Private sector key to cybercrime fight, feds say
The Secret Service moves to raise awareness levels about organized cybercrime
Story by Dan Verton

( COMPUTERWORLD ) - STANFORD, Calif., -- Federal law enforcement officials' battle against organized cybercrime is beginning to make some progress. But more cooperation is needed from the private-sector companies that are the targets of these criminal groups.

That's the conclusion of officials who took part in this month's IT Preparedness Exercise here, sponsored by the U.S. Secret Service. Computerworld was granted exclusive access to the exercise under an agreement that the content and results of the scenarios used not be disclosed.

Top Execs Involved

The exercise, held Nov. 5-6 on the campus of Stanford University, included more than 180 senior-level executives from the private sector. It was the third in a series of Secret Service IT Preparedness Exercises mandated by the Department of Homeland Security. The Secret Service is now a DHS agency.

Although detailed results of the exercise can't be disclosed, the bulk of the corporate representatives present indicated that they lacked knowledge about the various private-sector Information Sharing and Analysis Centers. Many were either unfamiliar with the role of ISACs or unaware of their existence altogether.

ISACs are alliances formed within vertical industries to improve information sharing about security vulnerabilities and threats.

Enough questions were raised on the first day that the exercise planners added an impromptu presentation by a senior representative of the Financial Services Sector ISAC on what ISACs are and what they do.

This lack of awareness, which has been evident at other conferences attended by other industry groups (see story) is one of the primary reasons the Secret Service holds the exercises, officials at the event said.

Communication Essential

The primary mechanism that needs to be in place is a strong and robust relationship and communication between the private sector and the government, such as that provided by the ISACs, said John Frazzini, vice president for intelligence operations at Reston, Va.-based security firm iDefense Inc., and a former agent and founding member of the electronic crimes division at the Secret Service. Without that, Frazzini explained, it will be a hodgepodge approach that will not be very effective. This is an opportunity for corporate executives to get involved and contribute.

Frazzini also contributed to an October World Bank report, Electronic Safety and Soundness: Securing Finance in a New Age, which concludes that the lack of accurate and timely reporting of cybercrime incidents is hampering the overall battle against cybercrime.

The private sector will need to make unprecedented efforts to cooperate with law enforcement agencies and with supervisory authorities within and across borders due to the very global nature of the Internet technology backbone, the World Bank report states.

Robert Weaver, deputy special agent in charge of the Secret Service's New York Electronic Crimes Task Force, said companies in critical-infrastructure sectors don't have to experience a loss or want to prosecute to ask the Secret Service for assistance. It's not a reactive model, he said. It's 'Get your butt out from behind the desk and go help.'

The full article is at ComputerWorld