FBI director criticizes companies' code of silence

FBI Director Robert Mueller said that many companies are maintaining a code of silence by not reporting cyberattacks. Such behavior will harm companies and the nation, he added.

A recent exception was Atlanta-based Card Systems, which quickly reported the theft of hundreds of thousands of records to the FBI, Mueller said. But many other incidents haven't been reported, he said.

“According to a survey by the Computer Security Institute and the FBI, only 20 percent of companies that experienced computer intrusions in 2004 reported those incidents to law enforcement,” Mueller told attendees at the InfraGard’s annual national conference yesterday in Washington, D.C.

He said most companies believe that reporting a security breach will harm their image or competitive advantage in the marketplace or expose confidential information.

Mueller, quoting President Reagan, said that sitting back and hoping someone will make things right one day “is to go on feeding the crocodile, hoping he will eat you last, but eat you he will.”

Mueller said it is in companies’ best interest not to protect only themselves but also the nation as a whole.

“There are cybercriminals who will hit company after company, disgruntled employees, who will use knowledge gained on the job against their employees or employers, terrorists who may attempt to harm our infrastructure in a multitude of ways, and we together cannot continue to feed the crocodile,” he said.

Formed in 1996 by the FBI’s Cleveland field office, InfraGard is a government/private-sector partnership to protect the nation’s critical infrastructure by sharing information about threats and vulnerabilities through formal and informal channels. It has about 11,000 members.

With more than 85 percent of the nation’s critical infrastructure in private hands and increasingly interconnected through computer-based systems, Mueller said, partnerships such as InfraGard’s are vital to expose risks, vulnerabilities and threats.

Two years ago, he said, the FBI’s Albuquerque field office started a program called AgriGard to help members of the agricultural community share information with scientists, academic institutions, state and local law enforcement officials, and the FBI through a secure Web portal. Members can ask questions about farm and food security and alert others to suspicious or unusual activity. A similar program for the chemical industry will be implemented soon, Mueller said.