- Steven M. Martinez
- Acting Assistant Director, Cyber Division
- Federal Bureau of Investigation
- Third Annual Cyber Security Summit 2005 University Of South Florida
- St. Petersburg, Florida
- February 09, 2005
Good morning and thank you for inviting me to speak at the opening of today's Third Annual Cyber Security Summit.
At the outset, I would like to discuss what I see as the two great threats to cyber-security, as well as some of the related challenges we all face as our technology becomes ever more enabling, while still remaining vulnerable to attack.
First, from the FBI’s perspective, there are a number of traditional crimes that have migrated online: the garden variety frauds, identity theft, copyright infringement, child pornography, and child exploitation.
As you all know, the powerful technologies that have done so much to improve the quality of our lives are also being used by some of the worst elements of our society: small-time criminals who can take on a whole new persona on the Internet; malcontents who can find like-minded hate groups; and scam artists who think they can escape detection in the anonymity of the web.
FBI projections indicate that the number of Internet-enabled crimes will increase radically over the next few years, with the potential for driving down consumer confidence in Internet security and stunting the growth of e-commerce, neither of which the United States can afford.
The second problem is the evolution of a new category of crime, which include computer intrusions, denial-of-service attacks, worms, viruses, and the like. These types of attacks, quite obviously, did not exist in the days before computers, but they are a powerful threat that we must all address.
In response to these problems, the FBI has reshaped itself in a number of ways. Shortly after the 9/11 terrorist attacks, FBI Director Robert Mueller made terrorism and counterintelligence the number one and two priorities, respectively, for the FBI. The FBI has done so, because there is no other agency with the necessary skills, network, and resources to address these critical matters nationally and globally.
At the same time, Director Mueller identified the danger that cyber threats pose to our nation and made cyber crimes and intrusions the FBI's number three priority. In doing so, the Director recognized not only the rapidly expanding cyber threat, but also the FBI’s well-established capabilities and expertise in addressing these threats. He saw that through our leadership in establishing the National Infrastructure Protection Center, and through our experience—and successes—in areas like white collar crime, computer investigations, and Internet child exploitation cases, there already existed a strong base upon which this new priority could be pursued.
To emphasize this new priority, Director Mueller approved the establishment of the Cyber Division in early 2003, with a mission to detect, prevent, and investigate cyber-based attacks and high technology crimes. The cyber division now stands as one of four operational divisions in the FBI along with our counterterrorism, counterintelligence, and criminal divisions.
We believe that with the establishment of the Cyber Division, the FBI is uniquely postured to play an important role—and an integral part—in protecting the technological infrastructure of the United States from threats and attacks.
We recognize as we look a few years down the road, and as technology continues to evolve and change, the FBI must have the necessary expertise to address cyber attacks on our infrastructure and to address cyber-crime in all of its forms. Since 9/11, we have consolidated various computer-related investigative responsibilities within our organization into the Cyber Division. In doing so, we have sought to aggregate the technological and investigative expertise necessary to meet the challenges that lie ahead.
In further addressing the Bureau's cyber capabilities, the FBI has significantly changed its hiring philosophy. In the past we have targeted lawyers, accountants, former law enforcement, and former military for recruitment. But with changing priorities, our hiring practices are changing as well. What we are looking for now are individuals with more specific and focused skill sets—skills that are critical to our mission. Of course we are targeting individuals with specific counterterrorism and intelligence backgrounds, or expertise in critical foreign languages. And in this world of emerging cyber threats, we are recruiting and hiring individuals who possess degrees and experience in computer sciences, information systems, or related disciplines. In the wake of 9/11, we are looking for specialists who possess a bedrock of experience and a profound understanding of the cyber world.
In addressing the various cyber threats the FBI recognizes that we cannot do this work alone. It is important for us as an agency to understand that, while we bring substantial investigative and organizational talents to the table, there are other law enforcement agencies who bring equal talents and capabilities that can be leveraged against these threats as well.
We are working closely and cooperatively with our law enforcement partners at the local, state, and federal level. By combining our capabilities we can work cooperatively to maximize the effect.
Finally, the FBI recognizes the importance of working closely with the private sector and academia. We recognize that in certain areas we lack the expertise that you possess, and that for us to be successful we need your help.
As we address cyber crimes—whether it be denial-of-service attacks, hacking attacks, or worms or the like—we need to work with you, share with you, leverage your expertise, and be attentive to your practical concerns. Those of you who are here from the corporate world are potentially the real victims in these cases. And, it is important for us to understand the very real concerns you have when your organizations are victimized by cyber criminals.
We in law enforcement have to understand that when we are called into an investigation, the mere fact that you have called on us can adversely impact your organization’s image and competitive position in the marketplace. We in law enforcement have to understand that there may be legitimate privacy concerns that you need to protect in order to maintain the trust of your customers and clients. We must understand that putting on raid jackets and coming in hard, with a lot of publicity, will not necessarily be the kind of help you are looking for. And, in turn, it may not be the best way for us to get the job done.
Aside from privacy concerns, we also understand your concerns regarding the protection of your intellectual property, which, depending on the circumstances, could be contained in media we would have to seize as evidence of an intrusion into your networks or systems. We understand that we have a duty to minimize the disruption to your operations and to protect intellectual property we may have access to in the course of an investigation.
I would like to specifically address the subject of reporting cyber attacks on private sector computer systems to the FBI. The FBI receives only about one-third of the reports that we would like in computer intrusion matters—and, most likely, for some of the reasons I have just discussed.
If we as an agency are to become more predictive and pro-active in the future and prevent cyber attacks from happening, we need a more comprehensive intelligence base that will enable us to record and examine all of the tools and techniques hackers are using to attack the cyber infrastructure. So, at the outset, the anchor required in this effort is for the FBI to be notified of all attacks.
The other side of this coin is that there have to be sanctions on the attackers. You want attacks stopped; you want hackers stopped; you don't want to face these problems down the road—so you invest in the best possible protection. But then the attacker will move along and victimize the next company. That is not good for the industry, it is not good for your partners and peers in the industry, and it is especially not good for the confidence of the customers and clients you serve. There have to be sanctions—and the most effective sanction is locking these criminals up.
So the successful future of cyber cases lies not in merely protecting your own systems. If there are criminals out there who are going to continue hitting company after company, it is essential that we go after them aggressively. The sanction and the most effect deterrent has to be putting these criminals in jail. Now, and in the future, we need your cooperation as victim companies—to help provide us with the intelligence and evidence that will enable us to do just that.
The FBI is also working hard to address the international dimensions of these attacks. We have enhanced our international capabilities, because many of the most damaging DDoS and hacking attacks are initiated from overseas. Through our 47 legal attache offices overseas we have established the contacts necessary that will enable us to address these cyber threats outside of our borders.
The core principle in all of this is, of course, cooperation. We must employ cooperative efforts among law enforcement entities at all levels—cooperative efforts with our counterparts overseas, and, critically, cooperative efforts between private industry and law enforcement—us and you.
In closing, I want to emphasize that events like this gathering today enable us with the opportunity to discuss common issues and threats and the challenge to explore innovative solutions. More importantly, though, this event enables us to establish and solidify the relationships that will ensure our success in addressing cyber threats in the future.
I thank you for your attention this morning, and I applaud you in your efforts to work so hard together to protect our country against cyber threats and cyber criminals.