Thank
you. I want to spend a few moments thanking
Paul [McNulty, U.S. Attorney for the Eastern
District of Virginia] for putting this together.
I think it is important that we have meetings
such as this. I see a number of people who
have done other things in their lives and
now come to talk about cyber-crime, which
is an important development in law enforcement.
You understand that this is the wave of the
future and understand that in the future,
to address crime, we will have to look at
it from the perspective of the cyber-world.
I want to say that -- it's in my written remarks,
so I have to say it: "It is also a pleasure
to follow an old friend, Paul McNulty, to
this podium." That's true.
"The
U.S. Attorney's Office that Paul runs in the
Eastern District of Virginia is one of the
finest in the country." That is also
true.
But what is most striking about my written
notes is that it says: "It's almost as
good as the United States Attorney's Office
that we had in the Northern District of California"
-- which is where I was for a number of years.
I will tell you that when I served as U.S.
Attorney in San Francisco, I worked with many
of your companies. And many of those companies
were a part of ITAA. And I want to say that
this association represents many of the most
important and I would say most vibrant companies
in the United States today. That's actually
underscored by the fact that there is something
like $800 billion in revenue in the year 2001
attributable to ITAA member companies. That
is truly remarkable, and it says something
not only about our economy today, but about
our economy in the future.
I want to talk a little bit about San Francisco
and what we did in San Francisco, because
I think it has become, with Marty [Stansell-Gamm,
Chief, Department of Justice Computer Crime
and Intellectual Property Section] -- who
is up here -- and with Paul and with other
U.S. Attorneys around the country, a way of
doing things. We started a unit in San Francisco
that was set up exclusively to prosecute computer
crimes and intellectual property crimes. While
I was out there, I saw a necessity to staff
that unit with individuals who were both talented
prosecutors and who understood and could work
with the technology. And whether it is computer
crimes cases, or hacking and denial of service
cases, or the intellectual property cases,
you need that combination.
We were very lucky, particularly in the San
Jose area, to have had a strike force that
addressed computer crimes, established by
the police chief and the district attorney
there. What I wanted to do in San Francisco
was to complement that state and local law
enforcement network with FBI agents and with
the prosecutors that would have the expertise
in that area. Since that time, across the
country, there have been a number of similar
units set up, which I believe is the way to
go.
I particularly want to talk today about how
we relate -- how you in private industry relate
to those units -- and how we can work together
to maximize our cooperation in the future.
Let me talk at the outset about what I see
as the two great threats to cyber-security
and some related problems. First, from our
perspective, there are a number of traditional
crimes that have migrated online: the garden
variety frauds, identity theft, copyright
infringement, child pornography and child
exploitation. What has happened, as you all
know, is that the powerful technologies that
have done so much to improve the quality of
our lives are also being used by some of the
worst elements of our society: small-time
criminals who can take on a whole new persona
on the Internet; malcontents who can find
like-minded hate groups; and scam artists
who think they can escape detection in the
anonymity of the Web.
Our projections indicate that the number of
Internet-enabled crimes will increase radically
over the next few years, with the potential
for driving down consumer confidence in Internet
security and stunting the growth of e-commerce,
neither of which we can afford.
The second problem is the evolution of a new
category of crime that includes computer intrusions,
the denial-of-service attacks, the worms,
the viruses and the like. We saw an example
of that just last week with the attacks against
the root servers on the Internet. These types
of attacks, quite obviously, did not exist
in the days before computers, but they are
something that we must address.
In response to these problems, we are reshaping
the FBI -- and reshaping it in a number of
ways. We're reshaping the bureau to focus
hard on terrorism, which is our number-one
priority, and to focus on counter-intelligence,
our second priority, because there is no other
agency with the skills and network to do it.
Our
third priority is cyber crime, and there are
a number of reasons why. It is our responsibility
ultimately, we believe, to protect the technological
infrastructure of the United States. If we
do not do it, who else will?
We are working closely and cooperatively with
the Secret Service, but it is important for
the FBI as an institution to recognize that
five, ten years down the road, we must have
the expertise to address cyber-attacks on
our infrastructure and to address cyber-crime
in all of its iterations. We must prepare
and get that expertise now. That is why, when
we sent out our list of priorities in the
wake of September 11, cyber crime was one
of our top three priorities.
