"Terrorism does remain the FBI's top priority, but in the not too-distant-future we anticipate that the cyber threat will pose the greatest threat to our country," FBI Director Robert Mueller told a gathering of security professionals on Thursday at RSA's annual conference in San Francisco.
"Today, terrorists have not used the Internet to launch a full-scale cyber attack, but we cannot underestimate their intent," he said.
In the wake of the Sept. 11 attacks, the FBI invested heavily to develop new skill sets and formed more than 100 joint anti-terrorism task forces with other government agencies, military branches and local law enforcement organizations.
It's now following a similar model to fight cyber criminals. The FBI has a dedicated cyber security squad in each of its 56 field offices and has 1,000 dedicated agents and analysts working the Web beat, Mueller said.
They focus on three key threat groups: terrorists, organized crime rings and state-sponsored cyberespionage.
Mueller didn't single out China by name, but the nation's prominence on the threat landscape was an oft-mentioned topic at this week's conference.
"State-sponsored hackers are patient and calculating," Mueller said. "They have the time, money and resources to burrow in and wait. You may discover one breach only to find that the real damage has been done at a much higher level."
Mueller had a request for RSA's attendees: Work with us.
Businesses are often loathe to report security breaches. They'd generally rather handle problems privately than risk exposure and a time-consuming investigation.
Congress is considering stiffer disclosure rules, a step Mueller advocated in his speech, but he also encouraged attendees to voluntarily come forward and report it when they're attacked.
"There are only two types of companies: those that have been hacked, and those that will be.
Even that is merging into one category: those that have been hacked and will be again," he told the crowd. "Maintaining a code of silence will not serve us in the long run."