Although the FBI has improved its information security and forensics capabilities significantly in recent years, the bureau still is hamstrung by its inability to get complete cooperation from private companies and other organizations on attack data, the FBI’s deputy director said.
The bureau is the main investigative agency for cybercrime and attacks on American companies, and it has been building out its capabilities in that area for some time. The FBI has been hiring a large number of agents with security experience, but Andrew McCabe, FBI deputy director, said that there are a couple of things holding the bureau back when it comes to being more effective at cyber investigations. The main impediment, he said, is a lack of trust between the private sector and the government as a whole.
“We see the same sort of concerns from the private sector across the spectrum. Folks are uncomfortable with sharing access and information on attacks. It affects their reputation. I think we’re getting better at that,” McCabe said during the Cambridge Cyber Summit at MIT Wednesday.
Specifically, McCabe said the FBI faces its own issues with trading information and intelligence with private companies and organizations, some of them historical and others technical.
“It’s tougher in some places than others, and we understand that skepticism. We’ve not been perfect. We’ve had our own flaws in the past. We understand that folks are always skeptical of the government to some extent. We will only break through that with partnerships. We’re trying to be more responsive and agile in the information we disseminate and show we’re here to help. The next step is true collaboration,” McCabe said.
Recent events will not help the FBI in this regard. The revelation Tuesday that the FBI used a classified order last year to get Yahoo to scan massive amounts of incoming email for specific terms has caused an uproar in the security and privacy communities. Experts say the revelation could have serious repercussions for the company and the government.
“Finally, Yahoo’s possible betrayal of its users is another example of why whistleblowers and leaks to the press are so important. The US government considers this type of surveillance ‘legal’ even though it shocks the conscience of many ordinary Americans and dozens of civil liberties groups have been attempting to have courts rule it illegal for years,” Trevor Timm, executive director of the Freedom of the Press Foundation, wrote.
McCabe said the mistrust of the FBI is a major problem, but not the only issue the bureau faces in trying to coordinate better with private companies.
“The harder piece is the cultural one we’ve been talking about, a lack of trust with the FBI isn’t the only driver. There’s obvious economic repercussions. It’s a mix,” McCabe said.