“The cyber-threats we face are enormous,” remarked FBI Director James B. Comey, speaking March 8th at Boston College’s first Conference on Cyber Security. “We need to ensure that cybersecurity is a priority for every enterprise in the United States at all levels; we need to get better and faster at sharing information in appropriate ways; we need to make sure we have the right people on board to help us fight that threat, and we need to build trust between the government and the private sector; but most of all, we need to work this together.”
The conference, a partnership between the FBI and Boston College’s Cybersecurity Policy and Governance master’s degree program, also features expert speakers and panelists who covered such areas as emerging technologies, operations and enforcement, along with real-life cyber and national security experiences focusing on risk, compliance, policy, threat trends, preparedness, and defensive strategies.
Cyber threats, said Comey, are “too fast, too big, and too widespread for any of us to address them alone.” Comey discussed the “stack of bad actors” committing cyber crimes, including nation-states, multinational cyber syndicates, insiders, hacktivists, and—currently to a lesser degree—terrorists (“they have not yet turned to using the Internet as a tool of destruction,” he explained, “in a way that logic tells us certainly will come in the future.”)
And what are these bad actors after? According to Comey, they’re after information, access, and advantage. He further explained, “And we’re not only worried about loss of data, but corruption of that data and lack of access to our own information.”
The public and private sector can help deter this behavior, said Comey, by reducing vulnerabilities, reducing the threat by holding accountable those who are responsible, and mitigating the damage.
The FBI Director also laid out the Bureau’s five-part strategy to address cyber intrusions:
- Focusing ourselves better inside the FBI in terms of how we operate and who we hire;
- Shrinking the world by clarifying investigative “lanes in the road” here at home and enhancing cooperation abroad;
- Imposing costs on this kind of behavior by locking cyber criminals up and/or calling them out through incidents and sanctions;
- Enhancing the “digital literacy” of state and local partners through training, equipment, and task forces to make them more effective; and
- Working to improve collaboration with private sector entities, the primary targets of cyber intrusions but the majority of whom, according to Comey, don’t turn to law enforcement when they’re breached.
Comey also spoke about the impact of the advent of “ubiquitous strong encryption” on the work of law enforcement and urged the audience to “continue to engage in what is a very complicated and difficult subject.” This so-called Going Dark issue is a growing challenge to public safety and national security that has eroded law enforcement’s ability to obtain electronic information and evidence with a court order or warrant.
References: This post is comprised of excerpts from the following news releases.