News
News
6/22/2007
01:39 PM
Connect Directly
RSS
E-Mail
50%
50%

Cybercrime Fighters To Gather Next Week

Law enforcement officials, including all 92 assistant U.S. attorneys, will meet to coordinate efforts against zero-day vulnerabilities and other online threats.

Although it seems as though cybercrime has been around forever, it's still a relatively new discipline that requires companies, law enforcement, and prosecutors to communicate frequently and adjust their tactics accordingly in order to catch the perps and put them away.

Hence the need for next week's third annual Government Forum of Incident Response and Security Teams Conference, where law enforcement officials at all levels will for the first time at this venue rub elbows with more than 200 attorneys and prosecutors, including all 92 assistant U.S. attorneys.

"Back when we started the conference, our focus was on information sharing at the technical level," Rob Pate, deputy director of outreach and awareness for the Homeland Security Department's National Cyber Security Division, told InformationWeek. "Now we're bringing in law enforcement and prosecutors to share our information."

Pate, who formerly served as director of strategic operations for the U.S. Computer Emergency Response Team, or US-CERT, is also the founder of Government Forum of Incident Response and Security Teams.

Communication among private-sector businesses, government, and law enforcement is especially important as zero-day vulnerabilities -- those for which there is no patch -- proliferate and attackers adopt new tactics for breaking into systems. "We have to rapidly share information about what we're seeing because cybertime moves in seconds," Jerry Dixon, director of the National Cyber Security Division, told InformationWeek.

Homeland Security is seeing a wider range of cyberthreats every month, including sophisticated click frauds that attach malware to users' PCs when they visit Web sites, centralized botnets that steal computing resources and launch additional security attacks, and peer-to-peer botnets that evade detection by moving the botnets' command-and-control module from device to device. "You almost need a Ph.D. in software engineering to address P2P botnets," Dixon added.

The FBI reported earlier this month that, as a result of its Operation Bot Roast, an ongoing and coordinated initiative to disrupt and dismantle bot herders, law enforcement had identified about 1 million computers across the country that have been compromised. Homeland Security's hope is that legal experts and law enforcement officials will learn from each other with the ultimate goal of catching and punishing cybercriminals.

By pulling together the administrators, consultants, and law enforcement officials who detect and investigate security threats, Homeland Security wants to develop a forum for them to communicate face to face and exchange ideas and concerns. For last year's conference, Internet service providers were invited because "all of us have to use ISPs to get access to the information" required to track down the sources of cybercrime, Dixon said. The prosecutors invited to this year's conference will close the law enforcement cycle to ensure that these legal pros have the evidence they need to charge cybercriminals and make those charges stick.

This year's conference couldn't come soon enough. The U.S. Government Accountability Office earlier this week issued a report blasting Homeland Security for continuing to have deficiencies in its information security program that contribute to significant weaknesses in computer security controls that threaten the confidentiality, integrity, and availability of key departmental information and information systems. A congressional hearing Wednesday revealed that Homeland Security suffered 844 "cybersecurity incidents" during fiscal 2005 and 2006.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.