With cyberthreats on the rise, collaboration between the federal government and the private sector is more critical than ever, FBI Director Robert Mueller told a crowd of security professionals at the RSA Conference 2013.
"Network attacks and intrusions pose urgent threats to our national security and economy," he said Thursday. "We know these threats are growing and we must confront them together."
Mueller described the roles the FBI, National Security Agency and Department of Homeland Security play in handling cybersecurity threats, but emphasized the private sector's critical role.
"In the future, the cyberthreat will equal or eclipse the terrorist threat. ... Today, the private sector is the essential partner if we are to succeed in defeating the cyberthreat," he said. Private companies have the expertise and drive technology, he said, adding, "Without you, we couldn't combine innovation and security."
Federal officials have long called for public-private collaboration and sharing of cyberthreat information, but hurdles remain. As Mueller noted, companies are fearful of bad publicity or losing their competitive edge by disclosing information about cyberintrusions. Government officials, meanwhile, are limited in their ability to share cyberthreat information by statues that protect certain kinds of information, such as classified information.
In his speech, Mueller cited progress made in promoting information sharing, including the National Cyber Investigative Joint Task Force, which is made up of 19 agencies and serves as a focus point for cyberthreat information. On the private side, the National Cyber Forensics and Training Alliance includes more than 80 industry partners and works with federal and international entities to provide real-time threat intelligence, he said.
"These entities are steps in the right direction, but we must build on these initiatives," Mueller said.
For example, a unified team of government and private sector experts can confront a unique DDoS attack faster and more efficiently, he said. "The sooner we have teams in place to dissect these issues, the sooner we can develop solutions to resolve and anticipate them."
Federal officials want to work with the private sector to help identify anomalies and anticipate attacks, he said. The FBI and other government agencies must provide companies with real-time threat information by developing a mechanism for vulnerability information while protecting its classified context, he said. President's Obama's recent executive order will help on this front, he said.
Earlier this month, Obama authorized a plan to bolster cyberthreat information sharing and voluntary security guidelines for critical infrastructure protection.
NEXT: Rapid Information-Sharing Channels Are KeyAt the same time, FBI Director Mueller assured conference attendees that the FBI doesn't need to know every detail about their companies' trade secrets or customers. "We need information about threats and attacks so we can work with you to address them," he said.
Only by establishing channels for rapid information sharing will the government and private sector be able to effectively warn each other of impending attacks, he said.
Cybersecurity efforts have long focused on implementing defensive capabilities through firewalls, dual-factor authentication and password policies, Mueller said. These practices are important, but it's also critical to identify cybercriminals and develop responses, he said. He cited the case involving the 2011 arrest of Hector Xavier Monsegur of New York, who went by the name "Sabu" and was the co-founder of LulzSec.
Sabu's cooperation in the investigation led to the arrest of other suspects linked to the hacking groups Anonymous and LulzSec, and allowed the FBI to identify security vulnerabilities and stop future attacks, Mueller said.
Defeating today's cyberthreats "requires us to continually evolve and adapt," he said. "We need to abandon the belief that better defenses alone are sufficient." Instead, "we must build better relationships," he said.
PUBLISHED FEB. 28, 2013