Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/25/2011
05:24 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Proposed Nonprofit Would Bridge Law Enforcement, Enterprise Security Worlds

Organization aimed at translating business' breach experience and what information law enforcement needs to prosecute a case

Organizations rarely report breaches to law enforcement, but a new grassroots effort exploring the creation of a nonprofit to bridge the gap between law enforcement and security professionals hopes to change that.

Alerting law enforcement that your organization has been "owned" just doesn't cut it because that will get lost in translation, says Nick Selby, managing director of Trident Risk Management, who is spearheading the formation of the nonprofit. "[But] If you say, 'My systems were breached' in a way that the penal code describes it, and that you suffered [X] dollars in damages, and customer records were exposed to potential identity theft, now you've given the cops something they can dig their teeth into," says Selby, who will discuss the latest on his concept for the nonprofit at next month's BSides conference in San Francisco.

Selby, a security consultant who was sworn in as a police officer last year, says the key is to give businesses and law enforcement the ability to better communicate and understand one another in the aftermath of an attack. That way, a breached company calling local law enforcement would provide up front the information investigators need, the proper forensic evidence, and leads that will help them prosecute the case, for example. "The private sector is great at investigative work. Law enforcement doesn't know what to ask for unless you've worked with them for a while," he says. "All we have to do is get what each other needs. Cybercrime is not diminishing."

Most organizations suffering breaches that don't require public disclosure don't call in law enforcement, mainly because they consider it an exposure risk, as well as an effort with little or no payback. And those that do have their own rules about reporting to law enforcement. Some require nondisclosure agreements, and that's something the FBI traditionally won't agree to. There's also the question of who to call -- local law enforcement, the FBI, or the Department of Homeland Security?

InfraGard, a partnership between the FBI and private industry to share information and intelligence, can help, but most small organizations aren't participants, Selby says. He says the idea is not to overlap with InfraGard and similar groups, but instead to complement them. "We need to help law enforcement and security pros communicate with one another better by translating [for them]," he says.

Budget-strapped law enforcement agencies, meanwhile, are becoming bombarded with more and more cybercrime cases. "The problem is there's a lack of knowledge of how to investigate and prosecute them," says David Henderson, a police sergeant in the Dallas-Forth Worth area who handles cybercrime cases. Henderson says he and his fellow law enforcement officials need specifics, such as what was stolen, how it occurred, and the value of the stolen information. "We need to know the value because there's a scale that determines what classification the offense is -- whether it's a misdemeanor or felony, and what grade," for example, he says.

"The most important thing is that we can confirm something happened and can articulate it so that a jury can understand what was taken, how it was taken, and by whom," Henderson says. Evidence such as forensics logs would get handed off to the department's forensics specialist for analysis, he says.

Among the main cybercrime cases his department sees: breaches, bank account fraud, and ATM skimming, he says. And the key is getting the victim organizations and law enforcement on the same page to tackle these crimes, he says. "It's our responsibility to get together and learn from one another," he says.

Selby says he has had several large organizations offering to help, but there has also been some pushback from both security pros and law enforcement who don't want anyone telling them how to do their jobs. "[Some] people hate this idea already," he says. But the proposed organization would not tell them how to do their jobs, but instead provide them a resource, he says.

"I've been really encouraged by the response I've gotten from the infosec community and a lot of people in law enforcement -- local, county, and state law enforcement have been really encouraging," Selby says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21392
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addre...
CVE-2021-21393
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-29429
PUBLISHED: 2021-04-12
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded in...
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.