SAN FRANCISCO—Federal Bureau of Investigation Director James Comey came to the RSA Conference here with a message: The FBI wants to work with the tech industry to make everyone safer.
Cyber-security threats are at the top of the list of risks that face the United States, and the FBI is taking them very seriously, Comey said in his a keynote address Feb. 26.
“We want to predict and prevent attacks rather than reacting after the fact,” Comey said.
To achieve its goals, the FBI is using modern techniques as well as the same tried-and-true methods the agency has used throughout its existence, including the use of information sources and wire taps.
While the FBI has been doing a lot to secure the cyber-domain, it’s not enough, Comey said. “We need help; we need our private-sector partners.”
The private sector is the primary victim of cyber-crime and is also the key to defeating it, Comey said. “We are trying to actively listen to your concerns.”
That said, the FBI director admitted that there is still confusion in the private sector about who to turn to in the U.S. government when cyber-security help is needed and which agency will help enterprises navigate the federal bureaucracy. Comey pledged to do his part to help in that regard by enabling private organizations to get whatever assistance is needed.
Information sharing was another key issue in Comey’s talk. Although there is information in the government that the FBI can’t share, the agency will share as much as it can as quickly as it can, he said.
In terms of how Comey wants to work with private enterprises, his goal is for the FBI to be surgical and precise in its efforts to help minimize the risks of cyber-crime and to find attackers. Working together with commercial firms is another goal that Comey identified, and he said that the FBI needs to have systems in place to provide and share information quickly and routinely.
Cultivating personal relationships in which FBI special agents are on a first-name basis with key stakeholders in the enterprise landscape is also something that Comey would like to see happen. “The time to patch the roof is when the sun is shining, and right now it is cloudy out there,” Comey said.
Although the human element is important, in the modern era, working at machine speed is essential, Comey said. Data sharing at machine speed must be subject to law and respect privacy as the FBI seeks to deal with the increasing speed of modern threats, he said.
“We must build an intelligence-driven predicative capability,” Comey said.
Part of that capability will be developed through the FBI’s Binary Analysis, Characterization and Storage System (BACSS). Comey explained that BACSS is a tool that enables the FBI to analyze malware and correlate threats. Organizations can send potential malware to the FBI, where BACSS will be used to provide a detailed report about how it works and the associated risks.
“Our goal is to make BACS like our fingerprint and DNA registries,” Comey said.
The issue of government over-reach in the post-Snowden era is top-of-mind at the RSA conference this week, and it’s a subject Comey also touched on in his keynote.
“There is no conflict between protecting privacy and civil liberties,” Comey said. “At our best, we are looking for security that enhances liberty.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.