?
I’m not the first. For about two to three years there has been someone slowly building the relationships. I have to admit that my predecessors have done a really good job. I feel very lucky that I can now pick up the phone and make a phone call to the Israel Police or the other agencies and know that there is someone that’s already worked with the FBI, that relationship has been fostered. And my role here is to continue to build those relationships.
What is needed for this relationship to work?
It has to be a partnership, not just with the police and the government. It also has to be with the private industries. I, as the FBI, still need to work with the Israel Police or INCD. But through them, I would want to work with the tech companies here. So that they and we understand the threats that they are seeing, and how we can interact. This is something that I am taking from my headquarters as a mandate.
We have a program called Infra Guard that we developed in the United States, which is basically a private-public partnership, and that is a model that I’m using to help build relationships here.
I would want to know the CISO (Chief Information Security Officer) at companies, I would want to know the CEO, I would want to know their chief technician, before they have a problem.
And it pays dividends. If there’s a threat, I know I can call them and start working it because it’s easier than just calling them off the street.
We are lucky that our brand, the FBI, is well known. So, when we knock on someone’s door, they know we are we are coming to help. For some people, when we knock on their door, there is a certain knock that we do, and they know they’re in trouble.
But we also knock to say hey, there’s a threat. We’ve seen a cyber threat against your company. We’re here to help. And we need to promote that not just in the US, but we also want to share that with our partners here in Israel.
There have also been cases where our foreign partners call us and say “Hey, we see a threat, and it may be affecting your companies.” That has happened. I’m not allowed to give specifics. They let us know when something is wrong.
How can we fight the cybersecurity threat?
It has to be a joint effort, there has to be the trust, to be able to share information. There has to be that understanding, or relationship, with not just the public, but the private sector in order to combat the future cyber threat, because we don’t know how it’s going to change.
Why would people not want to collaborate?
It is just the complexity of it. Not too many people in policy understand cyber. They didn’t come from this world. And it’s becoming more and more complex. There are so many layers now. We are trying to work on those layers, but we need to work on it collaboratively. It’s getting better. Even in the FBI, when I first came in, we did not share as much. It was like ‘Oh, thank you.’ We took information. Now, I can tell you emphatically, when we have a threat and we have an investigation, if we can share that information so we can help other people, we do. That’s what we need to do, moving forward to be a success.
We may not be ahead of the hackers, but we can try to stay as close as possible, because soon as they attack one company, that company shares the information. So, I can share it with another company. Maybe they won’t talk, because they are competitors, but they will talk to us.
And that’s the thing we bring. We bring like a sort of a cyber-Switzerland, where you can share, a place where everyone can come together. We are neutral. We don’t do this for profit. We do it to catch the bad guys.
What kind of cyber-partnership network do you have?
The US is slowly building a network of partners of law enforcement agencies across the globe. Because basically, this is no longer just a US threat. There are actors in other countries, there are actors in the US targeting outside countries. They think that they can avoid us because they live somewhere else.
For example, the US, Brazil and Israel authorities worked closely together to foil the sale of drugs online, on the Dark Web.
Anything that touches a computer enabled crime is something that I work with, across the spectrum, be it terrorism, hacking, ransomware, drugs on the Dark Web.
What would you like to see, in an ideal world, when it comes to cybersecurity?
In an ideal world, we would have almost like a cyber-UN. A real time ability to collect information, identify threats, and help the victims. That is one thing that we all can work towards: we need to build those collaborations and trust to identify the bad guys and help protect the victims.
How far are we from that?
That’s a good question. It has to deal with different laws, different policies affecting different countries. I know that we are working closely, we have initiatives in the US in this cyber arena that are making this more and more seamless. We work closely with the Israel Police almost in real time to share information. They have my number, I have theirs. We can work as quickly as my investigators can give me information from the US. I can get it to them. We are trying to find ways to do that on a global scale.
What does your day look like?
As with any investigator, my day changes. My role is to be a conduit for information sharing for law enforcement and national security matters. So, every day, that could be different. I may wake up planning to go to this meeting, go to this interview. When we finish our interview, I may actually have a call that I have to now wake somebody up in DC and say, ‘Hey, there’s a threat. There’s something going on. There’s now a new cyber ransomware spreading across the world. What do we do?’
So again, the day in the life changes. That’s the one good thing about working with the FBI. In my career, I’ve never had a normal day.
Has your work in Israel been more on counterterrorism, organized crime or half and half?
It fluctuates. I’ve been here a month., and it’s been very busy. I can’t even break it down. One minute, I’m spending all my time with the Israel Police. And then I work with the security agencies. And it’s constantly changing. It’s dynamic, just like cyber, cyber is constantly changing. We have to adapt and change with it.
What can you tell me about the elections?
I can’t speak about it.