The leaders of the Department of Defense and the Federal Bureau of Investigation this week separately expressed concern over the increasing numbers of cyberattacks, with FBI Director Robert Mueller (pictured, right) saying that while terrorism remains the FBI's top priority, "in the not too distant future, we anticipate that the cyberthreat will pose the No. 1 threat to our country."
Speaking at the RSA Conference, Mueller said state-sponsored hackers are patient and calculating. They have the time, the money and the resources to burrow in, and to wait. They may come and go, conducting reconnaissance and exfiltrating bits of seemingly innocuous information -- information that in the aggregate may be of high value. "You may discover one breach, only to find that the real damage has been done at a much higher level," he said.
"Unlike state-sponsored intruders, hackers for profit do not seek information for political power -- they seek information for sale to the highest bidder. These once-isolated hackers have joined forces to create criminal syndicates. Organized crime in cyberspace offers a higher profit with a lower probability of being identified and prosecuted.
"Unlike traditional crime families, these hackers may never meet, but they possess specialized skills in high demand. They exploit routine vulnerabilities. They move in quickly, make their money, and disappear. No company is immune, from the Fortune 500 corporation to the neighborhood 'mom and pop' business," he said.
Meanwhile, Defense Secretary Leon Panetta (pictured, left) told an audience at a conference at the University of Louisville: "We are literally getting hundreds or thousands of attacks every day that try to exploit information in various [U.S.] agencies or departments. There are, obviously, growing technology and growing expertise in the use of cyberwarfare. The danger is, I think, [that] the capabilities are available in cyber to virtually cripple this nation: to bring down the power grid, to impact on our governmental systems, to impact on Wall Street and our financial system and to literally paralyze this country," Panetta said.
The country needs to defend against that kind of attack, but also develop the intelligence resources to understand when those possible attacks are coming, the secretary said.
"So the one thing I worry about is in knowing these things are possible and feeling that we haven't taken all the necessary steps we need to protect this country," he said.
Mueller said the FBI needs to take lessons learned from fighting terrorism and apply them to cybercrime. "We are creating a structure whereby a cyber-agent in San Francisco can work in a virtual environment with an agent in Texas, an analyst in Virginia, and a forensic specialist in New York to solve a computer intrusion that emanated from Eastern Europe."
Sign up for Computerworld eNewsletters.