SAN FRANCISCO – Outgoing FBI Director Robert Mueller predicted to his successor James B. Comey that cybersecurity would dominate his 10-year tenure much the same way terrorism did Mueller’s.
“After five months, he’s right,” Comey said today during his keynote address at RSA Conference 2014.
Comey’s first appearance at RSA was a breezy 30-minute monologue disguised as a familiar plea for enhanced information sharing between the public and private sectors, in addition to a rundown of the nation-state and criminal threats facing the U.S., and an announcement that the FBI will release an unclassified version of its Binary Analysis Characterization and Storage System (BACSS) malware repository later this year.
“Send your malware sample to us, and you get a report back in a matter of hours on how it works, what it’s targeting and where it’s been seen elsewhere,” Comey said. “We hope to get BACSS on the same level as our repositories for fingerprints, criminal records and DNA.”
That seems to be an easier goal for Comey to attain than the information sharing vision he outlined. The NSA’s surveillance activities have made corporations gun shy of the government, and talk of machine-to-machine communication in real time about threats and vulnerabilities is sure to make some uneasy.
“I imagine a day when intelligence sources, the government, antivirus companies, financial and communications companies share machine data instantaneously,” Comey said. “To do all that, we need an automated intrusion detection system, in a standard language and native format, to all communicate in real time. And we must do this and be mindful of the need to protect privacy.”
Government agencies already are mandated to deploy the Einstein IDS on all network gateways in order to monitor traffic for attacks. The NSA has a proposal out for an enhancement to Einstein that would allow for monitoring of government traffic on private sector computers.
“We need help,” Comey said. “You are victims, and the key to defeating cybercrime as well. The information is on your servers; you have the expertise and knowledge to help us and we are actively trying to listen.”
Information sharing has never managed to clear significant hurdles. Private companies are in no hurry to give the government access to networks to investigate attacks or collect forensic information. Attack data must also be sanitized so as not to expose companies to additional attacks or hurt their competitive standing. Comey, who spent the latter half of his career working as general counsel at Lockheed Martin and Bridgewater Associates, tried to assure the audience he understood their hesitation.
“We don’t do a good job clarifying what we need to do,” Comey said. “There’s no unifying threat reporting system. Who in government is responsible for what in terms of cybercrime? I get that. I know where you’re coming from.
“Information always seemed to flow in one direction toward government,” Comey said. “No doubt government has information it cannot always share for reasons that I’m sure make sense to you. We will share much as we can, as quickly as we can, and in the most usable format.”
*James Comey image via RSA