FBI Director Robert S. Mueller's keynote speech at the RSA Conference in San Francisco brought to the forefront the reality that everyone never wants to hear: the FBI can't be the only line of defense and apprehend every cybercriminal attacking and stealing American owned property.
The FBI has increased its cyber skills immensely over the past decade and works independently and cooperatively with other agencies. The Bureau, like other agencies, has numerous responsibilities in addition to Internet-based crimes.
At the RSA conference, the Director highlighted several Bureau successes (edited):
- Worked with Egyptian authorities to dismantle a computer intrusion and money laundering scheme operating in the United States and Egypt.
- With our partners in the United Kingdom, Germany, and Turkey, dismantled Darkmarket, one of the most sophisticated online criminal syndicates-and one of the forerunners in using the Internet to buy and sell stolen financial data.
- Worked with Romanian National Police to arrest more than 100 Romanian nationals in the past 18 months. Four years ago, several American companies threatened to cut cyber ties with Romania because of the rampant hacking originating from that country. And yet today, Romania is one of our strongest partners.
- Recent global bank heist, where the hackers broke through an encrypted system to steal account numbers and PIN codes. They created more than 400 hundred fake ATM cards and recruited hundreds of mules around the world. In just 24 hours, in roughly 280 cities, they stole nearly $10 million dollars. The loss was limited only by the number of mules and the cash in the ATMs.
Given the challenges that the FBI has been tasked to combat, it's amazing that they have done as well they have, given the resources they started with just over a decade ago.
Director Mueller closed by saying:
The only way to do that is by standing together. Together we can find better ways to safeguard our systems and stop those who would do us harm. For ultimately, we face the same threat. We both serve the American people. And we must continue to do everything we can, together, to minimize these attacks.
An idea...(mine, not the Director's)
There are three primary agencies -- the FBI, NSA, and DHS -- responsible for inter-state domestic and international intrusions that have source or destination points to the United States. These agencies have resource support (including intelligence and technical expertise) from the CIA and NSA in concert with the Director of National Intelligence. On top of that, there are other resources such as the Intelligence branches of the military at US Strategic Command (USSTRATCOM). More sub-layers exist at state and local levels with Police departments that also have cyber-crime divisions.
All of these agencies work with international partners through various agreements. Criminal and terrorist organizations currently have the upper hand and, to be sure, outnumber the good guys by a wide margin. Can the good guys win and stay within the existing legal framework, avoiding the ever expanding minefield of constitutional and international law and trampling over jurisdiction and sovereignty?
Perhaps it is time for the agencies to pool their resources and create a single entity that is responsible for all jurisdictions of the country and has the mandate to protect all critical infrastructures for all levels of government, private sector and its citizens. DHS and the FBI need to refocus on their other duties and responsibilities. DHS, already stretched thin with responsibility operating Secret Service, TSA, FEMA, Coast Guard, Customs - Border Patrol and Counter Terrorism does so under a single Director.
The FBI, one of the smallest Federal agencies, should be augmented by integrating Alcohol, Tobacco and Firearms (ATF), Counter Terrorism, U.S. Marshal's and Secret Service.
The two agencies immersed the most in complex and sophisticated computer and network systems could be reorganized. The NSA itself should be split in two, one branch continuing on with its mandate gathering and collecting foreign signals intelligence and integrated into the CIA; the other being prime for a new domestic agency that would then be the basis for a new foundation whereby the other organizations' pool (FBI, DHS, Military) of talent in cybercrime and technical resources are integrated into a new domestic Computer NSA agency. It would be responsible for:
- Cyber crime activity - foreign and domestic sourced: investigative and enforcement
- Analysis and Information - including R&D, Project Funding (i.e. DARPA projects), Computer Forensics'; intersect point for supporting the private sector (i.e. Google / NSA)
- Security and defense - federal network - computer surveillance, protection (IDS), management of networks (Policy - CIP) including military IT infrastructure and audit - compliance.
- Support resource for all Federal Agencies and Departments
- Federal Police agency - Director (Appointed)
The internet underworld is a fast moving, loosely associated and ever changing eco-system of hackers and organized groups intent on wrecking havoc on the U.S. public and private sector network. The opposition is a fragmented group that rarely shares or pools its resources, which is why it is difficult to track their activities. Because the government suffers from inter-agency fragmentation concerning cooperation, sharing, policies, procedures and mandates (connecting the dots), it is difficult to go on the offensive and defeat the opposition.
The most successful private enterprises exist today because they maintain focus and can weather any storm or downturn in the economy. Think WAL-MART, Exxon, Google, Southwest Airlines. These organizations are streamlined, focused and rigid in their operations and management practices, and they execute everyday disciplined strategies, sticking to what they know best.
Internet fraud, identity theft, botnet attacks, phishing scams, industrial espionage and every other XYZ internet scam, scan probe and attack all occur because no single organization tackles them head on. The direction required suggests dedicated resources that are focused and specialized, operating under a single management discipline and mandate.
It's a jungle out there