FBI chief calls for private sector to help battle cybercrime

As the FBI has been expanding and retooling its approach to cyber investigations, Director James Comey stresses need for CISOs to engage with the bureau.

1 2 Page 2
Page 2 of 2

"Whichever field office has demonstrated the best ability on that, we're going to give it to that field office," Comey said. "This has a not-unintended consequence of creating competition within the FBI."

Private sector has edge for hiring top cyber talent, money

In addition to reorienting the bureau's internal approach, Comey said that the FBI is trying to step up its recruiting efforts to bring in the next wave of cyber experts, though he acknowledges that competing with private-sector for top talent is a perennial challenge.

"Here's the challenge we face: we cannot compete with you on dough," Comey said. "The pitch we make to people is come be part of this mission. Come be part of something that is really hard, that is really stressful, that does not pay a lot of money, that does not offer you a lot of sleep. How awesome does that sound? The good news is there's a whole lot of people -- young people -- who want to be part of that kind of mission, who want to be part of doing good for a living."

But the difficulties in winning over converts to the bureau's mission are also tied up in a deeper problem, the same perception of the government as an adversary -- or at least something to be avoided -- that has clouded relations with some in the private sector.

[ Related: FBI v. Apple: One year later, it hasn’t settled much ]

Comey wants to dispel the notion of the FBI as "the man," in the Big Brother sense.

"We have to get better at working with the private sector," he said, decrying firms that are subject to a ransomware attack who opt to pay the ransom and enlist a security consultant to help clean up the mess without alerting law-enforcement authorities.

"That is a terrible place to be," he said. "It is a great thing to hire the excellent private-sector companies that are available to do attribution and remediation, but if the information is not shared with us, we will all be sorry. Because you're kidding yourself if you think I'll just remediate this thing and it will go away, because it will never go away."

Paying ransoms, he argues, only emboldens the criminals, and keeping details of the breach in-house hinders law-enforcement authorities from tracking down the perpetrators.

Plea to tech companies to resist outfitting products with unbreakable, default encryption

Comey put in another plug for tech companies to resist the impulse to outfit their products with unbreakable, default encryption, recalling the highly publicized showdown between the FBI and Apple, while calling for all parties in the debate to resist the urge to resort to "bumper-stickering" the other side and rejecting the suggestion of an inherent tradeoff between privacy and security as a false choice.

"It is short-sighted to conclude that our interests are not aligned in this," he said. "We all value privacy. We all value security. We should never have to sacrifice one for the other."

Copyright © 2017 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 secrets of successful remote IT teams