CBS 60 Minutes: FBI Director On Threat of ISIS, Cybercrime

FBI Director James Comey goes on the record with Scott Pelley of CBS 60 Minutes show in a  video interview.  I gathered a few of Comey’s remarks and provide some of my own commentary.  Security is like religion or politics, everyone has an opinion and if you would like to share yours leave a comment at the bottom of the article.

“Cyber crime is becoming everything in crime”
Strongly agree, why?  Severity and tempo of security incidents continues to build momentum, Target 40 million credit cards stolen, Home Depot 56 million cards, and finally JP Morgan Chase ringing the bell at 76 million customers.  Cyber crime is where the money is, is the saying.  Large as these heists are the largest to my knowledge is Heartland at around 100 million cards in 2009.

“Chinese hackers are like drunk burglars”
The point made is that Chinese hackers are not necessarily the best hackers but they are pervasive and invading businesses with significant intellectual property to loose.  Considering security from the attacker perspective, why spend $100 million dollars to develop a product, technology, or service when you can steal it for $1 million or maybe even far less?  The goals and funding for businesses and nation states are far different.  Corporate budgeting is a profit and loss game and there are constraints around what a security program can achieve.  Whereas funding for nation state security programs almost certainly exceeds most software engineering budgets for an entire company.  Few corporate cyber defenses can withstand a direct assault by even moderately funded state programs.

“Cost of cyber crime in the billions”
I’m sure this is true but since the cost is spread over an entire economy it’s difficult to justify funding the war on data by individual businesses or organizations.  Governments must protect our cyber boarders as well as our physical borders since businesses are poorly equipped to do so.  We don’t expect businesses to defend their properties with armed guards against invasion by other nations.  We should not expect business to defend their cyber boarders from foreign invaders.  It’s simply too much to expect from companies trying to make a profit and it’s not their job anyway.  National defense is a government responsibility, it always has been.

(security is in a) “much better place than 13 years ago”
I don’t believe popular news reports support this conclusion.  In Comey’s own words, cyber crime is now the only crime and  I doubt 13 years ago he would have made this same claim.  I agree, everyone has learned much more about security in the last 13 years but so too have our adversaries.  Comey mentioned we are not perfect and we have more work to do which I can not agree more.  There is a need to be encouraging but declaring the past 13 years a security victory is redonkulous.  Attackers are more emboldened and motivated then ever before.

“Apple’s iPhone may be a threat to national security”
Don’t believe it.  Washington is quick to sacrifice individual privacy rights in the name of business revenues or national security but they are unwilling to demonstrate the tiniest shred of transparency in the name of their own credibility.  Complete secrecy around information security programs is so important to the government they are willing to sacrifice revenues of American businesses.  For instance, post Snowden era revelations it’s now well-known that the NSA tampered with Cisco Internet hardware to achieve their electronic surveillance objectives.  Further, government surveillance activities impacts confidence in American businesses in other countries and ultimately harmed revenues according to Cisco.  Other company’s have reported similar impacts but precise industry impact figures are elusive.  It’s also known that the NSA pressured Yahoo with a $250,000 per day fine for it’s refusal to release user data in 2007.  Now Yahoo and other tech giants are taking proactive measures like securing data between data centers to discourage warrantless searches and improve confidence abroad.  Most large companies complete in a global market place so confidence and integrity of American products in other nations is very important to revenues.  Now Apple continues a similar trend to lock down warrantless iPhone searches in a bold move that accompanies some scrutiny by Washington.  Most US companies would rather not take sides on personal privacy issues but they do so since lack of public confidence in product and service offerings impacts revenues.  American companies learned a valuable lesson, acquiescing to government demands may or may not be in the best interest of the people but it’s certainly not good for businesses competing in a global marketplace.

–Milton

Author: milton

For bio see, https://www.securitycurmudgeon.com/about/