US FBI GETS TOUGH ON CYBERCRIMERED HERRING | FBI Gets Tough on Cyber CrimeFBI Gets Tough on Cyber Crime

The Fed’s cyber squad will meet with Silicon Valley defense contractors in crack down on cyber crime.
September 26, 2005

The U.S. Federal Bureau of Investigation plans to meet with small- and medium-sized defense contractors in Silicon Valley to increase awareness about security risks to their IT infrastructure and encourage cooperation with law enforcement in the event of an IT break-in, the Bureau’s San Francisco-based agents said Monday.



The move represents the FBI’s efforts to reverse the decline in the number of computer intrusions that are reported to law enforcement, despite the increase in the number of cyber crime attacks. When it begins sometime in November, the outreach program will be the first time the FBI has set out to work on crime-fighting with a specific sector in the Valley.



The percentage of cyber crime victims who report their computer intrusions has reached the lowest level in the last seven years, a recent survey released by Computer Security Institute and the FBI shows. The survey’s results are based on the responses of 700 computer security practitioners across various corporations, financial institutions, and universities.

With the program, the FBI plans to have its special agents personally visit companies and give presentations emphasizing the importance of creating secure networks and reporting security intrusions to law enforcement agencies.



“The message is about what to do when they encounter an intrusion into their systems,” said Gloria Zaborowski, special agent, San Francisco, FBI division. “We will answer all questions about what to do when someone is soliciting them over email for information or how to recognize front companies trying to get information about products that are then being sent to restricted countries overseas.”



Defense Contractor Focus

The FBI’s outreach program will initially have about 10 of the San Francisco cyber squad division’s agents involved. Though the focus is initially on the IT companies that are defense contractors, it will eventually be expanded to other companies in the Valley.



“Small to medium defense contractors are companies that do not focus on their IT infrastructure much,” said Ms. Zaborowski. “We are going to start with them and then we will expand the program to others companies, perhaps those who sponsor dual-use technology.”



In the Bay Area, the FBI has three cyber crime-related squads, with about eight to 10 agents in each squad. The cyber squads deal with both computer-related crime and counterterrorism and counterintelligence issues.



As part of their presentation, the FBI’s special agents will explain various security threats, how to work with law enforcement, and what to do in case of a security-related crime, including preserving evidence.



“It is critical for us to get that word out,” said Ms. Zaborowski. “Obviously, some of these companies have not had a visit from us and we hope reaching out to them will help educate them about the problem and how to work with us.”



The FBI’s San Francisco division will partner with the U.S. Department of Defense for the program. By the beginning of 2006, the Bay Area division hopes to have nearly 30 agents involved in the outreach program.



“We can’t twist the arm of companies into reporting cyber crimes, but we can educate them to go for criminal action instead of civil action against security attackers,” said Ms. Zaborowski.



Troubling Trend

Only 20 percent of those who faced security threats reported them to law enforcement and about 12 percent sought legal counsel, said the CSI/FBI survey.



Though companies have no obligation to report cyber crime, the trend is troubling for the FBI. Most companies do not like to publicly discuss security breaches to their network. Many fear negative publicity or worry that competitors will use the issue to their advantage.



In particular, 43 percent of companies responded that negative publicity was a concern while 33 percent said they thought competitors would use their revelations of a security breach to their advantage.



Another 16 percent thought that using a civil remedy was an important reason for not reporting the intrusion.



Participation Needed

For its division to be effective and relevant, the FBI needs greater participation from companies, the agents said.



“Laws can be effective only when enforced and the industry needs to work with the agency to help us tackle the issue,” said Shelagh Sayers, special agent, San Francisco FBI Computer Crime Squad.



To create this partnership between law enforcement agencies and companies, the FBI established InfraGard in 2001. The program strives to increase awareness about securing infrastructure and working with law enforcement in case of any threats.



InfraGard has 78 chapters and 13,000 members throughout the United States. The San Francisco Bay Area chapter, led by Ms. Sayers, has about 500 members. It holds quarterly meetings that invite public- and private-sector speakers to discuss issues related to securing their critical infrastructure.



Ms. Sayers said that she spends much of her time doing presentations and being a part of employee-awareness seminars at various companies. Last week, she spoke with members of CSI in San Francisco to explain how companies can preserve evidence in case of a security breach.



The outreach program will work independently of the InfraGard initiative, said Ms. Zaborowski