Joseph Demarest, assistant director at the FBI, has been testifying on the threats of cybercrime to a Senate Committee on Banking, Housing and Urban Affairs, and Network World reports that the agency has three specific recommendations of how Congress could assist with the ever-evolving problem.
The first step would be updating the Computer Fraud and Abuse Act. The law, first enacted all the way back in 1986 was created at a time when cyberthreats were comparatively modest, has had amendments over the years, but none since 2008. "Updating the CFAA to reflect these changes would help strengthen our ability to punish, and therefore to deter, the crimes we seek to prevent," Demarest explained
A second step, Demarest opined, would be for businesses to provide swift notifications to consumers of any data breaches that occur. "Such a standard would not only hold businesses accountable for breaches, but would also assist in FBI and other law enforcement efforts to identify, pursue, and defeat the perpetrators of cyber attacks."
The third step involves a greater sharing of information between government and the private sector allowing the FBI greater insight into the kind of active threats affecting businesses. "The FBI supports legislation that would establish a clear framework for sharing and reduce risk in the process, in addition to providing strong and straightforward safeguards for the privacy and civil liberties of Americans. U.S. citizens must have confidence that threat information is being shared appropriately, and we in the law enforcement and intelligence communities must be as transparent as possible," Demarest explained.
During his testimony, Demarest highlighted several changes in the cybercrime landscape to justify his recommendations, including Botnets, vulnerabilities in mobile banking and the "over 1 million computers worldwide" infected with malware. He also pointed to high profile attacks on eBay, JP Morgan Chase and Sony Pictures.
The full transcript of Demarest's testimony can be read here.