FBI asks companies to fight cybercrime

Warning that "Internet-enabled crimes will increase radically in the next few years," FBI Director Robert Mueller last week called for more help from companies to battle cybercrime.

Some technology executives agree that companies need to do more but said serious business concerns, from bad publicity to legal costs, continue to dissuade cooperation.

In the year that Mueller has been director, the FBI has made fighting cybercrime a high priority, topped only by counterterrorism and counterintelligence. But corporate cybercrime victims remain reluctant to cooperate with law enforcement. "We probably get one-third of the reports we would like to get," Mueller told a gathering of business executives Oct. 31.

Mueller said he understands why. "The mere calling of us in an investigation can have an adverse impact on the image of your company," he said. "If we put on raid jackets and come in, the publicity" will hurt both the company and the investigation.

Companies' officials also worry that investigations will disclose intellectual property, which could harm them financially. "We need to work through those issues," Mueller said.

Corporate attitudes toward cybercrime must change, agreed Guy Copeland, a vice president at Computer Sciences Corp., which hosted the forum on combating cybercrime where Mueller spoke.

"I encourage those in the private sector to get serious," Copeland said. Companies should appoint chief information security officers able to react quickly to cybercrimes and cooperate with law enforcement, he said.

But others remain hesitant. "There are still some serious business issues" that discourage full cooperation with law enforcement, said Scott Charney, Microsoft Corp.'s chief security strategist.

Going to the police means losing control of the investigation, Charney said. Companies must respond to the judicial process, staff members may be called as witnesses, and legal costs will accumulate.

But Mueller said cooperation is the only way to reduce the number of cybercrimes. If companies opt to deal with attacks alone, they may plug holes in their information systems, but cybercriminals will simply move on to the next company. "That's not good for the industry, and it's not good for your friends and peers down the road," Mueller said. "Cybercriminals need to be locked up."

With greater cooperation from the private sector, the FBI can begin compiling a cybercrime database and begin predictive analysis that could lead to cybercrime prevention, Mueller said.

The FBI, with 44 foreign offices, can also help companies tackle international cybercrime, he said.

Although the FBI has hired computer specialists and created a new cyber division and forensics laboratories, "we lack expertise in particular areas and we need your help," Mueller said.