In a push for stronger digital security, the FBI underscores its evolving efforts to defend against cyber threats with renewed publicity and technical collaboration. As Assistant Director Brett Leatherman leads the bureau’s cyber division through its ongoing “Operation Winter SHIELD,” the agency is refining its strategy to address risks from foreign adversaries, including China, and to foster closer cooperation with industry players. Leatherman highlights his intent to shift the traditional perception of the FBI’s cyber role as the bureau adopts an unusually public approach to technical outreach, blending enforcement experience with industry-facing guidance. With Winter SHIELD, the FBI aims to engage both large corporations and small businesses, stressing the persistent tactics adversaries use to infiltrate American networks and the need for vigilance among critical infrastructure stakeholders.
The FBI’s cybersecurity focus was previously known for post-incident investigations and quieter, behind-the-scenes operations. Former campaigns from agencies like the Cybersecurity and Infrastructure Security Agency (CISA) featured broadly similar shield-themed approaches but were more common in the civilian federal space. Unlike earlier efforts that leaned heavily on private alerts and advisories, the FBI is now using public campaigns, visible partnership activities, and collaborative messaging alongside technology partners like Microsoft. Ongoing political and leadership changes had previously raised uncertainty about the division’s resources and mission, but current FBI leaders maintain that the cyber strategy remains intact.
How is the FBI Addressing the Rising Cyber Threat from China?
The FBI is drawing particular attention to increased risks linked to China, specifically referencing concerns about U.S. infrastructure being targeted should tensions over Taiwan escalate. A recent summit in Honolulu brought together critical infrastructure operators with bureau officials to regard Hawaii’s vulnerability in such an event. Leatherman has positioned “defending the homeland” as a first priority, emphasizing deterrence and direct defensive action against potential Chinese-linked cyber operations.
What Role Does Operation Winter SHIELD Play in Industry Collaboration?
Operation Winter SHIELD stands as a distinctive outreach campaign, combining technical recommendations and localized engagement to address real-world risks. The initiative highlights ten central recommendations, such as improved log protection and phishing-resistant authentication, which draw directly from the FBI’s experience responding to major cyber incidents. Leatherman notes that these measures are relevant to organizations regardless of size, remarking,
“the 10 recommendations that we’re making right now are not a surprise to many people out there who work or have cyber over the last few years, but it’s important that we also highlight that these 10 controls are the ways that we continue to see actors getting into fortune 100 businesses and small to medium businesses in virtually 99% or greater of the investigations we run.”
Are Resource Challenges Impacting the Cyber Division?
Concerns about reduced resources have surfaced, with policy shifts, proposed budget cuts, and repositioning of personnel reported in public debates. However, Leatherman asserts that the FBI’s core cyber capabilities—including efforts to counter crimes involving virtual assets like cryptocurrency—have not been diminished. He stated,
“We have not moved resources from [the] cyber division. We still have our virtual asset unit, we still have our Virtual Currency Response Team, all those teams responsible for tracking the stolen crypto from North Korea.”
The agency also clarifies that ongoing cooperation with industry is designed to be complementary to federal partners such as CISA rather than competitive or duplicative.
As agencies strengthen their public-facing cyber operations, organizations facing evolving threats can benefit from adopting tailored recommendations based on direct incident response experience. The FBI’s deliberate outreach to both international and domestic partners reflects a recognition that cyber threats increasingly cross national borders and affect a wide range of entities, not just high-profile targets. To prepare, businesses are urged to focus on proactive controls instead of reactive measures, such as continuous log management, authentication practices, and faster incident reporting procedures. Despite uncertainties about resource allocation and structural changes, the bureau continues to reinforce its cyber priorities with leadership assurance and cross-agency alignment. As threat actors become more sophisticated, regularly updated guidance and transparent industry cooperation may prove more useful than isolated alerts. Remaining open to timely intelligence sharing is likely to shape how effectively organizations and law enforcement can minimize cyber risk.
