April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
FBI looks for partnerships to counter cyber threat
Mueller at RSA
Federal law enforcement needs private industry help to battle a growing and dire cyber threat to the U.S., the FBI told a gathering of the nation’s leading cyber security experts.
In a speech at the RSA Cyber Security Conference in San Francisco on Feb. 28, FBI Director Robert Mueller said denial of service attacks, network intrusions, and state-sponsored hackers are bent on compromising national security. That growing threat, he said, requires the FBI to strengthen partnerships with other government agencies and private industry to take the fight to the criminals. Defense measures also need to move beyond only reducing electronic vulnerabilities and include more focus on the attackers themselves, he said.
“Network intrusions pose urgent threats to our national security and to our economy,” said in his remarks. “If we are to confront these threats successfully,” he explained, “we must adopt a unified approach” that promotes partnerships and intelligence sharing—in the same way we responded to terrorism after the 9/11 attacks.
President Obama issued an Executive Order in February aimed at that goal, seeking to establish a voluntary scaffolding of industry best practices and goals to curb Cyber attacks and intrusions.
Mueller’s remarks echoed the intent of the president’s order, saying that the threat of Cyber attack shifts constantly and industry and federal agencies have to adjust. The FBI learned after 9/11 that “our mission was to use our skills and resources to identify terrorist threats and to find ways of disrupting those threats,” Mueller said. “This has been the mindset at the heart of every terrorism investigation since then, and it must be true of every case in the cyber arena as well.”
Partnerships that ensure seamless flow of intelligence are critical in the fight against cyber crime, he said. The federal government’s National Cyber Investigative Joint Task Force, comprised of 19 separate agencies, serves as a focal point for cyber threat information, but but private industry—a major victim of cyber intrusions—must also be “an essential partner,” Mueller said.
Mueller pointed to the the National Cyber Forensics and Training Alliance as a model for private industry and law enforcement collaboration. The Pittsburgh-based organization includes more than 80 industry partners—from financial services, telecommunications, retail, and manufacturing, among other fields—who work with federal and international partners to provide real-time threat intelligence.
Another example, he said, is the Enduring Security Framework, a group that includes leaders from the private sector and the federal government who analyze current—and potential—threats related to denial of service attacks, malware, and emerging software and hardware vulnerabilities.
Mueller said along with the partnerships, a more pro-active approach to dealing with Cyber attackers is needed.
“For two decades, corporate cyber security has focused principally on reducing vulnerabilities. These are worthwhile efforts, but they cannot fully eliminate our vulnerabilities,” he said. “We must identify and deter the persons behind those computer keyboards. And once we identify them—be they state actors, organized criminal groups, or 18-year-old hackers—we must devise a response that is effective, not just against that specific attack, but for all similar illegal activity.”
“We need to abandon the belief that better defenses alone will be sufficient,” he said. “Instead of just building better defenses, we must build better relationships. If we do these things, and if we bring to these tasks the sense of urgency that this threat demands,” he added, “I am confident that we can and will defeat cyber threats, now and in the years to come.”