Since the Sept. 11 terrorist attacks last year, U.S. Federal Bureau of Investigation (FBI) director Robert Mueller has taken the unprecedented step of making the fight against cybercrime and cyberterrorism the bureau's No. 3 priority behind counterterrorism and counterintelligence. But private-sector cooperation in that fight remains woefully inadequate, Mueller told an invitation-only meeting of industry and government officials Friday.
"We probably get one-third of the [cybercrime] reports that we would like to get," said Mueller, speaking at the National Forum on Combating e-Crime and Cyberterrorism, sponsored by the Arlington, Va.-based Information Technology Association of America and El Segundo, Calif.-based Computer Sciences Corp.
"You're not enabling us to do the job," Mueller said, referring to the lack of incident reporting coming from the private sector. Without more companies stepping forward and cooperating with law enforcement on prosecuting known or suspected cybercrimes, the FBI's analysis and prediction capability will not improve, nor will the overall state of security on the Internet, said Mueller.
"We understand that there may be privacy [and public relations] concerns," said Mueller. "We, as an organization, have learned that you don't want us [responding] in raid jackets, you want us there quietly." However, for the attacks to stop, "there has to be a sanction."
For its part, the FBI under Mueller's stewardship has undertaken a massive reorganization designed to make the agency more nimble and savvy when it comes to responding to and understanding cyberbased attacks against the nation's critical infrastructure.
In addition to making cybercrime and cyberterrorism one of the bureau's top three priorities, Mueller said the FBI has changed its hiring practices to focus on recruiting "a new type of agent" that can bring a "bedrock of experience" from the world of IT.
The bureau has also taken steps to improve information sharing with other federal, state and local agencies. So far, Mueller has set up three joint FBI-Secret Service cybercrime task forces and recently created a computer forensics laboratory in San Diego, with plans to establish additional labs throughout the country. The labs will include the participation of various agencies, including the Customs Department and the Immigration and Naturalization Service.
Although it is "absolutely critical" that the private sector and the government work together, Harris Miller, president of the ITAA acknowledged that "the reality is that our interests are not always in alignment." However, the chances of successfully battling e-crime and cyberterrorism without government help "are literally zero," he said.
Given the increasingly organized nature of cybercrime syndicates and various other "techno-gangs," it is critically important for companies to come forward when they are the victims of a crime, said Paul McNulty, U.S. Attorney for the Eastern District of Virginia. Without that cooperation, there is a real chance that "cyberspace could become an economic blight ... where people are afraid to go."
There remains, however, a "huge gulf between industry as vendor and industry as customer," said Marty Stansell-Gamm, chief of the Computer Crime and Intellectual Property Section at the Justice Department. Discussions have not yet taken place that would enable industry to speak with one voice, she said.