The Federal Bureau of Investigation’s top cyber cop offered a grim appraisal of the nation’s efforts to keep computer hackers from plundering corporate data networks: “We’re not winning,” he said.
Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is “unsustainable.” Computer criminals are simply too talented and defensive measures too weak to stop them, he said.
His comments weren’t directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks for critical U.S. infrastructure, such as electrical-power plants and nuclear reactors. Though few cybersecurity experts disagree on the need for security improvements, business advocates have argued that the new regulations called for in one of the bills aren’t likely to better protect computer networks.
Mr. Henry, who is leaving government to take a cybersecurity job with an undisclosed firm in Washington, said companies need to make major changes in the way they use computer networks to avoid further damage to national security and the economy. Too many companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking—or the costs they may have already suffered unknowingly—by operating vulnerable networks, he said.
“I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,” Mr. Henry said.
James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, said that as gloomy as Mr. Henry’s assessment may sound, “I am actually a little bit gloomier.”
More from WSJ.com @ http://online.wsj.com/article/SB10001424052702304177104577307773326180032.html