A seasoned Air Force investigator takes over a crucial cybersecurity office

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Defense Department’s Cyber Crime Center, known as DC3, has a new executive director, Jude Sunderbruch. He joined the Federal Drive with what’s new at the DC3 and what he plans for this crucial office.
Tom Temin: There are so many apparati that are aimed at cybersecurity in the federal government. Let’s take a minute just...

READ MORE

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Defense Department’s Cyber Crime Center, known as DC3, has a new executive director, Jude Sunderbruch. He joined the Federal Drive with what’s new at the DC3 and what he plans for this crucial office.

Tom Temin: There are so many apparati that are aimed at cybersecurity in the federal government. Let’s take a minute just to remind us what the DC3 does, because it’s “Cyber Crime Center” and not necessarily “cybersecurity” center.

Jude Sunderbruch: Right. So the Department of Defense Cyber Crime Center, known as DC3, is one of several federal cyber centers. And so we have a role supporting the investigative agencies of the Department of Defense. But we also support defense related cybersecurity efforts as well. So it’s a really exciting mission. It’s a shared group of stakeholders, both from the investigative agencies, a number of customers within the Department of Defense, and then a lot of partners in the defense industrial base as well. And we work hard to coordinate our efforts with other agencies around the federal government as well.

Tom Temin: And what particular resources or capabilities does DC3, bring to say? Let’s talk about the investigative side.

Jude Sunderbruch: Okay, well, so there’s several constituent parts of DC3, one of them is we have a really cutting edge forensics laboratory capability. And so when the investigative agencies are out there working crimes, in some cases, they have all the capabilities they need in house. In some cases, they find that we’re able to bring some capabilities to bear where it’s worthwhile to have those capabilities at the Department of Defense level. And so that might be working to process evidence, to recover and to look at information that might be in a collected computer from a crime scene, things of that nature. And then that information is prepared and shared back with the investigative agency. And that can help to either prove or disprove the innocence or guilt of somebody that’s accused of a crime.

Tom Temin: And this is for those accused that are in the federal government, say members of the military, or is it beyond?

Jude Sunderbruch: Yeah, so the military investigative agencies, the bulk of their investigative efforts are often tied to people that are within the Department of Defense, either active duty members or it could be civilians or other people working on military bases. There are times that the investigative agencies are involved in investigations off installations. And those are done in concert with the Department of Justice, state and local prosecutors and other entities. For us, the investigative agencies go out and lawfully collect the evidence, they either process it in house, or sometimes they share it with us. And then we try to bring our advanced capabilities to bear to support them.

Tom Temin: So you must have like forensic capabilities to look into hard drives or to web traffic, that kind of thing?

Jude Sunderbruch: really exciting. In fact, in some cases, evidence has been damaged or destroyed, either intentionally or just unintentionally. And so there can be evidence that can be recovered from, say, a damaged hard drive, and our staff can work to recover that information. It can also be that we’re looking at the actual evidence, and so that could involving X-raying it. So we have like X-ray capabilities here. So there’s a lot of stuff that would be hard to do all around the globe, because the Department of Defense is such a large organization. So in some cases, our lab provides that support.

Tom Temin: And really, almost every crime nowadays has a cyber component, though, doesn’t it?

Jude Sunderbruch: It really does. And so it could be that it’s collected evidence. It could also be, though, that there’s elements of the criminal activity alleged that has taken place in an online context. And so we have some other resources we bring to bear to support those kinds of things. So we have a Cyber Training Academy here that helps prepare investigators and analysts and professional staff from the investigative agencies to be well trained to investigate the cyber aspect of those investigations. And there are other analytical capabilities we have here where sometimes we’re able to look at information that has been collected by either the Department of Defense investigative teams, or by others, and we can help share insights. Because we have people that are experts in different kinds of situations, whether that is supporting efforts related to ransomware or other kinds of malicious activity.

Tom Temin: We are speaking with Jude Sunderbruch. He is executive director of the DoD Cyber Crime Center, the DC3. And you bring a history of forensic and forensic analysis from the Air Force to this. Tell us a little bit about yourself.

