[ISN] Feds tells companies: Report those intrusions

InfoSec News isn at c4i.org
Fri Mar 25 04:33:37 EST 2005


http://www.computerworld.com/securitytopics/security/story/0,10801,100598,00.html

By Thomas Hoffman 
MARCH 24, 2005 
COMPUTERWORLD

NEW YORK -- Corporate executives are often reluctant to report network
intrusions for fear of having those security breaches made public and
drag down stock prices. But state and federal law enforcement
officials who spoke on an information security panel here yesterday
said such reports can sometimes provide an important missing link in
larger cybersecurity investigations.

"It may be a critical piece of information you're submitting to us --
you never know where that fits into the pie," said Ron Layton, section
chief of the cyber coordination branch for the U.S. Department of
Homeland Security in Ballston, Va. Layton was one of several law
enforcement officials who spoke at the final stop of a four-city
information security conference sponsored by Kings Park, N.Y.-based
AIT Global Inc. and InfoWorld Media Group, a sister company to
Computerworld.

Simply put, if corporate managers fail to report network breaches,
state and federal authorities have a much tougher time catching
hackers and other cyberpunks.

"If we're not getting the [reports], we're not getting a good gauge of
what's happening out there," said Mike Levin, assistant to the special
agent in charge for the U.S. Secret Service Electronic Crimes Task
Forces in Washington.

Levin conceded that the Secret Service can't respond to every security
report filed. "But if someone has penetrated your network, or
certainly if there is a financial loss, then you should call us."

Network intrusion reports don't necessarily have to fall within the
statutory $5,000 minimum loss for federal authorities to investigate
them, said Kent McCarthy, a special agent for the U.S. Secret Service
in New York. He pointed to one recent network intrusion investigation
at a multibillion-dollar company in New York where there was no dollar
loss. The investigation traced the intrusion to a former employee who
is now in jail, and the Secret Service worked with the company to try
to prevent future IT security breaches.

McCarthy said the Secret Service does its best to protect the
anonymity of corporations that report network intrusions. "We're not
looking for a press release," he said.

Levin said that the older the crime is, the less interested the media
tends to be about reporting on it "because it's not fresh anymore."

Besides, it can backfire on law enforcement agencies to make such
disclosures. Said Layton, "If we imprudently disclose [an
organization's identity], we've closed that conduit to a trusted
source."





More information about the ISN mailing list