Terrorism is obviously still the most dangerous threat facing the United States. Cyber attacks and cyber terrorism may one day become the most dangerous threat, however, according to the FBI.
The director of the FBI, Robert Mueller, recently spoke at the RSA Cyber Security Conference in San Francisco about what his organization is doing to stop cyber crime.
Mueller began by telling a story of how iCloud and the Find my iPhone app helped stop a theft in New York City. He used this as an example of how technology is “an investigative tool.” Technology can also be used as a means of attack, however, and the FBI takes this new threat very seriously.
He went on to say that traditional crime has now moved to the Internet. On the same note, terrorists are now using the Internet to recruit and raise money.
In response to this, he began to detail what the FBI is doing to fight back against the increasing number of cyber threats. The first, of course, being cyberterrorism.
He says that terrorists are becoming more “cyber savvy” and using the Internet to grow their business. The worst part is that they aren’t even hiding, but conducting their online business out in the open.
He points to the Twitter account of Al Shabaab, an Al Qaeda affiliate in Somalia, that uses its account to taunt its enemies and encourage terrorist activity.
While there has not been a major cyberattack from a terrorist cell yet, he says to not underestimate them. He points to a terrorist recruiting video that says cyber warfare is the warfare of the future.
He then goes on to say that state-sponsored hacks and economic espionage are major threats as well. The main threat being foreign hostile nations seeking to steal “our intellectual property and our trade secrets for military and competitive advantage.”
The main threat seems to be from state-sponsored hacking as they have “the time, the money and the resources to burrow in, and to wait.”
He also calls attention to what he calls “hackers for profit” who steal information to sell to the highest bidder. He says that while these hackers may have been isolated groups before, they are now joining forces to create criminal syndicates.
All of this results in the loss of data. What does that mean? Mueller says that we are “losing money... losing ideas and losing innovation.”
What is the FBI doing about it? Mueller says that they have set cyber squads in every one of their 56 field offices, with more than 1,000 specially trained agents. He says that the FBI’s dual role in “law enforcement and national security” allows them to be “uniquely positioned to collect the intelligence we need to take down criminal networks, prosecute those responsible, and protect our national security.”
Globally, the FBI has teamed up with police departments around the world in 63 offices to help discover “emerging trends and key players.”
He says that their efforts are paying off. He references an investigation called “Operation Ghost Click” that targeted “a ring of criminals who manipulated Internet “click” advertising.”
While terrorism remains the organization’s top priority, he expects cyber threats to be the number one threat to the U.S. in the near future.
To combat this new threat, he says that all of their special agents will be trained in “fundamental skills to operate in this cyber environment.”
He says that they are also creating a virtual environment where agents from all over the world can coordinate on attacks wherever they may happen.
To help them combat the new threat of cyberterrorism, they are pushing for a national data breach reporting law. This would require any organization targeted by a hack to immediately report the intrusion to the FBI.
For those companies who may not want to share the news of a hack, he says not to worry:
You may believe that notifying the authorities will harm your competitive position. You may fear that news of a breach will erode shareholder confidence. Or you may think that the information flows just one way—and that is to us.
We do not want you to feel victimized a second time by an investigation. We will minimize the disruption to your business, and we will safeguard your privacy. Where necessary, we will seek protective orders to preserve trade secrets and business confidentiality. And we will share with you what we can, as quickly as we can, about the means and the methods of attack.
To reiterate the severity of cyber attacks, he says that there will be only two types of companies in the future - “companies that have been hacked and those that will be” Even then, he says that further in the future it will become “companies that have been hacked and will be hacked again.”
To protect data, he feels that companies need to limit the data that can be “gleamed from any compromise.” Companies must also “segregate mission-centric data from routine information.”
The end of the speech really hits home the whole point that Mueller is trying to make:
In the days of the Roman Empire, connectivity was on the rise—new roads, new ways of communicating, and a new postal system to handle the influx of written documents. Postal deliveries were the high point of the day. People coming from every direction would converge at the port to meet the delivery boats arriving from Egypt.
As they say, the more things change, the more they stay the same.
Today we have the so-called “BlackBerry Jam,” where several individuals—heads down, shoulders slumped, all furiously typing, talking, reading, or browsing at once—come to a head on a crowded corner. We are all guilty of this conduct.
All those years ago, Seneca argued that the more connected society becomes, the greater the chance that the individual will become a slave to that connectivity. Today, one could argue that the more connected we become, the greater the risk to all of us.
We cannot turn back the clock. We cannot undo the impact of technology. Nor would we want to.
But we must continue to build our collective capabilities to fight the cyber threat…we must share information…we must work together to safeguard our property, our privacy, our ideas, and our innovation.
We must use our connectivity to stop those who seek to do us harm.
Do you agree with Mueller about the threat posed by cyber attacks? Is the FBI doing enough to deter them? Or can more be done than what is already planned? Let us know in the comments.