For us that means doing a number of things.
In
the past, we had organizationally fragmented
our responsibilities in a number of different
divisions at headquarters and in a number
of different units in the field. Since September
11, we have consolidated those strands within
our organization in a new cyber division,
and we are in the process of similarly consolidating
these responsibilities in each of our field
offices. We hope by doing so to accumulate
the expertise -- the investigative expertise,
along with the expertise of prosecutors --
to work with our state and locals in discrete
units, so that all players will know where
to go, whether at headquarters or in the field.
The second thing we have done is to change
our hiring philosophy. The minimum age at
which we will hire is 23: we are looking for
people who have had other careers and who
have the judgment and maturity to hold a badge
and carry a gun. Now, in the past we have
looked at hiring in basically four categories--lawyers,
accountants, former law enforcement, and former
military. But what we are looking for now
are individuals with specific and different
skills.
In the wake of September 11, for instance,
we are looking for computer programmers. We
are looking for IT specialists who have had
some other career and who want to be FBI agents.
We are also looking for language specialists,
engineers, and scientists who can assist with
things like the anthrax investigation. Bottom
line: we want to bring in new types of agents,
with expanded brands of experience.
It is important for us, in developing these
IT capabilities, to ensure that we get quality
people who have that bedrock experience so
that they start with a profound understanding
of the computer world. Then we can teach them
the techniques that are so necessary to becoming
a good investigator.
The third area in which we are doing a better
job is in working cooperatively with others
at the federal level as well as the state
and local level. That takes many forms. For
example, we have formed joint teams to address
cyber-crime with the Secret Service in three
cities around the country. By combining our
capabilities with Secret Service capabilities,
we can work cooperatively on the federal level
to maximize our effect.
As another example, we have established regional
computer forensics laboratories in several
cities, starting in San Diego. Many of you
know about this. The individuals who put that
concept together had, I think, a remarkable
idea. They understood that when you take a
hard drive out of a doper's computer or from
some person who has committed some sort of
Ponzi scheme, you have to analyze it. You
have to download the information. And then
you have to be prepared to go to court and
testify as to what you have found. So by combining,
in these forensics laboratories, state and
local and federal experts, an interchange
of ideas occurs and requirements and standards
begin to be commonly developed that enable
us to go into a court room and testify with
expertise and credibility.
We are establishing these laboratories around
the country--and not just at the FBI, but
also at Secret Service, Customs, INS, and
with state and local authorities. These are
the wave of the future and enable us to work
together with state and local law enforcement
in ways that we have not done in the past.
One last example on how we are working cooperatively.
It is important for us as an agency, as an
organization, to understand that while we
bring substantial investigative and organizational
talents to the table, there are other agencies,
whether at the federal, state or local level,
who bring to the table equal talents and capabilities.
The challenge for us in the future is to fully
understand the strengths we bring to the table,
but not to overwhelm others who bring equally
important skills there.
Take the cooperative effort involved in the
recent sniper investigation with [Assistant
Director in Charge of the FBI Washington Field
Office] Van Harp and [Special Assistant in
Charge of the Baltimore Field Office] Gary
Bald, with state and local officers, with
Chief Moose, and with all other involved parties.
While there was some low level grousing, the
fact of the matter is that it worked -- that
cooperative effort maximized the talents of
many agencies and resulted in a successful
conclusion.
And that is the way we, as an agency, have
to work in the future, whether it be sniper
attacks, whether it be in addressing counter-
terrorism threats or in the cyber-arena. And
to the extent that we expand as an agency,
we should expand understanding that we want
to complement others in the law enforcement
community.
The last point I would like to discuss this
morning, as I said, is how we -- the private
sector and law enforcement -- can work together
better. And by that I mean it is critically
important for us to work with private industry
in ways that we do not work with other, quote,
"victims."
There are number of reasons for this. We lack
the expertise in particular areas, for instance,
and we need your help in that.
