Teamwork between private companies and the bureau on fighting cybercrime is the way "to stop the bleeding," Robert Mueller tells RSA Conference attendees.
FBI director Robert Mueller, in a keynote address Thursday at the RSA Security Conference in San Francisco, urged real-time sharing of cybercrime and threat intelligence between the public and private sectors akin to the type of cooperation forged to fight terrorism post-9/11.
"Real-time information-sharing is essential. Much can and should be done to share with the private sector, and in turn give the private sector the means and motivation to work with us" at the FBI, Mueller said.
The FBI is continuing to build specialized cybercrime task forces to work locally with state and local law enforcement, Mueller said. "It's a similar model to the terrorism task force, but to fight cybercrime," he said. "As we continue to share information, we will continue to break down the walls that [block] our abilities to share such information--the same way we did [after] the September 11 [terrorist] attacks."
Mueller said the FBI now has specialized cybersquads in each of its 50 field offices.
But companies traditionally have been frustrated with sharing their breach information with the FBI and other law enforcement agencies: they say it's more of a one-way street, where they share but then never hear back from law enforcement.
Mueller acknowledged that fear in his speech, and promised that the agency will reciprocate: "You may think the information flow is one-way to us," he said. "We will share what we can and as quickly as we can ... A code of silence will not serve us in the long-run."
He said the FBI understands why companies are hesitant to share their breach information with the bureau. "We do understand that you may be reluctant to report security breaches to us because it may harm you competitively or ... will erode shareholder confidence," he said.
The FBI doesn't want companies to feel victimized a second time by its investigation of the breach, he said.
Published: 2015-04-17 Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.
Published: 2015-04-17 Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.
Published: 2015-04-17 Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.