Advertisement

FBI’s Comey: Businesses need to tell us if they’ve been breached

FBI Director James Comey wants to see private businesses more often report data breach incidents and other detected cyber intrusions when they happen directly to the Bureau. “All the information, all the evidence we need, sits in private hands in the United States and that is a wonderful thing,” Comey said, speaking at Symantec’s Government Symposium conference, Tuesday.
FBI Director James Comey speaking at the 2014 Intelligence and National Security Summit / (Photo: Intelligence and National Security Alliance)

FBI Director James Comey speaking at the 2014 Intelligence and National Security Summit / (Photo: Intelligence and National Security Alliance)

FBI Director James Comey wants to see private businesses report data breach incidents and other detected cyber intrusions directly to the Bureau more than they are already doing so.

“All the information, all the evidence we need, sits in private hands in the United States and that is a wonderful thing,” Comey said, speaking at Symantec’s Government Symposium conference Tuesday.

“We have discovered that the majority of our private partners do not turn to law enforcement when they face an intrusion. And that is a very big problem,” Comey said. “It is fine to turn to one of the many excellent private sector entities that will help with attribution and with remediation — that’s good. But we have to get to a place where it is routine for people who are victimized to turn to us for assistance.”

Advertisement

Comey reiterated what he described as important and necessary cooperation needed between the private sector and FBI so as to improve the mitigation and response process following a data breach.

This working partnership, Comey told the D.C. crowd, will help deter future cyber attacks and better prepare all parties for new threats from a variety of actors.

“We know your primary concern is getting back to normal when you run any type of enterprise, especially a for-profit business. But we need to figure out who is behind that attack and it is in your interest … you’re kidding yourself if you think that problem is going to go away and not return to re-victimize you,” said Comey.

The FBI director explained that the Bureau’s strategy to increase cooperation will center on four missions: partner outreach and education, establishing trusted relationships, working to minimize the disruption felt by both a company’s employees and customers, and keeping all investigations private by securely holding and not disclosing internal enterprise data publicly.

“It is important for you to include the FBI in your risk assessment plan,” Comey said, “you spend a lot of time, no matter where your facility is, making sure that the fire department has a basic understanding of the layout of your building so that in the case of a disaster they can save lives. I suggest you do the same with respect to your cyber threat and risk assessment plan.”

Advertisement

Trust is a key element in establishing any positive, working relationship, Comey said, and the FBI would like to prove they’re trustworthy.

“If you’re a CISO in private enterprise and you do not know someone at every regional FBI office where you have a significant presence then you’re not doing your job well enough,” said Comey, “our people are waiting for those phone calls to build those relationships.”

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts