Sharing information, working with the private sector and ensuring US government departments work together are key to thwarting future attacks.
Speaking at the RSA Conference in San Francisco, Robert Mueller, director of the FBI, said that while delegates are aware of the threats to the country and economy, there must be a way to defend together and find a unified approach.
He identified four important areas of work: understand the lanes in the road and how to define roles; understand the crucial role that the private sector must play; get over the obstacles to collaboration; and focus on the criminal sitting behind the keyboard.
Mueller said that it was vital for the White House, National Security Agency (NSA), US Department of Homeland Security (DHS) and FBI to get over the public's confusion of what they all do and show that they are united. “In meetings we have ensured that we are on the same page with regard to our roles, and the FBI role domestically is to investigate, attribute and disrupt,” he said.
He said that the FBI is often the first point of response because of its nationwide coverage, but that this should include NSA and DHS expertise, while an understanding should be made on intrusion and notification to all three.
He said: “Also, the private sector has a key role to play in cyber security, I am reminded of the challenge in the wake of the 9/11 attacks, and there collaboration was key to response and the integration of task forces. The future will include a different array of partners from the private sector to identify the pattern of primary victims of intrusions. That is the key to defeating this threat, as we have ideas and can build components, networks and software and drive future technology.”
Mueller admitted that there is a perception that the FBI only cares about prosecuting those who are responsible for intrusions, and cited the case of former LulzSec leader turned FBI informant Hector Xavier Monsegur (aka 'Sabu'). He said that there are often legal obstacles to getting the job done, and also often so much jargon to understand, but by sharing information with the private sector, this was "essential to address the state of discord to exchange information".
“We must resolve these issues before the damage is done, and you must build in channels for information sharing and collaboration. Consider distributed denial-of-service (DDoS) attacks, they move fast and are efficient, but if you have expertise with government and the private sector and have experts working on both and specific sectors, the sooner you can deal with this," he said.
“We don't want you to report one off intrusions from the private sector, although they are important, we want you to deal with anomalies or highlight vulnerabilities for an attack. From our part, we must do more to provide information in real-time. We also must put in a mechanism to disclose vulnerabilities without revealing precise details. We don't need to know each detail of your intellectual property, clients or customers, but we need information on the size and detail of the attack to address the threat.
“Only by established channels can we report attacks, put it into detail and with the intelligence of the attack, and only with the common picture can we effectively disrupt threats.
“Behind every illegal intrusion, a person is responsible for that intrusion and cyber security is not just about defending the ones and zeros, it should focus on reducing vulnerabilities. You cannot fully remove your vulnerabilities and once you have identified those groups or hackers, you must devise a response that is effective not just against a specific attack, but against all activity.”
He concluded by calling on abandonment on the thought that current models for information sharing are sufficient, and instead focus on better defence and build better relationships "and anything that prevents us from collaborating".
“If we do this, I am confident we can and will defeat threats now and in the future.”