Cyber attacks are ‘existential threat’ to U.S., FBI says
Wednesday, March 24, 2010 9:15WASHINGTON — A top FBI official warned today that many cyber-adversaries of the U.S. have the ability to access virtually any computer system, posing a risk that’s so great it could “challenge our country’s very existence.”
Steven Chabinsky, deputy assistant director of the FBI’s cyber division, delivered a strong and urgent warning about the threat of cyber attacks during a presentation Tuesday at the FOSE government IT trade show here. Chabinsky also offered recommendations for countering the threat, including rules that would restrict the ability of some systems to interoperate with more vulnerable ones.
[ In his Security Adviser blog, Roger Grimes warns that we're losing the war on cyber crime. | Attacks on Google and other tech companies focused attention on the issue of state-sponsored cyber attacks. | A proposed U.S. law would identify and clean up international cyber crime havens. ]
“The cyber threat can be an existential threat — meaning it can challenge our country’s very existence, or significantly alter our nation’s potential,” Chabinsky said. “How we rise to the cyber security challenge will determine whether our nation’s best days are ahead of us or behind us.
“I am convinced that given enough time, motivation, and funding, a determined adversary will always — always — be able to penetrate a targeted system,” he added.
Chabinsky said that terrorism is the FBI’s top cyber priority, followed by its investigation of foreign countries “that seek every day to steal our state secrets and private sector intellectual property, sometimes for the purpose of undermining the stability of our government by weakening our economic or military supremacy.”
Both terrorists and foreign countries are turning to cyber technologies “to exploit our weaknesses,” Chabinsky said.
Cyber crime is increasingly becoming a business and more often than not connected with violent organized crime syndicates. In fact, the FBI has started using SWAT teams to make some cyber crime arrests, said Chabinsky.
White collar criminals are also increasingly involved in such enterprises. Many believe they will never serve jail time, but “increasingly, they are wrong,” said Chabinsky.
The FBI has been hiring and training special agents who can “talk the talk” and navigate the online world of cyber criminal enterprises.
Chabinsky urged government organizations to evaluate their risk postures, and ask their providers of security tools “whether they guarantee your system from computer intrusions and malware. If they don’t ask them why,” he added.
Chabinsky also recommended that agencies use a tier level of service, one that restricts the ability of key systems to interoperate with weak and vulnerable ones.
He also asked that people report intrusions as “a civic responsibility. The FBI cannot be successful without victims coming forward and providing their assistance.”
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld . Follow Patrick on Twitter at @DCgov , or subscribe to Patrick’s RSS feed . His e-mail address is pthibodeau@computerworld.com .
Read more about cyber crime and hacking in Computerworld’s Cyber crime and Hacking Knowledge Center.
