The theme of needing to collaborate to meet and defeat cyber crime has continued.
Speaking at the RSA Conference in San Francisco, Robert S. Mueller III, director at the FBI and a former US attorney, claimed that "technology is moving so rapidly that it is difficult to keep up" and called on private and public sectors to work together to share information.
In his keynote address, Mueller said it is imperative that we work together to protect our intellectual property, protect our infrastructure and protect our economy as cyber criminals use the internet to grow their businesses and connect with like-minded individuals.
Likening cyber crime to terrorism, he said that extremists are using cyberspace to conduct operations. “To date terrorists have not used the internet to launch a full-scale cyber attack, but we cannot underestimate their intent. In one hacker recruiting video, a terrorist proclaims that cyber warfare will be the warfare of the future,” he said.
“We are losing money, ideas and innovation, and as citizens we are increasingly vulnerable to losing information as together we must find a way to stop the bleeding.”
He said that the FBI has built networks, and he pointed to the takedown of botnets last year. But he admitted that the FBI cannot confront cyber crime on its own, as with each passing day "the need for a true collaborative approach with timely information sharing becomes more pressing".
He said: “We must continue to push forward together. Terrorism does remain the FBI's top priority, but in the not-too-distant future, we anticipate that the cyber threat will pose the number-one threat to our country, and we need to take lessons learned from fighting terrorism and apply them to cyber crime. We are ensuring agents have skills to operate in this environment.”
He said that 63 agents have been educated in cyber-crime skills and international partnerships have been developed.
Following from the call by RSA president Art Coviello for more collaboration, Mueller said that real-time information sharing is essential and information "can and should be shared" between the private and public sectors.
“Maintaining a code of silence will not serve us in the long run, it is not a question of if but when or how often. There are two types of companies: those that will be hacked and those that have been hacked and will be hacked again,” he said.
“We must limit the data that can be gleaned from such compromise, we must segregate data from routine information and we must incorporate layers of detection for critical information.
“We cannot minimise vulnerabilities and deal with the consequences, collectively we must use systems to catch threat actors rather than just withstand them.”