The United States entered 2019 under a partial government shutdown and coming off a year where America was victimized by some of the most dangerous and high leverage cyber-attacks ever seen in our history. Many of these strikes victimizing targets ranging from US Navy contractors, to critical infrastructure and even financial institutions. America seems to be leading from behind on an issue where major breaches are still a far too common occurrence during the current administration.
A sizable percentage of the responsibility for shoring up American cyber-defenses falls to the intelligence community. Agencies like the FBI and CIA are often on the front lines of major domestic and global occurrences of cyber-attacks. Seeming to Pitch a new unified approach between the government and private sector to combat these cyber-threats, was FBI Director Christopher Wray at the RSA 2019 Conference in San Francisco last week.
“Today’s cyber-threat is bigger than any one government agency — in fact it’s bigger than the government itself,” Wray said. “The scope, breadth, depth, sophistication and diversity of the threat we face now is unlike anything we’ve had in our lifetimes.”
In his summarizing of the potential of this new unified approach between citizen and government, he said, “The key is having the private sector start to form relationships with field offices because it’s not just prevention but in many cases it’s mitigation and that’s where speed really matters,” Wray explained.
Mitigation, where many of the combined efforts of the DHS, the FBI, the CIA and the US Armed Forces are focused in the aftermath of a cyber-attack, is one of the of the key areas that Wray thinks that the private sector can provide key assistance.
A united front, may help prevent or mitigate the next major global ransomware attack in the vein of 2017’s WannaCry attack. The attack had a crippling effect on the UK Hospital System, potentially compromising the lives of thousands in addition to costing them over $120 million.
When considering Apple's refusal to grant the FBI access to San Bernardino shooter Syed Rizwan Farook’s iPhone in 2015, just how does Wray defend and expect to integrate this new approach between the government and private sectors? The inability of the FBI to obtain the records voluntarily from Apple compelled the agency to work with a third-party firm to crack, against Apple’s wishes.
“We are not trying to weaken encryption or find back doors. This is an issue getting worse and worse all the time,” Wray said. “It can’t be a sustainable end state that there is a space beyond our access for criminals to hide. I would love to see people come together and try to work toward solutions.”
Besides any new cooperatives between the private sector and the many levels of government, full integration of new agencies like CISA and the ability of the government to remain open amid ongoing fiscal squabbles remains key.
The 2018-2019 partial shutdown may have also sent a chill down the backs of many of the government’s most talented cyber-personnel, who potentially fear for their long-term job stability, further highlighting the direness of our current circumstance. The competitive private sector often offers higher paying and “shutdown proof” employment.
So, the question remains, “Will American companies really reach out to the FBI at the behest of Wray?” The comments made at RSA 2019 by Wray fell short of a national directive, similar to laws in place in countries like China, where private companies are forced to cooperate with intelligence agencies in the course of anything that could arbitrarily be considered, “In the interest of national security.”
Will this voluntary cooperation between public and private sectors truly help secure America from the numerous emerging threats that our data networks face, or will it walk us a dangerous step closer to a police state like China’s?