Security officials discuss efforts to combat computer crime
Research and development into cybersecurity is essential to combat computer crime, a security researcher said on Monday.
"Computer crime is rising in scope," said Andrew Macpherson, the technical program coordinator for Dartmouth University's Institute for Security Technology Studies. "I don't think we have any way of quantifying computer crime [at this point]."
To fend off cyberattacks, Macpherson and his technical analysis group at the institute have three projects in the works: intelligence reports on cybersecurity and the cyber capabilities of threat groups; an investigative contact list for cyberattacks; and a national R&D agenda for investigative tools and technologies related to such attacks.
"We're seeing a major shift in business' ability or desire to report computer crimes," Macpherson said.
"There's not really any law on the books that tells companies to turn over [information about cyberattacks], except in California," said Trent Teyema, a supervisory special agent with the FBI's squad for criminal computer intrusions.
"I like to call it the pain threshold," said Anthony Reyes of the New York City Police Department's unit on computer investigations and technology. "It depends on how much pain the companies can absorb" before they notify customers.
But failing to address vulnerabilities can open networks to terrorism, Macpherson said. "Terrorists are well aware of our prosecutorial thresholds," he said. "They do minor frauds but [do] many of them. Law enforcement has built its capability up in the past few years."
"[Training] is definitely a catch-up game," Reyes said. "Fortunately with the advent of some of the electronic-crime task forces ... there is a lot of networking that is going on. I can personally call someone in every state and find someone who has a basic understanding of cyberattacks."
Macpherson said his organization's plans for a contact list will help with that effort. "We thought it would be based on personal contacts, but indeed those officers have rotated so quickly in the past nine months, it's now more profitable to have a more organizational picture."
Still, "knowledge of tools is definitely not ubiquitous across law enforcement communities," Macpherson said. "This is another reason you want a [R&D] agenda out there. It provides scientists with detailed information and priorities when developing technologies for law enforcement."
The panelists do not believe federal legislation would solve the problem of cyber weaknesses. "The position recently [is] to avoid legislation and work with industry to self-regulate," Teyema said. "The states are being more aggressive and more restrictive than the feds."
"Everyone's doing their own thing," Reyes said of the states.
Teyema added that the most basic thing anyone can do if touched by cyber crime is to notify authorities. "Regardless of the intrusion, file a report," he said. "If you don't file a report, we don't know about it."