The threat has reached the point that given enough time, motivation, and funding, a determined adversary will likely be able to penetrate any system that is accessible directly from the Internet. It is difficult to state with confidence that our critical infrastructure—the backbone of our country’s economic prosperity, national security, and public health—will remain unscathed and always be available when needed. The recent security breach by unauthorized intruders into the parent company of NASDAQ is an example of the kind of breaches directed against important financial infrastructure and illustrates the difficulty of determining clear attribution. As we would in response to any such breach, the FBI is working to identify the scope of the intrusion and assist the victim in the remediation process.
The FBI has identified the most significant cyber threats to our nation as those with high intent and high capability to inflict damage or death in the U.S., to illicitly acquire assets, or to illegally obtain sensitive or classified U.S. military, intelligence, or economic information. As both an intelligence and law enforcement agency, the FBI can address every facet of a cyber-case—from collecting intelligence on the subjects in order to learn more about their networks to dismantling those networks and prosecuting the individual perpetrators. The ability to take action on the information we collect is critical because what may begin as a criminal investigation may become a national security threat. In addition, the FBI’s presence in legal attachés in 61 cities around the world assists in the critical exchange of case-related information and the situational awareness of current threats, helping to combat the global scale and scope of cyber breaches.
The FBI is also changing to adapt to the ever-evolving technology and schemes used by cyber criminals. Intelligence now drives operations in the FBI. The Bureau is working in new ways with long-standing and new partners to address the cyber security threat. U.S. critical infrastructure faces a growing cyber threat due to advancements in the availability and sophistication of malicious software tools and the fact that new technologies raise new security issues that cannot always be addressed prior to adoption. The increasing automation of our critical infrastructures provides more cyber access points for adversaries to exploit. New “smart grid” and “smart home” products, designed to provide remote communication and control of devices in our homes, businesses, and critical infrastructures, must be developed and implemented in ways that will also provide protection from unauthorized use.
Otherwise, each new device could become a doorway into our systems for adversaries to use for their own purposes. Industrial control systems, which operate the physical processes of the nation’s pipelines, railroads, and other critical infrastructures, are at elevated risk of cyber exploitation. The FBI is concerned about the proliferation of malicious techniques that could degrade, disrupt, or destroy critical infrastructure. Although likely only advanced threat actors are currently capable of employing these techniques, as we have seen with other malicious software tools, these capabilities will eventually be within reach of all threat actors.
Intellectual property rights violations, including theft of trade secrets, digital piracy, and trafficking counterfeit goods, also represent high cybercriminal threats, resulting in losses of billions of dollars in profits annually. These threats also pose significant risk to U.S. public health and safety via counterfeit pharmaceuticals, electrical components, aircraft parts, and automobile parts. Cybercrime that manipulates the supply chain could pose a threat to national security interests and U.S. consumers. Poorly manufactured computer chips or chips that have been salvaged and repackaged infringe on intellectual property rights and could fail at critical times, posing a serious health and safety threat to U.S. citizens.
Malware could be embedded on the chips to infiltrate information from computers and result in the theft of personally identifiable information (PII) that could then be used in future cybercrimes. As the quality of counterfeit goods increases, U.S. consumers may be challenged to tell the difference between authentic and fraudulent goods. Operation Cisco Raider is a joint initiative between the U.S. and Canada that targets the illegal distribution of counterfeit network hardware manufactured by private entities in China. The use of counterfeit network components can lead to exploitation of cyber infrastructure vulnerabilities and even network failure. Since 2006, Operation Cisco Raider has seized over 3,500 network components amounting to $3.5 million of Cisco retail products. Ten individuals have been convicted as a result of the joint initiative. (Snow, 2012)
Snow G M 20120412 TestimonySnow, G. M. (2012, April 12). Testimony. Retrieved August 21, 2012, from http://www.fbi.gov Sternstein A 2012 Plan to Fighting Organized Crime Recognizes Growing Cyber ThreatsSternstein, A. (2012). Plan to Fighting Organized Crime Recognizes Growing Cyber Threats. Retrieved August 22, 2012, from http://www.nextgov.com
Courtney from Study Moose
Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/3TYhaX