March 28, 2012 at 1:55 PM ET
Nobody's giving up, but there's not a lot of reason to cheer, either: "We're not winning" when it comes to the war on hackers attacking corporate networks, the FBI's outgoing cyber chief said in an interview.
"We've been playing defense for a long time ...You can only build a fence so high, and what we've found is that the offense outpaces the defense, and the offense is better than the defense,'' Shawn Henry said in an interview with the Wall Street Journal.
His remarks follow those made by FBI director Robert Mueller earlier this month. At a security conference, Mueller said he expects cyber threats to pass terrorism as the nation's top threat.
Henry, who will be leaving the bureau after more than 20 years and will work for a cybersecurity firm, told the Journal that more and more, FBI agents are finding data stolen from companies that didn't have any idea their computer networks had been accessed.
"We have found their data in the middle of other investigations,'' he said in the interview. "They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.''
A bill introduced into the House Tuesday would let companies and the federal government more easily share information about cybersecurity threats.
H.R. 4263, from Republican congresswomen Mary Bono Mack and Marsha Blackburn, "increases penalties for hacking into servers and removes roadblocks that prevent government security experts from discussing threats with their counterparts at Internet service providers and other companies," according to Reuters. The bill is similar to one introduced earlier this month in the Senate by Republican senator John McCain.
Democrats, too, have proposed legislation that would put more of the onus on companies to prove to the federal government that their networks are secure.
Henry said that despite hacker attacks on high-profile companies like Lockheed Martin and Citigroup, companies large and small still are not taking security seriously enough.
"I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security."
Meanwhile, National Security Agency director General Keith Alexander "revealed that the attack against online security company RSA last year originated from China," according to The Verge, which said Alexander told the Senate Armed Services Committee Tuesday "that China is responsible for 'a great deal' of theft of military-related intellectual property from the US."
Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.