The current approach used by the U.S. to secure critical networks is unsustainable, a retiring FBI cyber official told the Wall Street Journal.
Shawn Henry, executive assistant director for cybersecurity, told the Journal that computer criminals are too talented and the current approach is not strong enough to stop them.
The U.S. cybersecurity approach is unsustainable in that it is never able to effectively get ahead, Henry said.
He set to retire from the bureau this year.
Networks will remain vulnerable unless the government and private companies change their approach, Henry said.
James Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, agreed with Henry’s assessment and suggested to the Journal that there is likely not a single secure computer or network in the U.S.
Henry told the Journal that the FBI continues to uncover increasing amounts of data stolen from companies without the companies realizing they had it stolen.
At times, the FBI found that companies had in fact been breached for months and even years, giving adversaries full visibility on the network, Henry added.
He attributes long-term breach issues to how companies and government play defense instead of conducting an offensive cyber tactic, according to the Journal.
According to Henry, the skill of adversaries is so substantial at times that they just leap over the cyber defense systems without being noticed.
Companies should be hunting inside their network, he said.
Henry asserted that companies should not keep their most valuable data on the network.
In October, he suggested that the government consider setting up a secure Internet, separate from the public Internet.
Henry said companies should coordinate with their financial, chief executive and general counsel leaders to develop their cyber strategies.
Intelligence and defense officials told Senate lawmakers on March 21 that the U.S. in fact needed a new strategy where it keeps a close eye on nation-state threats, among other things.