FBI officials are calling for updates to the US Computer Fraud and Abuse Act (CFAA) and for new legislation that encourages threat data information sharing and establishes a uniform federal standard for data breach notification.
In a statement before the Senate Committee on Banking, Housing, and Urban Affairs yesterday, Joseph M. Demarest, assistant director of the FBI's Cyber Division, described some of the bureau's recent successes and stressed the importance of information sharing. "And I cannot make the following statement frequently enough," he said. "The private sector is an essential partner if we are to succeed in defeating the cyber threat our nation confronts."
The federal government has been banging that drum for several years, urging the private sector to pass on threat intelligence voluntarily, and promising to reciprocate. The government has established several units to facilitate such communication: the Guardian Victim Analysis Unit, the Internet Crime Complaint Center (IC3), the Domestic Security Alliance Council, the National Cyber-Forensics and Training Alliance, the National Industry Partnership Unit, and the FBI Liaison Alert System (FLASH), which disseminated 34 critical threat alerts between April 2013 and July 2014.
There was, understandably, some resistance from organizations that weren't eager to spread around details of security failures. Now, however, Demarest reports that the IC3 alone receives approximately 800 complaints per day.
- The FBI would support legislation that would establish a clear framework for sharing and reduce risk in the process, in addition to providing strong and straightforward safeguards for the privacy and civil liberties of Americans. US citizens must have confidence that threat information is being shared appropriately, and we in the law enforcement and intelligence communities must be as transparent as possible.
Demarest also described examples of how information sharing and collaboration efforts between American and foreign law enforcement entities -- including placing FBI cyberspecialists in "key international locations" -- have paid dividends. He cited the GameOver Zeus disruption in May and the November Silk Road 2.0 disruption that resulted in the seizure of more than 400 .onion addresses on the Tor network, along with the arrest of Blake Benthall, a.k.a. "Defcon," a Silk Road owner-operator.
- A decade ago, for example, if an FBI agent tracked an Internet Protocol address to a criminal investigation, and if that IP address was located in a foreign country, this meant the effective end of the investigation. Since that time, however, the FBI has placed cyberspecialists in key international locations to facilitate the investigation of cybercrimes affecting the US.
Colby DeRodeff, chief strategy officer of ThreatStream, provides another reason for openness and collaboration. "The major challenge is the adversary has no obstacles when it comes to sharing and collaboration," he says. "Malware and attack methods, as well as credentials are available to even the most unsophisticated criminals with no legal teams or governing bodies restricting what can be done.
"With that said, obviously, as security has the upmost sensitivity, organizations want to collaborate but need secure methods in which to do so."
Demarest also pushed for amendments to the CFAA, which has not been updated since 2008. "The intervening years have again created the need for the enactment of modest incremental changes."