Law enforcement at disadvantage in war on cybercrime

Law enforcement at disadvantage in war on cybercrime
Law enforcement at disadvantage in war on cybercrime

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By William Jackson

The two things law enforcement and government need to combat the 
epidemic of cybercrime is better information sharing and better 
information to share, a panel of security experts on Capitol Hill 
concluded Monday.

The panel was put together by the Advisory Committee to the 
Congressional Internet Caucus to discuss cybersecurity threat 
assessment. The picture they painted was a familiar one of increasingly 
sophisticated online criminals responsible for a global crime wave that 
law enforcement has neither the technical nor legal resources to combat.

=E2=80=9CInformation sharing is one of the keys to solving this problem,=E2=80=9D said 
Gary Warner, of the computer and information sciences department of the 
University of Alabama at Birmingham.

Warner said that when some banks began sharing lists of compromised IP 
addresses to compare with fraudulent account activity, they were able to 
prevent some losses. But that kind of cooperation still is not common, 
especially in government, said Keith Rhodes of the Government 
Accountability Office=E2=80=99s Center for Technology and Engineering.

=E2=80=9CUnfortunately, there is a lot of talk about information sharing=E2=80=9D in 
government, but not much action, Rhodes said.

Many agency managers do not want to report or acknowledge problems, and 
the result is that common problems crop up repeatedly in networks. This 
shows up in GAO=E2=80=99s penetration tests of those networks, Rhodes said.

=E2=80=9CThey never stop us,=E2=80=9D he said. =E2=80=9CWe always get in, they never see us and 
they never react properly.=E2=80=9D

Law enforcement agencies generally do not have the level of technical 
expertise available to cybercriminals, said Gregory Crabb of the U.S. 
Postal Inspection Unit=E2=80=99s global cyberinvestigations unit. This makes it 
difficult to get an adequate return on the time and effort invested in 
investigation of computer crime. More research and training for 
investigators are needed, he said.

The Postal Inspection Service is doing its part toward this by 
participating, along with the FBI and state and local law enforcement 
agencies, in the National Computer Forensics and Training Alliance. The 
alliance offers a confidential forum for sharing information by agencies 
and with the private sector. The service has invested $850,000 in a 
NCFTA training center.

=E2=80=9CThat=E2=80=99s a major investment, because the Postal Inspection Service 
doesn=E2=80=99t get funding from Congress,=E2=80=9D Crabb said.

Rhodes said government also needs to do a better job on its own 

=E2=80=9CThe government has to get its house in order=E2=80=9D and provide a practical 
example as well as mandates and regulation to be a responsible partner 
in the public-private partnership necessary to secure cyberspace, he 
said. =E2=80=9CI don=E2=80=99t see anyone in government being held accountable for their 
security=E2=80=9D until a lapse makes front-page news. =E2=80=9CAnd that=E2=80=99s not being 
held accountable. That=E2=80=99s just being embarrassed.=E2=80=9D

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - 


Site design & layout copyright © 1986-2014 CodeGods