Cyberattacks an 'existential threat' to U.S., FBI says
FBI official warns about increasing cyber-sophistication of rogue states, criminals
Computerworld - WASHINGTON - A top FBI official warned today that many cyber-adversaries of the U.S. have the ability to access virtually any computer system, posing a risk that's so great it could "challenge our country's very existence."
Steven Chabinsky, deputy assistant director of the FBI's cyber division, delivered a strong and urgent warning about the threat of cyberattacks during a presentation Tuesday at the FOSE government IT trade show here. Chabinsky also offered recommendations for countering the threat, including rules that would restrict the ability of some systems to interoperate with more vulnerable ones.
"The cyber threat can be an existential threat -- meaning it can challenge our country's very existence, or significantly alter our nation's potential," Chabinsky said. "How we rise to the cybersecurity challenge will determine whether our nation's best days are ahead of us or behind us.
"I am convinced that given enough time, motivation and funding, a determined adversary will always -- always -- be able to penetrate a targeted system," he added.
Chabinsky said that terrorism is the FBI's top cyber priority, followed by its investigation of foreign countries "that seek every day to steal our state secrets and private sector intellectual property, sometimes for the purpose of undermining the stability of our government by weakening our economic or military supremacy."
Both terrorists and foreign countries are turning to cyber-technologies "to exploit our weaknesses," Chabinsky said.
Cybercrime is increasingly becoming a business and more often than not connected with violent organized crime syndicates. In fact, the FBI has started using SWAT teams to make some cybercrime arrests, said Chabinsky.
White collar criminals are also increasingly involved in such enterprises. Many believe they will never serve jail time, but "increasingly, they are wrong," said Chabinsky.
The FBI has been hiring and training special agents who can "talk the talk" and navigate the online world of cybercriminal enterprises.
Chabinsky urged government organizations to evaluate their risk postures, and ask their providers of security tools "whether they guarantee your system from computer intrusions and malware. If they don't ask them why," he added.
Chabinsky also recommended that agencies use a tier level of service, one that restricts the ability of key systems to interoperate with weak and vulnerable ones.
He also asked that people report intrusions as "a civic responsibility. The FBI cannot be successful without victims coming forward and providing their assistance."
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is email@example.com.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts