FBI and US Department of Defense chiefs have expressed concern over the increasing numbers of cyberattacks, with FBI Director Robert Mueller saying that while terrorism remains the FBI's top priority, "in the not too distant future, we anticipate that the cyberthreat will pose the No. 1 threat to our country."
Speaking at the RSA Conference, Mueller said that state-sponsored hackers are patient and calculating. They have the time, the money and the resources to burrow in, and to wait. They may come and go, conducting reconnaissance and exfiltrating bits of seemingly innocuous information - information that in the aggregate may be of high value. "You may discover one breach, only to find that the real damage has been done at a much higher level," he said.
"Unlike state-sponsored intruders, hackers for profit do not seek information for political power - they seek information for sale to the highest bidder. These once-isolated hackers have joined forces to create criminal syndicates. Organised crime in cyberspace offers a higher profit with a lower probability of being identified and prosecuted.
'No company is immune'
"Unlike traditional crime families, these hackers may never meet, but they possess specialised skills in high demand. They exploit routine vulnerabilities. They move in quickly, make their money, and disappear. No company is immune, from the Fortune 500 corporation to the neighbourhood 'mom and pop' business," he said.
Meanwhile, Defense Secretary Leon Panetta told an audience at a conference at the University of Louisville: "We are literally getting hundreds or thousands of attacks every day that try to exploit information in various US agencies or departments. There are, obviously, growing technology and growing expertise in the use of cyberwarfare. The danger is, I think, that the capabilities are available in cyber to virtually cripple this nation: to bring down the power grid, to impact on our governmental systems, to impact on Wall Street and our financial system and to literally paralyse this country," Panetta said.
The country needs to defend against that kind of attack, but also develop the intelligence resources to understand when those possible attacks are coming, the secretary said.
"So the one thing I worry about is in knowing these things are possible and feeling that we haven't taken all the necessary steps we need to protect this country," he said.
Infiltrate criminal online networks
Mueller said the FBI needs to take lessons learned from fighting terrorism and apply them to cybercrime. "We are creating a structure whereby a cyber-agent in San Francisco can work in a virtual environment with an agent in Texas, an analyst in Virginia, and a forensic specialist in New York to solve a computer intrusion that emanated from Eastern Europe."
"We must cultivate the sources necessary to infiltrate criminal online networks, to collect the intelligence to prevent the next attack, and to topple the network from the inside. We must ensure that our ability to intercept communications - pursuant to court order - is not eroded by advances in technology. These include wireless technology and peer-to-peer networks, as well as social media," he said.
"I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again," Mueller said.
"Given that scenario, we must limit the data that can be gleaned from any compromise. We must segregate mission-centric data from routine information. And we must incorporate layers of protection and layers of access to critical information," he said.