RSA: FBI Director Calls For Action Against Cyber Threat
"We are playing the cyber equivalent of cat and mouse," Mueller told thousands of IT professionals in a keynote during the RSA Conference Thursday. "We must make the cost of doing business more than they are willing to bear,"
As part of his call to arms, Mueller pledged minimal disruption to business with protective orders and increased privacy for U.S. corporations who suffered data breaches, in order to avoid loss of reputation and brand--despite the momentum of federal and state data breach disclosure laws.
"Notifying the authorities may harm your competitive position. We will minimize the disruption into your business," he said. "Together we work together to limit the breadth and scope of this attack. For every investigation in the news, there are hundreds that will never make the headlines. Disclosure is the exception not the rule."
Also as part of the cyber crime effort, Mueller said that the U.S. needed to work collaboratively with international governments to resolve the problems and follow through with investigations to put cyber criminals behind bars.
Meanwhile, the threats are indeed numerous, Mueller said. During his presentation, Mueller underscored that cyber attacks were becoming more sophisticated, stealthy and prevalent. Cyber crime gangs and terrorist organizations are increasingly using malware to further their financial and political aims and "incite terrorism," he said.
"A cyber attack could have the same impact as a well-placed bomb," he said. "Countless extremists have taken this to heart. We believe the cyber terrorism threat is real and rapidly expanding."
To underscore his point, Mueller said that terrorist camps now incorporated cyber terror into their training regimen, combining physical attacks with cyber attacks. Additionally, Mueller said that malware was increasingly being used to conduct cyber espionage against U.S. networks.
"These hackers actively target our government networks, intellectual property, even our military weapons in strategy," he said. "They have everything to gain and we have great deal to lose."
In addition to politically motivated attacks, Mueller said that -- as with the Google Aurora attacks -- cyber spies were increasingly targeting corporate networks in an effort to steal intellectual property and other financial assets. Spear phishing attacks that targeted high-level administrators were becoming the primary vector, and were "too realistic to ignore. Just one breach is all the need to open the floodgates."
"We are bleeding data," he said. "In some cases, terabyte by terabyte,' Mueller said. "The risks are no longer a distant possibility. They are right there on the doorstep and in some cases already inside the house."