Page 1 of 2
With cyberthreats on the rise, collaboration between the federal government and the private sector is more critical than ever, FBI Director Robert Mueller told a crowd of security professionals at the RSA Conference 2013.
"Network attacks and intrusions pose urgent threats to our national security and economy," he said Thursday. "We know these threats are growing and we must confront them together."
Mueller described the roles the FBI, National Security Agency and Department of Homeland Security play in handling cybersecurity threats, but emphasized the private sector's critical role.
"In the future, the cyberthreat will equal or eclipse the terrorist threat. ... Today, the private sector is the essential partner if we are to succeed in defeating the cyberthreat," he said. Private companies have the expertise and drive technology, he said, adding, "Without you, we couldn't combine innovation and security."
Federal officials have long called for public-private collaboration and sharing of cyberthreat information, but hurdles remain. As Mueller noted, companies are fearful of bad publicity or losing their competitive edge by disclosing information about cyberintrusions. Government officials, meanwhile, are limited in their ability to share cyberthreat information by statues that protect certain kinds of information, such as classified information.
In his speech, Mueller cited progress made in promoting information sharing, including the National Cyber Investigative Joint Task Force, which is made up of 19 agencies and serves as a focus point for cyberthreat information. On the private side, the National Cyber Forensics and Training Alliance includes more than 80 industry partners and works with federal and international entities to provide real-time threat intelligence, he said.
"These entities are steps in the right direction, but we must build on these initiatives," Mueller said.
For example, a unified team of government and private sector experts can confront a unique DDoS attack faster and more efficiently, he said. "The sooner we have teams in place to dissect these issues, the sooner we can develop solutions to resolve and anticipate them."
Federal officials want to work with the private sector to help identify anomalies and anticipate attacks, he said. The FBI and other government agencies must provide companies with real-time threat information by developing a mechanism for vulnerability information while protecting its classified context, he said. President's Obama's recent executive order will help on this front, he said.
Earlier this month, Obama authorized a plan to bolster cyberthreat information sharing and voluntary security guidelines for critical infrastructure protection.