Although it seems as though cybercrime has been around forever, it's still a relatively new discipline that requires companies, law enforcement, and prosecutors to communicate frequently and adjust their tactics accordingly in order to catch the perps and put them away.
Hence the need for next week's third annual Government Forum of Incident Response and Security Teams Conference, where law enforcement officials at all levels will for the first time at this venue rub elbows with more than 200 attorneys and prosecutors, including all 92 assistant U.S. attorneys.
"Back when we started the conference, our focus was on information sharing at the technical level," Rob Pate, deputy director of outreach and awareness for the Homeland Security Department's National Cyber Security Division, told InformationWeek. "Now we're bringing in law enforcement and prosecutors to share our information."
Pate, who formerly served as director of strategic operations for the U.S. Computer Emergency Response Team, or US-CERT, is also the founder of Government Forum of Incident Response and Security Teams.
Communication among private-sector businesses, government, and law enforcement is especially important as zero-day vulnerabilities -- those for which there is no patch -- proliferate and attackers adopt new tactics for breaking into systems. "We have to rapidly share information about what we're seeing because cybertime moves in seconds," Jerry Dixon, director of the National Cyber Security Division, told InformationWeek.
Homeland Security is seeing a wider range of cyberthreats every month, including sophisticated click frauds that attach malware to users' PCs when they visit Web sites, centralized botnets that steal computing resources and launch additional security attacks, and peer-to-peer botnets that evade detection by moving the botnets' command-and-control module from device to device. "You almost need a Ph.D. in software engineering to address P2P botnets," Dixon added.
The FBI reported earlier this month that, as a result of its Operation Bot Roast, an ongoing and coordinated initiative to disrupt and dismantle bot herders, law enforcement had identified about 1 million computers across the country that have been compromised. Homeland Security's hope is that legal experts and law enforcement officials will learn from each other with the ultimate goal of catching and punishing cybercriminals.
By pulling together the administrators, consultants, and law enforcement officials who detect and investigate security threats, Homeland Security wants to develop a forum for them to communicate face to face and exchange ideas and concerns. For last year's conference, Internet service providers were invited because "all of us have to use ISPs to get access to the information" required to track down the sources of cybercrime, Dixon said. The prosecutors invited to this year's conference will close the law enforcement cycle to ensure that these legal pros have the evidence they need to charge cybercriminals and make those charges stick.
This year's conference couldn't come soon enough. The U.S. Government Accountability Office earlier this week issued a report blasting Homeland Security for continuing to have deficiencies in its information security program that contribute to significant weaknesses in computer security controls that threaten the confidentiality, integrity, and availability of key departmental information and information systems. A congressional hearing Wednesday revealed that Homeland Security suffered 844 "cybersecurity incidents" during fiscal 2005 and 2006.