Greater cooperation and information sharing between the security industry, businesses and the FBI would enable improved defenses against terrorists, organised crime, state-backed hackers and cybercriminals, according to the new director of the US Federal Bureau of Investigation (FBI).
James B Comey, who was sworn into a 10 year term as FBI director last September, told an RSA Conference audience that he understood there was a need for the FBI to improve its relationship with businesses to gain such trust.
“We have to do a better job of listening ... to try and gain a perspective different from our own,” he said in his keynote address.
He understood the reluctance of companies to notify the FBI of attacks and breaches, and to share information.
“I know where you’re coming from because I’ve been there,” he said, noting his past positions as general counsel at private companies Lockheed and Bridgewater.
“You must focus on the bottom line, then the government arrives at door with a long list and doesn’t seem to offer much in return,” he said. But he pledged that the relationship would be productive and professional as well as protective of corporate information.
“Our goal is to be surgical and precise in what we’re looking for. We want to work with you to figure out what happened, who did it, and how we can better protect your data.”
He added, “We cannot do what we need to do without our private sector partners. You are the primary victims of emerging threats and also key to defending against them.”
He defended the need for investigations and surveillance despite wavering trust in government intelligence agencies amidst the past year’s revelations of large scale, covert data gathering.
“Some folks suggest there’s an inherent conflict between protecting national security on one hand, and protecting privacy and civil liberties on the other.”
He said the two should not balance each other -- he was “looking for security that enhances liberty. We do not see it as a question of conflict.” The men and women of the FBI are sworn to protect both and care deeply about both, he said.
“We have to ensure that both those values pervade every investigation and every programme we undertake.”
He argued that there was a need to conduct electronic surveillance, and collect data about electronic communications: “That is the reality.”
Balancing that need against privacy, civil liberties and innovation was difficult and would require “adult conversations” so that “when we talk about altering tools that we’re using to collect information ... that we understand the benefits and the losses associated with changing those tools.
“The same is true when we allow the effectiveness of our tools to erode gradually over time, or to erode due to a failure to update our laws, or if they erode through things like unauthorised disclosures of our capabilities.”
He said that “intelligent people can disagree, but have to make sure everyone understands why we use those tools, and how we use them.”
Mr Comey noted that his predecessor as FBI director, Robert S Mueller, told him that he believed that cybersecurity would come to dominate Mr Comey's coming decade as director, just as terrorism had dominated Mr Mueller's directorship.
“I know after five months, he is right,” Mr Comey said.