Fostering public-private cybersecurity partnerships is an effective way to tackle the sophisticated and diverse cyberthreats to which the U.S. is exposed, according to FBI Director Christopher Wray.
"Today's cyberthreat is bigger than any one government agency -- frankly, bigger than the government itself," Wray told RSA Conference (RSAC) attendees in San Francisco this week. "In the cyber arena, the need for private sector partnerships is higher than really anywhere else of any program we have."
Wray stressed the need to build cybersecurity partnerships between law enforcement and businesses and said these partnerships are also crucial to securing the nation's critical infrastructure -- a vast majority of which are owned and operated by the private sector.
"The key is having the private sector start to form those kinds of relationships with their local field office beforehand, because the name of the game is not just prevention, but, in many cases, it's going to be mitigation," he said.
Speed is crucial in mitigating threats, he said, and speedy mitigation is more likely to occur when such public-private partnerships are in place. Wray also advocated greater information sharing in the private sector.
To nurture cybersecurity partnerships, the FBI organizes routine defensive classified briefings for companies, Wray informed RSAC 2019 attendees. During such briefings, businesses are alerted of critical threats and offered guidance on how to stay ahead of such threats, he said. The bureau has also implemented programs to help guide CISOs and general counsels, he added.
"At the end of the day, we need each other in a way that is becoming more and more apparent every day," he said.
The FBI is seeing a "greater uptick" in the threats from various foreign adversaries, including China, Russia, Iran and North Korea, Wray said.
Christopher Wraydirector, FBI
"[There is] an increasing trend toward what we call the 'blended threat,' which is really when a foreign intelligence service enlists the help of criminal hackers -- essentially mercenaries," he said.
Dealing with today's sophisticated cyberthreats requires a multidisciplinary approach and response, Wray said. To shed light on the breadth and scope of modern-day cyberthreats, Wray alluded to cyberadversaries ranging from multinational cyber syndicates to foreign intelligence services, insider threats to hacktivists, who employ a diverse range of attack techniques, including spear phishing, ransomware, botnets and distributed denial-of-service attacks.
When asked about the FBI-Apple encryption dispute -- in which the iPhone maker refused to grant the FBI access to the iPhone of one of the shooters in the San Bernardino, Calif., attack in 2015, and the bureau paid a third-party to unlock the phone -- Wray said the bureau is not trying to weaken end-to-end encryption.
"We are a very strong believer in strong encryption; after all, cybersecurity is part of the FBI's mission, too," Wray said. "We have to figure out a way to deal with this problem, and it can't be a sustainable end state for there to be an entirely unfettered space that is utterly beyond fully lawful access for criminals, terrorists and spies to hide their communications."
Wray said he wants U.S. law enforcement, the national security community and the private sector to come together to work toward solutions.