February 28, 2013

The Cyber Threat

Planning for the Way Ahead

Director Robert Mueller speaks to cyber security professionals in San Francisco at the annual RSA Cyber Security Conference in February 2013.

Director Mueller speaks to cyber security professionals in San Francisco.

Denial of service attacks, network intrusions, state-sponsored hackers bent on compromising our national security: The cyber threat is growing, and in response, said FBI Director Robert S. Mueller, the Bureau must continue to strengthen its partnerships with other government agencies and private industry—and take the fight to the criminals.

“Network intrusions pose urgent threats to our national security and to our economy,” Mueller told a group of cyber security professionals in San Francisco today. “If we are to confront these threats successfully,” he explained, “we must adopt a unified approach” that promotes partnerships and intelligence sharing—in the same way we responded to terrorism after the 9/11 attacks.

The FBI learned after 9/11 that “our mission was to use our skills and resources to identify terrorist threats and to find ways of disrupting those threats,” Mueller said. “This has been the mindset at the heart of every terrorism investigation since then, and it must be true of every case in the cyber arena as well.”

Partnerships that ensure the seamless flow of intelligence are critical in the fight against cyber crime, he explained. Within government, the National Cyber Investigative Joint Task Force, which comprises 19 separate agencies, serves as a focal point for cyber threat information. But private industry—a major victim of cyber intrusions—must also be “an essential partner,” Mueller said, pointing to several successful initiatives.

The National Cyber Forensics and Training Alliance, for example, is a model for collaboration between private industry and law enforcement. The Pittsburgh-based organization includes more than 80 industry partners—from financial services, telecommunications, retail, and manufacturing, among other fields—who work with federal and international partners to provide real-time threat intelligence.

Another example is the Enduring Security Framework, a group that includes leaders from the private sector and the federal government who analyze current—and potential—threats related to denial of service attacks, malware, and emerging software and hardware vulnerabilities.

Focus on Hackers and Intrusions

Padlocks and CodeThe FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Learn more

Mueller also noted the Bureau’s cyber outreach efforts to private industry. The Domestic Security Alliance Council, for instance, includes chief security officers from more than 200 companies, representing every critical infrastructure and business sector. InfraGard, an alliance between the FBI and industry, has grown from a single chapter in 1996 to 88 chapters today with nearly 55,000 members nationwide. And just last week, the FBI held the first session of the National Cyber Executive Institute, a three-day seminar to train leading industry executives on cyber threat awareness and information sharing.

“As noteworthy as these outreach programs may be, we must do more,” Mueller said. “We must build on these initiatives to expand the channels of information sharing and collaboration.”

He added, “For two decades, corporate cyber security has focused principally on reducing vulnerabilities. These are worthwhile efforts, but they cannot fully eliminate our vulnerabilities. We must identify and deter the persons behind those computer keyboards. And once we identify them—be they state actors, organized criminal groups, or 18-year-old hackers—we must devise a response that is effective, not just against that specific attack, but for all similar illegal activity.”

“We need to abandon the belief that better defenses alone will be sufficient,” Mueller said. “Instead of just building better defenses, we must build better relationships. If we do these things, and if we bring to these tasks the sense of urgency that this threat demands,” he added, “I am confident that we can and will defeat cyber threats, now and in the years to come.”

- Read Director Mueller’s remarks
- Cyber Crime page