FBI Director Mueller Comments on the Future of Cyber Security

On August 8, 2013, FBI Director Robert S. Mueller, III spoke at the International Conference on Cyber Security at Fordham University in New York, NY. His comments provided the "FBI perspective" on the future of cyber security.

In the speech, he commented:

"In recent years, we have seen a proliferation of adversaries in the cyber arena. As you have discussed this week, these criminals are constantly discovering and exploiting vulnerabilities in our software and our networks. They have also become increasingly professional: They are organized…they network…and they share tools, stolen data, and know-how.

"In the years to come, we will encounter new intrusion methods, hacking techniques, and other unpleasant surprises. And in response, our nation will continue to develop—as we must—the technical skills and tools to prevent these intrusions and limit their damage.

"But we will not be able to eliminate all vulnerabilities. True cyber security is more than defending against the ones and the zeros.

"We must remember that behind every intrusion is a person responsible for that intrusion—a warm body behind the keyboard, whether he or she sits in Tehran or Tucson; Shanghai or Seattle; Bucharest or the Bronx.

"Our ultimate goal must be to identify and deter the persons behind these keyboards. And once we identify them—be they state actors, organized criminal groups, or 18-year-old hackers—we must devise a response that is effective, not just against that specific attack, but for all similar circumstances."

He went on to add:

"But our effectiveness in cyber investigations rests on the same techniques we have used in cases throughout the FBI’s history—physical surveillance, forensics, cooperating witnesses, sources, and court-ordered wire intercepts.

"Let me share with you an example of how this works.

"The combination of technical skills and traditional investigative techniques recently led the FBI to the hacker known as Sabu—one of the co-founders of LulzSec.

"This case began when our Los Angeles Division collected IP addresses that were used to hack into the database of a TV game show. One of these led to an individual who had failed to anonymize his IP address. Our New York Office used confidential human sources, search warrants, and physical surveillance to identify and locate this man, who was only known then by his online moniker, Sabu.

"When our agents went to arrest him, they gave him a choice: Go to jail now, or cooperate.

"Sabu agreed to cooperate, continuing to use his online identity. His cooperation helped us to build cases that led to the arrest of six other hackers linked to groups such as Anonymous and LulzSec. It also allowed us to identify hundreds of security vulnerabilities—which helped us to stop future attacks and limit harm from prior intrusions.

"At its beginning, any investigation into an intrusion is a search for intelligence that will enable us to define that particular threat. The FBI’s dual role as both a national security and a law enforcement agency is instrumental in this work."

Finally, Mueller highlighted the importance of building strong partnerships with the private sector:

"The private sector is, of course, a primary victim of cyber intrusions. Yet those of you in the private sector also have the expertise and the knowledge to be an integral partner in defeating this threat. You build the components of cyber security—the hardware, the software, and the networks—and you drive future technology. Without you, we cannot combine innovation and security.

"The challenge we now face is to build more effective partnerships.

"We in the FBI are working with the private sector to share threat information and to better protect our critical infrastructure. For example, the Domestic Security Alliance Council, with chief security officers from approximately 250 companies, represents every critical infrastructure and business sector. Another partnership is InfraGard, which promotes the sharing of information about threats to critical infrastructure. Today InfraGard has 58,000 members nationwide from government, the private sector, academia, and law enforcement.

"While these outreach programs are helpful, we must do more. We must shift to a model of true collaboration—a model of working side-by-side as a matter of course."

You can find a full transcript of the speech here.

< Prev   Next >

New Books

Bloodstain Pattern Analysis

Most forensic disciplines attempt to determine the “who” of a crime. But bloodstain pattern analysis focuses on the “what happened” part of a crime. This book is the third edition of Blood-stain Pattern Analysis. The authors explore the topic in depth, explaining what it is, how it is used, and the practical methodologies that are employed to achieve defensible results. It offers practical, common-sense advice and tips for both novices and professionals. www.crcpress.com