Jude Sunderbruch: Yeah, well, I’ve been really fortunate to have had a career that has brought me into a lot of different settings. So I started off as a special agent with the United States Air Force Office of Special Investigations back in 1994. And so I’ve served seven years on active duty with OSI. And then just prior to 9/11, I was going to graduate school, I went into the reserves. And after 9/11, I had the opportunity to come back on full time. And eventually I became a civilian special agent with OSI, in addition to serving as a reservist. So I’ve kind of had two careers. One of them has been as a civil servant. And that’s been with OSI. And that included the opportunity to serve in a joint duty assignment over at FBI cyber division, which was really a rewarding opportunity to work with our partners over there. And then as a reservist, I’ve had the opportunity to serve in a number of settings, including as part of the broader U.S. CYBERCOM team during our recent assignment as well. So I’ll tell you that it’s really been interesting to see the evolution of cyber in the federal government across the last several years. And I think it really comes down to teamwork. And so I’m excited to bring just some of these different experiences as I joined the team here at DC3.

Tom Temin: And having joined this whole enterprise in some manner, in ’94, that was, at a time when not even every desktop in the federal government had a computer on it. And they weren’t necessarily even all networked at that time. So you must have seen a lot of change in forensics, in the use of computers in investigation. And in the investigation of computers.

Jude Sunderbruch: I sure have. When I started, we had typewriters. And we did have desktop computers, but they were not networked. So I remember when they came in, and they began networking them. In those early days, a lot of our work, when it came to forensics as investigators on the street, was making sure that we had responsibly seized all of the computer related materials at a crime scene. So that could have been five-and-a-quarter floppies, or three-and-a-half inch floppy drives, hard drives, the various constituent parts of a computer, and then sending that off to the lab for processing. And there’s still an element of that today. But now there’s so much information that is stored in so many different ways that it really has come down to teaming to figure out who is best prepared to support a particular thing. And so I think one of the things that’s exciting across, not just the federal government, but also with state and local partners and international partners, is how we’re all working to share best practices with each other in this space.

Tom Temin: And what are your plans for DC3? That is to say, how will you ensure that it keeps up with the latest in techniques, latest in technology, because, as you point out, this is a moving target?

Jude Sunderbruch: Well, I think there’s gonna be several parts to it. So right now, because of the broad array of cyber threats that people in the United States face and our Department of Defense faces, there’s a lot of different entities that are involved. So there’s portions of the Department of Justice certainly, Department of Homeland Security, fusion centers, state and local law enforcement, and then the military investigative agencies, as well as, importantly, the private sector, which really just has absolutely incredible capabilities. I think one of the themes of the time that I have the privilege of serving here at DC3 is going to be partnership. And so I’ve been taking some initial steps to take a look at how we structure our partner engagement efforts. And I think that’s probably where we’re really going to be investing a lot of time. We want to make sure that we’re non-duplicative of what others are doing. But we also want to make sure that there aren’t any gaps and seams. So I think that in partnership with our colleagues from across the Department of Defense, with the Department of Justice, Department of Homeland Security, and some of our state, local and international partners, we’ll really have an opportunity to refine our mission space, and really to support those entities out there that rely on our services.

Tom Temin: And finally, how big is DC3 in terms of federal employees and contractor support?

Jude Sunderbruch: Well, all told, it’s a little bit more than 450 people right now. And then they are connected and support a much broader network of those investigative entities. But when you add everybody up, it’s about 450 people.

Tom Temin: All right, and should we all continue to keep Tik Tok off of our phones?

Jude Sunderbruch: Well, I will tell you that that’s a broad policy decision. I will tell you that I am careful about a lot of things that I install on my phone personally. But I will also tell you probably because I go back to those typewriter days, sometimes I just listened to the radio on the radio. And so I tend to be a little bit careful. But I do think it’s a good idea for people to reach out. There’s a lot of great advisories that the FBI and DHS and others put out. So everybody’s gonna have to make up their own choice. But for me, I tend to keep it simple.

 

Related Stories

    DHS works around the clock to track cyber crime on the ‘dark web’

    Read more

    Hackers find more than 400 vulnerabilities in DoD’s industrial base companies

    Read more

On DoD

WEDNESDAYS, 11 A.M. & 2 P.M.

Each week, Defense Reporter Jared Serbu speaks with the managers of the federal government's largest department. Subscribe on PodcastOne or Apple Podcasts.