As we address cyber crimes -- whether it be
denial-of-service attacks, hacking attacks
or worms or the like -- we need to work with
you, share with you, get your expertise, and
be attentive to your practical concerns. You
who are here from the corporate world are
the real victims in these cases. And it is
important for us, as we found out in San Francisco,
to understand your very real concerns about
being identified as victim companies.
We have to understand that when we are called
into an investigation, the mere fact of you
calling on us can adversely impact the image
of your company.
We have to understand in law enforcement that
there may be privacy concerns that you need
to protect in order to protect the image of
your company.
We have to understand that if we put on raid
jackets and come in with a lot of publicity,
that will not help us do the job. I think
the FBI has learned that you do not want us
there in raid jackets; you want us there quietly.
You want to have discussions about the problem.
You want to discuss how we can initiate the
logs that may be needed to identify the perpetrator.
And you want us to understand, and we need
to understand, your concerns regarding your
intellectual property -- that if a particular
case ever goes to court and there is a problem
about publicizing what happened in it, that
might open to the public those items that
are important to your profit margins.
We have to understand all that.
And we are beginning to understand, but we
still need to work through the incidents and
issues with you. I am confident that when
we have those issues, there are mechanisms,
for instance protective orders, to protect
the things you think need to be protected.
I am confident that we can do this in a low-key
fashion, and that we can work with you --
the victims -- to reach some resolution.
Let me specifically address the subject of
you reporting to us cyber attacks on your
computer systems. We probably get one-third
of the reports that we would like to get,
probably for all the reasons I have just discussed.
But for us, you are not enabling us to do
the job we need to do.
If we as an agency are to become more predictive
in the future and prevent attacks from happening,
we need a comprehensive database that pulls
in -- and I understand part of the dialogue
this afternoon is to see how we can better
communicate -- that pulls in all those instances
where your infrastructure has been attacked.
So our bedrock need at the outset is to be
notified of all attacks. I encourage you to
discuss this afternoon, and to discuss with
the special agent in charge in your area,
how these attacks can be reported in such
a way that the reporting does not adversely
affect your industry.
The other side of this coin, of course, is
that there has to be a sanction on the attackers.
You want attacks stopped; you want hackers
stopped; you don't want to face this down
the road; so you put up the best possible
protection. But then the attacker will just
wander down the street and hit the next company,
and that's not good for the industry, and
it is not good for your friends and peers
in the industry. There has to be a sanction.
And the sanction is locking up these people
-- putting the cuffs on them.
So the future of cyber cases is not just protecting
your systems. If there are people out there
who are going to be hitting company after
company after company, it is important that
we go after them. The sanction has to be arresting
them. And in the future we need you as the
victim companies to help provide us with the
information that will enable us to do that.
One of the things that the FBI must do better
than we have in the past is to address the
international dimensions of these attacks.
We are now beefing up our international capabilities,
because denial-of-service attacks or hacking
attacks can start in Bulgaria and hit us in
the United States.
Any one individual company cannot address
this problem. But we can. We can do that with
our contacts, with our 45 legal attache offices
overseas, where we have established the contacts
that will enable us to address that kind of
conduct. But we need your reporting at the
outset to be able to trace the attacker.
About a month and a half ago, when I was in
Germany, my legal attache there told me of
an instance where an attack began in the German
telephone system and maybe from one of the
German ISPs. Because we were there and had
developed relationships with a German telephone
company and the spinoff ISPs, we were invited
to go over with our experts to help them understand
what had happened in this series of attacks.
That is the kind of relationship that is very
important for us to develop. In the future,
these will serve as a foundation for other
cases down the road. It is that kind of international
cooperation that will stand us all in good
stead.
The core law enforcement value in all of this
is the cooperative effort among law enforcement
entities at every one of the levels, the cooperative
efforts between law enforcement entities within
the United States and with our counterparts
overseas, and, critically, the cooperative
efforts between private industry and law enforcement
-- us and you.
Symposia like this today enable us to discuss
issues, to come up with solutions, and to
establish the relationships that will help
us address these problems in the future. I
thank you for your attention this morning,
and I look forward to our continuing dialogue.