Based on current trends, crime committed over the internet, be it denial of service, intrusion of systems, or theft of confidential information, likely will greatly increase in intensity soon, prompting the head of the FBI to call for more cooperation between the public and private sectors.
“I do believe that in the future, the cyber threat will equal or even eclipse the terrorist threat,” said Robert Mueller III, director, FBI, at an international conference on cyber security held recently at Fordham University.
“And just as partnerships have enabled us to address the terrorist threat, partnerships will enable us to address the cyber threat. But the array of partners critical to defeating the cyber threat is different. In this case, the private sector is the essential partner.”
He noted that the private sector has been and will be a primary target of cyber intrusions. By the same token, he said, the private sector exhibits the expertise and knowledge to be an integral partner in defeating the threat.
“You build the components of cyber security—the hardware, the software, and the networks—and you drive future technology. Without you, we cannot combine innovation and security,” Mueller said.
Along those lines, he listed several initiatives already underway that have the purpose of building closer public-private ties with the purpose of cyber defense. These include:
- Domestic Security Alliance Council, consisting of chief security officers from approximately 250 companies, representing every critical infrastructure and business sector. Representatives from a number of major banks sit on the board of this organization.
- InfraGard, which, through its 58,000 members, promotes the sharing of information about threats to critical infrastructure. Members include representatives from government, the private sector, academia, and law enforcement.
- National Cyber Forensics and Training Alliance, a wholly private entity that includes more than 80 industry partners from a variety of sectors, and which has access to more than 700 subject matter experts. It passes real-time threat intelligence to its federal and international partners every day. ABA works, along with NCFTA, on the Internet Fraud Alert program, which creates a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online—such as username and password log-in information for online services or compromised credit card numbers—to the appropriate institution responsible for that account.
One organization which Mueller did not mention, however, but which is integrally involved in sharing cyber threat information among financial institutions, is the Financial Sector-Information Sharing and Analysis Center, FS-ISAC. Many banks are members of this, as well as ABA, which functions to spread timely information about specific cyber attacks throughout its network, so that banks can quickly adopt appropriate defenses.
“Only by sharing intelligence swiftly will we be able to forecast coming attacks—and deter future ones. By fusing private-sector information with information from the intelligence community, we can produce a complete picture of cyber threats—one that benefits all of us,” Mueller said.