FBI director says industry must do more to prevent cyberattacks

FBI Director Robert Mueller Thursday implored industry technology executives to do a better job securing the Internet and other data networks by reporting incidences of online crime to the bureau.

"You're not enabling us to do [our] job" by withholding reports about criminals who successfully penetrate companies' data networks or attack their systems, Mueller told those attending a Falls Church, Va. forum on combating online crime and cyberterrorism. Corporations are reluctant to report such attacks to law enforcement agencies for fear of revealing their systems' vulnerabilities. They worry the information could give competitors an edge, or invite more attacks by criminals once they discover the weaknesses.

The Information Technology Association of America and Computer Sciences Corp. sponsored the event.

Mueller acknowledged those fears and agreed that if FBI investigations have an adverse effect on a company, it doesn't serve the government's interest. "If we put on raid jackets and come in [to a place of business], that publicity will not help us do the job," he said.

Still, the FBI receives only about one-third of the reports that it wants from companies, Mueller said. Since the private sector owns and operates about 90 percent of U.S. data networks, upon which facilities such as water treatment plants and electric grids operate, the government is beholden to businesses to secure cyberspace largely on their own.

"We need your help," Mueller said, noting that the FBI "lacks the expertise in a number of areas" to effectively police the online world alone. In the past, the FBI hasn't hired agents based on their technological prowess. For years, the bureau so neglected its own use of technology that, until recently, most agents didn't have access to the Internet and couldn't send e-mail outside the agency.

Today, the FBI is installing new computers and networks. Mueller said officials are also taking several actions in response to the threat of cybercrime, which he said is now a top enforcement priority, along with preventing terrorism and conducting counter-intelligence.

Field offices are consolidating their cybercrime efforts to mirror the cybersecurity division at the FBI's Washington headquarters, Mueller said. Historically, agents with the most experience investigating online crime haven't been placed in a single division. "In the past, we have fragmented our responsibilities" in this area, Mueller said.

The FBI is also trying to recruit "a new type of agent," and is seeking candidates with specialized computer skills who are not only technologically fluent, but familiar with the kinds of attacks criminals have perpetrated online, Mueller said.

Mueller added that the FBI is one of the best-equipped agencies to investigate online crime, despite its own technological shortcomings. "We're on the cutting edge of technological investigations," he said, noting that the bureau has established computer forensics labs in several cities to analyze suspects' computers and collect evidence to use at trial.

Mueller said that the FBI couldn't measure its success by how many criminals it apprehends or attacks it prevents, adding that if there's another terrorist attack, "we've failed."

Instead, the bureau must look at how involved the private sector becomes in prevention efforts as an indication of how the fight against cyberterrorism is faring. He cited an association called InfraGard as an example of cooperation between government and the private sector. The group is a joint initiative of the FBI and an association of businesses, academic institutions and state and local law enforcement agencies that share information about cybersecurity and infrastructure protection.