When it comes to cybersecurity, the Homeland Security Department doesn’t just play defense by shoring up its own vulnerabilities. The department also goes on the offensive by tracking cyber-criminals lurking on the dark corners of the internet.
Jared Der-Yeghiayan, a special Immigrations and Customs Enforcement agent on assignment with Homeland Security Investigations’ cybercrime unit, works with an around-the-clock team to track down illegal activity on what’s known as the “dark web.” On the dark web, Der-Yeghiayan’s team works on cases of child exploitation, narcotics trafficking and financial crime.
Chances are good that most online users have never been on the dark web, since most websites and indexed and easily found on search engines like Google. But there’s also another part of the internet called the deep web, which hosts things like private intranets that you can’t really find if you don’t know where to look. And within the deep web, that’s where you’ll find the dark web.
“The dark web is its own little sort of universe within the deep web where you could access a lot of illicit things,” Der-Yeghiayan said on Federal Drive with Tom Teminas part of DHS 15th Anniversary.
One of the ways to access the dark web is through a program called Tor, which masks a user’s internet traffic. Back in the 1990s, the Naval Research Laboratory developed the technology behind Tor, but now exists as publicly available software from a third-party provider.
“It includes a browser, and once you have this browser, it connects you to this encrypted network. And this encrypted network protects your location.”
Through the dark web, users operate a kind of international black market where illegal goods like drugs and fake identity cards can be purchased. Earlier in his career, Der-Yeghiayan played a role in bringing down the Silk Road, one of the most notorious deep-web marketplaces, and its successor, Silk Road 2.0.
While many dark-web transactions are made through cryptocurrencies like Bitcoin, Der-Yeghiayan said his team has strategies to track down cyber-criminals in the real world.
“You may talk to somebody on an encrypted network, and they may not know, digitally, who you are, but eventually you’re going to have mail them some product. Eventually, it’s going to have to go overseas, and that’s where we have our authorities to search incoming packages that are coming into the United States and going out of the United States,” he said.
When a partner agency like Customs and Border Protection detects an illegal shipment through an international airport, or through international mail, they make the call to ICE to try and track down suspects. If, for example, they intercept an illegal drug shipment, they may make a “controlled delivery” to arrest the person expecting to receive the item.
“There’s a lot of techniques that we’ll use from a digital side of it too, to identify that IP address and then try to identify who the user is and where they’re at, and geolocate them,” Der-Yeghiayan said.
Implementing Trump’s cybersecurity executive order
On the defensive side of cybersecurity, DHS has recently received new marching order from President Donald Trump in the form of an executive order issued in May. In line with that EO, the Office of Managment and Budget has recently tasked agencies with establishing a senior accountable official for risk management.
Dr. Barry West, in addition to serving as the acting deputy chief information officer at DHS, now also serves as its senior accountable official for risk.
“It basically is the point person for the executive order,” West told Federal Drive with Tom Temin, adding that in this role, he has a direct line to the DHS secretary and continually briefs leadership with cybersecurity updates.
Trump’s executive order calls for reforms along four main workstreams — managing security of networks, protecting critical infrastructure, strengthing deterrence posture and building a stronger cybersecurity workforce.
West said one of his key roles in this new position is making sure all these things stay on track. One major deliverable DHS completed was submitting a cybersecurity risk and mitigation action plan to OMB. In order to get there, West had to work with component agencies to arrive at a new set of risk management outcomes.
“It was working with closely with those components over a short period of time … and getting their feedback and working with their leadership. It’s not just going to the [chief information officer], but it’s going to the heads of the agencies and working with them to identify those key risks that they feel are important going forward,” he said.
In working to shore up these cyber risks, West found one common weak in the disparate nature of security operations centers across the enterprise.
“What we found is that we have many security operation centers throughout DHS that are not consistent, that are operating on their own,” he said. “In some cases, we had few components of the smaller ones that didn’t even have a SOC, that were relying on other means. It really made that risk stand out, that we need to focus on consolidation and transparency and really leverage some of the key areas for our SOCs.”
Trump’s cybersecurity executive order also calls for more shared services, but West said it could take considerable effort to get DHS components on the same page.
“When you have agencies like FEMA that have been doing something a certain way for the last 30 years — from a security standpoint, how they have to be so reaction-oriented — they’ve built processes in place for them to work at a certain level, and it can be very tough untangling some of those practices and policies that they’ve had in place for years to try to maybe go to a consolidated approach,” West said. “But it’s about showing what’s in it for them from a headquarters perspective, showing lessons learned and best practices, and making sure that we put the mission of these agencies first as we go through this.”