By Wilson P. Dizard III
Federal Computer Week
June 27, 2007
ORLANDO, Fla. -- A reinforced cadre of federal cybercrime prosecutors
and technicians at the third annual GFirst conference marshaled new
deterrents and defenses against the rising level of cyberattacks, as
industry executives forecast increases in the market for security
More than 550 people from about 70 organizations attended the
conference, including dozens from the Justice Departments Computer
Hacking and Intellectual Property Coordinators Conference. The CHIPS
attendees convened several closed meetings to discuss investigative and
legal strategies against cybercrime.
CHIPS has grown from five prosecutors in 1991 to more than 240 DOJ
attorneys, including two prosecutors in each regional office and a
headquarters team in Washington, officials said. CHIPS members provide
technical and legal support to other prosecutors and Justice officials.
Greg Garcia, the Homeland Security Departments assistant secretary for
cybersecurity and communications, said his organization had received
more than 21,000 reports of cyber incidents through May during this
fiscal year, in contrast to about 24,000 during all of 2006.
Phishing attacks accounted for about 72 percent of complaints in the
most recent quarter, Garcia said in his opening remarks.
He highlighted the importance of the sector-specific infrastructure
protection plans that DHS released in May. Adding operational content to
those plans is a major department goal for the rest of this year and
beyond, he added.
DHS worked with infrastructure-sector teams known as Information Sharing
and Analysis Councils (ISACs) to frame the plans.
Speaking during a subsequent panel alongside leaders of the Information
Technology and Communications ISACs, Garcia said he and his industry
peers would work during the coming months to combine operational
functions of the two industry groups.
Increasingly we are finding that IT and communications are one and the
same, Garcia said.
We are working with the IT ISAC [and its communications counterpart] to
co-locate them under one roof to increase the level of integration and
situational awareness, Garcia said. This is a longer-term objective of
mine and one we are getting started on right now.
The IT ISAC recently convened the first meeting of a horizontal national
computer infrastructure working group that attracted participation from
representatives of several other infrastructure sectors, said Guy
Copeland, president of the IT ISAC.
That working groups initial meeting last month drew more than 40
attendees, and more are expected to attend future meetings, Copeland
said. He also works as vice president for Information Infrastructure
Advisory Programs at Computer Sciences Corp.
The first step [for the horizontal IT ISAC working group] will be to
look for commonly shared IT issues across the various infrastructure
sectors, Copeland said.
IT security industry executives at the concurrent security product
exposition agreed that the market for their products is booming.
With security products, you expect attention from early adopters such as
the federal government and the financial industry, said Joshua Shaul,
director of systems engineering at Application Security, a software
vendor. Now, there is increased attention from the manufacturing, retail
and other sectors.
Other vendor executives cited increased security threats from factors
such as botnets as drivers of market growth in the government and
In a separate, private interview, Garcia cited the role of botnets
during recent cyberattacks on Estonian government and commercial sites.
He noted that although Estonian government officials charged that the
attacks were orchestrated by the Kremlin, the North Atlantic Treaty
Organization had not characterized them as an act of war.
In botnet incidents, Garcia said, attribution is really difficult.
Before you declare war you have to know who the enemy is.
That is what makes the botnet challenge so vexing, Garcia continued. It
is very difficult to trace back to the botnet herder. We have working
group within the National Cyber Response Coordination Group working to
understand botnets better, to deal with them and stop them.
Garcia said his office had assigned a technical support official to work
in Estonia for several days to assist technicians in that NATO member
Additional sessions at the conference focused on detailed legal and
technical approaches to analyzing and prosecuting cyber crimes, among
GFirst is an acronym for Government Forum of Incident Response and
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com