WASHINGTON - A top FBI official warned today that many cyber-adversaries of the U.S. have the ability to access virtually any computer system, posing a risk that's so great it could "challenge our country's very existence."
Steven Chabinsky, deputy assistant director of the FBI's cyber division, delivered a strong and urgent warning about the threat of cyberattacks during a presentation Tuesday at the FOSE government IT trade show here. Chabinsky also offered recommendations for countering the threat, including rules that would restrict the ability of some systems to interoperate with more vulnerable ones.
"The cyber threat can be an existential threat -- meaning it can challenge our country's very existence, or significantly alter our nation's potential," Chabinsky said. "How we rise to the cybersecurity challenge will determine whether our nation's best days are ahead of us or behind us.
"I am convinced that given enough time, motivation and funding, a determined adversary will always -- always -- be able to penetrate a targeted system," he added.
Chabinsky said that terrorism is the FBI's top cyber priority, followed by its investigation of foreign countries "that seek every day to steal our state secrets and private sector intellectual property, sometimes for the purpose of undermining the stability of our government by weakening our economic or military supremacy."
Both terrorists and foreign countries are turning to cyber-technologies "to exploit our weaknesses," Chabinsky said.
Cybercrime is increasingly becoming a business and more often than not connected with violent organized crime syndicates. In fact, the FBI has started using SWAT teams to make some cybercrime arrests, said Chabinsky.
White collar criminals are also increasingly involved in such enterprises. Many believe they will never serve jail time, but "increasingly, they are wrong," said Chabinsky.
The FBI has been hiring and training special agents who can "talk the talk" and navigate the online world of cybercriminal enterprises.
Chabinsky urged government organizations to evaluate their risk postures, and ask their providers of security tools "whether they guarantee your system from computer intrusions and malware. If they don't ask them why," he added.
Chabinsky also recommended that agencies use a tier level of service, one that restricts the ability of key systems to interoperate with weak and vulnerable ones.
He also asked that people report intrusions as "a civic responsibility. The FBI cannot be successful without victims coming forward and providing their assistance."
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is firstname.lastname@example.org.