CHESTNUT HILL, Mass. -- FBI Director James Comey has tough words for private sector firms that won't engage with federal law enforcement authorities on cybersecurity, an area where the bureau has been dramatically expanding its investigation and prosecution efforts.
In a keynote address at a cybersecurity conference at Boston College, Comey lamented that most incidents of intrusion and attacks against U.S. businesses go unreported. But when a victim does report a breach to the FBI, such as the damaging attack against Sony in 2014 that was attributed to North Korea, agents will have a much easier time investigating and helping businesses mitigate the damage if they are already somewhat familiar with the target's systems.
"Sony had taken the time to get to know us," Comey said, describing a rapid response to that incident where agents with a baseline familiarity with Sony's systems could hit the ground running.
"If you are the chief information security officer [CISO] of a private enterprise, and you don't know someone at every single FBI office where you have a significant facility, you're not doing your job. Know that you're pushing on an open door," Comey said. "We're not looking to know your private information, but we need to know you in a way so we can help you in a difficult circumstance."
Comey described a multi-pronged initiative underway at the FBI to crack down on cybercrimes that involves recruiting and hiring more cyber experts, improving engagement with outside partners -- including the private sector -- and rethinking the bureau's traditional approach to working cases. The bureaus is also working to bolster deterrence both through hardening systems that might be targeted and winning convictions in more criminal cases.
[ Related: FBI's top 10 most wanted cybercriminals ]
Comey also indicated that he intends to serve out the remaining 6 1/2 years of his term, despite speculation that he might step down amid tensions with the White House.
He did not address his reported request for the Justice Department to issue a statement refuting President Trump's assertion that his campaign had been wiretapped by former President Obama, nor the unfolding probe into Russian hacking of political targets during the election. Comey participated in a brief question-and-answer session with audience members following his keynote address, but did not take questions from reporters.
A spectrum of threats, an ‘evil layer cake’
He did offer that nation-states comprise the most dangerous enemies in the "stack" of cyber adversaries, followed by multi-national hacking syndicates, insider threats, hacktivists and terrorists, the least menacing element of what Comey calls "an evil layer cake."
"The reason I put them at the bottom of the stack is that terrorists are adept at using the internet to communicate, to recruit, to proselytize, but they have not yet turned to using the internet as a tool of destruction in the way that logic tells us certainly will come in the future," Comey said.
Regardless of what type of actor initiates the attack, the FBI is looking at cyber events in a fundamentally different way than conventional crimes that have a clear physical location. If a pedophile is under investigation for crimes in San Francisco, say, the San Francisco field office of the FBI would handle the case. Not so with cyber. Comey said that the bureau is assigning those cases, where the perpetrators could be up the street or halfway around the world, to the field offices that best demonstrate "the chops" to handle specific cyber investigations. So even if a bank in New York was the victim of a cyberattack, the field office in Little Rock, Ark., potentially could take the lead on the case, with support from other offices that might need to conduct investigative work on the physical premises.