Testifying this week before the Senate Judiciary Committee’s subcommittee on crime and terrorism, Gordon M. Snow, assistant director of the FBI’s Cyber Division, said that this vulnerability to cyber attacks extends to the nation’s critical infrastructure.
“It is difficult to state with confidence that our critical infrastructure – the backbone of our country’s economic prosperity, national security, and public health – will remain unscathed and always be available when needed”, he said.
Snow cited the security breach at the parent company of Nasdaq as an example of the vulnerability of privately owned critical infrastructure, such as financial institutions, to cyber attack.
“The FBI is concerned about the proliferation of malicious techniques that could degrade, disrupt, or destroy critical infrastructure. Although likely only advanced threat actors are currently capable of employing these techniques, as we have seen with other malicious software tools, these capabilities will eventually be within reach of all threat actors”, he said.
Not only critical infrastructure is at risk. The private sector is also threatened by the theft of intellectual property and supply chain disruption from cybercriminals.
“Intellectual property rights violations, including theft of trade secrets, digital piracy, and trafficking counterfeit goods, also represent high cyber criminal threats, resulting in losses of billions of dollars in profits annually. These threats also pose significant risk to U.S. public health and safety via counterfeit pharmaceuticals, electrical components, aircraft parts, and automobile parts”, he warned.
The FBI is working with other law enforcement agencies and the intelligence community to combat cyber threats. The agency is leading a National Cyber Investigative Joint Task Force to coordinate these efforts.
The FBI also has embedded agents in five foreign police agencies to assist in cyber investigations: Estonia, the Netherlands, Romania, Ukraine, and Colombia. It is also working with Australia, New Zealand, Canada, and the UK on increased operational coordination on cyber threat and intrusion investigation.