FBI Calls For Law Facilitating Security Information Sharing

FBI officials are calling for updates to the US Computer Fraud and Abuse Act (CFAA) and for new legislation that encourages threat data information sharing and establishes a uniform federal standard for data breach notification.

In a statement before the Senate Committee on Banking, Housing, and Urban Affairs yesterday, Joseph M. Demarest, assistant director of the FBI's Cyber Division, described some of the bureau's recent successes and stressed the importance of information sharing. "And I cannot make the following statement frequently enough," he said. "The private sector is an essential partner if we are to succeed in defeating the cyber threat our nation confronts."

The federal government has been banging that drum for several years, urging the private sector to pass on threat intelligence voluntarily, and promising to reciprocate. The government has established several units to facilitate such communication: the Guardian Victim Analysis Unit, the Internet Crime Complaint Center (IC3), the Domestic Security Alliance Council, the National Cyber-Forensics and Training Alliance, the National Industry Partnership Unit, and the FBI Liaison Alert System (FLASH), which disseminated 34 critical threat alerts between April 2013 and July 2014.

There was, understandably, some resistance from organizations that weren't eager to spread around details of security failures. Now, however, Demarest reports that the IC3 alone receives approximately 800 complaints per day.

Demarest also described examples of how information sharing and collaboration efforts between American and foreign law enforcement entities -- including placing FBI cyberspecialists in "key international locations" -- have paid dividends. He cited the GameOver Zeus disruption in May and the November Silk Road 2.0 disruption that resulted in the seizure of more than 400 .onion addresses on the Tor network, along with the arrest of Blake Benthall, a.k.a. "Defcon," a Silk Road owner-operator.

Colby DeRodeff, chief strategy officer of ThreatStream, provides another reason for openness and collaboration. "The major challenge is the adversary has no obstacles when it comes to sharing and collaboration," he says. "Malware and attack methods, as well as credentials are available to even the most unsophisticated criminals with no legal teams or governing bodies restricting what can be done.

"With that said, obviously, as security has the upmost sensitivity, organizations want to collaborate but need secure methods in which to do so."

Demarest also pushed for amendments to the CFAA, which has not been updated since 2008. "The intervening years have again created the need for the enactment of modest incremental changes."