At the same time, FBI Director Mueller assured conference attendees that the FBI doesn't need to know every detail about their companies' trade secrets or customers. "We need information about threats and attacks so we can work with you to address them," he said.
Only by establishing channels for rapid information sharing will the government and private sector be able to effectively warn each other of impending attacks, he said.
Cybersecurity efforts have long focused on implementing defensive capabilities through firewalls, dual-factor authentication and password policies, Mueller said. These practices are important, but it's also critical to identify cybercriminals and develop responses, he said. He cited the case involving the 2011 arrest of Hector Xavier Monsegur of New York, who went by the name "Sabu" and was the co-founder of LulzSec.
Sabu's cooperation in the investigation led to the arrest of other suspects linked to the hacking groups Anonymous and LulzSec, and allowed the FBI to identify security vulnerabilities and stop future attacks, Mueller said.
Defeating today's cyberthreats "requires us to continually evolve and adapt," he said. "We need to abandon the belief that better defenses alone are sufficient." Instead, "we must build better relationships," he said.
PUBLISHED FEB. 28, 2013