Written by Sean Lyngaas

Amy Hess has spent nearly three decades at the FBI, rising to become the highest-ranking woman in the bureau and head of the Criminal, Cyber, Response, and Services Branch.

Now, she’s heading to Louisville, Kentucky, where, starting in February, she will be chief of public services, overseeing things like emergency services and public works.

Mayor Greg Fischer announced Hess’s appointment last month in a statement picked up by local media but little noticed inside the Beltway.

It is a homecoming of sorts for Hess, who previously served as special agent in charge in the FBI’s Louisville field office.

It was not immediately clear who would replace Hess as head of the Criminal, Cyber, Response, and Services Branch. CyberScoop has requested comment from the FBI.

As a senior FBI cybersecurity official, Hess has spoken out about hacking threats from the Chinese and Russian governments, but also about how the FBI is working more closely with U.S. companies to guard against such threats.

“We developed a relationship to where we would say, “Hey, we are a few miles down the road from your headquarters. And so anytime you want we can come over here’” and provide threat briefings, Hess said at an industry conference in April, reflecting on her time as an FBI agent in Louisville.

The briefings were “informative for us, so we that we had a better understanding … of what types of information would be attractive to either a nation-state actor or to a criminal enterprise,” she added.

Player in the ‘going dark’ debate

Hess is also known for raising concerns within the FBI about the bureau’s approach to trying to break into the iPhone of a perpetrator of the 2015 San Bernardino, California, terrorist attack. The FBI had taken Apple to court to compel the tech company to write software to unlock the phone, but the bureau paid a contractor to help crack it before that legal battle could play out.

The case intensified the standoff over what to do when criminals are “going dark” with encrypted communications. Law enforcement officials say end-to-end encryption hinders investigations. Many technologists warn that attempts to circumvent encryption for law enforcement would weaken internet security.

Hess, then the FBI’s executive assistant director for science and technology, raised concerns with the Department of Justice inspector general that the head of the FBI’s Cryptographic and Electronic Analysis Unit (CEAU) “did not seem to want to find a technical solution” to the problem of the San Bernardino attacker’s locked phone, according to a 2018 report by the IG. Hess suspected, the report said, that the CEAU chief “knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple.”

U.S. Attorney General William Barr has in recent months renewed calls for tech companies to provide law enforcement ways of breaking strong encryption, warning that it shields “dangerous criminals.”

Hess is one of multiple senior FBI cybersecurity officials to leave the bureau in the last 15 months. In June, Eric Welling, former deputy assistant director of the FBI’s Cyber Division, joined consulting giant Accenture. Trent Teyema stepped down as the FBI’s section chief of cyber readiness to become senior vice president at Parsons Corp.