Menu
Banking Exchange Home
Menu

New FBI malware information-sharing system coming

System to share information at machine-to-machine speed

New FBI malware information-sharing system coming Gil C / Shutterstock.com

Earlier this year the new FBI director revealed that the agency will introduce a system intended to share information among private businesses about digital intrusions in near-real time.

Called “Malware Investigator,” its purpose will be to gather and share intelligence from public, private, and government sources to stop threats before they become problems, mainly by passing information directly from machines to machines.

“Human speed won’t cut it anymore. The cyber threat is too pervasive, too persistent, and too fluid,” said James Comey, who became FBI director in September. He spoke in February before the RSA Cyber Security Conference in San Francisco.

While not providing many details about the new system, Comey said it will generally be an unclassified version of a malware repository and analysis tool the FBI already has called the Binary Analysis Characterization and Storage System (BACSS). In general, the system helps link malware in different jurisdictions and paints a picture of cyber threats worldwide. The Malware Investigator version will be introduced sometime later this year, he said.

Comey said the initiative comes from an understanding that the agency needs to do a better job communicating with private entities that already are required to provide detailed information about digital crimes, but who have not received much valuable intelligence in return.

“To date, we’ve been fighting [distributed denial of service] attacks at mere human speed, sending malware indicators, host names, and IP addresses to those in the private sector. We understand that sending a laundry list of IP addresses without any content isn’t useful and puts companies at risk of blocking legitimate web traffic,” Comey said.

Instead, he said, with the new system, “Imagine a day where intelligence from combined sources—the government, antivirus companies, ISPs, the financial services sector, and communications companies—is shared instantaneously, machine-to-machine, pursuant to law and with strong privacy protections in place. What if we were able to stop much of the malware as it transited the networks? It is no longer good enough to identify malware as it attacks your system.”

Once it is in place, he said, “If your company has been hacked, you can send the malware to us, and, in most cases, receive a report within hours on how it works, what it might be targeting, and whether others have suffered a similar attack.”

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at jginovsky@sbpub.com.

back to top

Sections

About Us

Connect With Us

Resources