U.S. still not prepared for cybercrime
The upshot: It's going to take a major high-tech disaster to shake up corporate and government officials enough to work together in fighting high-tech crime.
Back-alley discussions form an expected part of any conference with representatives from the major three-letter government groups, and the Symposium, which ended Friday, didn't disappoint. Hosted by the University of Illinois at Chicago, it featured meetings between officials from the FBI, CIA, DOD and NSA with law-enforcement and industry-security representatives. The main topic: Issues in investigating high-tech crime, preventing cyber-terrorism and protecting against information warfare.
While the public seminars offered hope to cops playing catch-up in technology and to prosecutors with loads of cases that they, frequently, are not sure how to prosecute, the back-alley talk came to a different conclusion.
Follow the money
A major problem is corporate reluctance to report computer problems, leaving others open to the same problems.
One DOD official pointed a finger directly at banks, and their secrecy.
"You cannot convince me that there is not a conspiracy in the financial community not to report (computer security problems)," said Jim Christy, assistance secretary of defense for Command, Control, Communications and Intelligence (ASDC3I).
Christy cited a survey of Fortune 1000 companies that found that 94 percent of surveyed firms did not have the in-house expertise to respond to a critical computer emergency. Of the firms that answered the survey, 58 percent, or 411, detected computer security incidents, but only four of the incidents were reported.
According to Christy, not one financial company revealed whether it had had a security problem in the last 12 months -- they just X-ed out the question. Despite the fact that reporting security break-ins is mandatory for banks with federal insurance, few actually want to make their problems public. Such a visible airing of their security holes could cause customers to lose confidence and abandon ship.
"It's a risk for them," said Doris Gardner, a representative of the FBI's just-established National Infrastructure Protection Center. "Should they admit they have been hacked or hush up the problem?"
Whose bailiwick?
To make matters worse, law enforcement officials seem poised to fight over who has jurisdiction in cyberspace.
Because the Internet crosses state boundaries, the FBI has been quick -- after an initial slow start -- to assert its jurisdiction over cyber-crimes. But now state and local police look like they're ready to take issue with the FBI.
"If someone in [the neighborhood] has a computer problem, their first notion is to go the local police -- that's me," said a Chicago police officer at the conference, who asked not to be named. "They don't want to deal with the FBI."
Another problem: Despite the fact that only about one in 20 cases of computer break-ins are reported, the FBI is quickly becoming swamped.
 |
| Is the current security environment ripe for disaster, or are government officials overblowing the problem? Add your comments to the bottom of this page. |
 |
According to the NICP's Gardner, the new FBI organization has more than 500 cases of computer crime pending, up 130 percent from 1996. If more cases of break-ins are detected and reported, the FBI might have too much to handle at once.
Not just the U.S.
This spells serious trouble for the United States. Because the United States depends on the Internet and computer more than any other country, it's the country most at risk.
Yet, other nations -- including Israel, Canada, France, and Germany -- had representative looking to learn from the States' problems.
The problems have even reached the hinterlands of the Internet. Five officers from the Botswana police department had made the trek to Chicago for the conference.
"We have had many problems with banks and computer crime," said Officer Tabathu Mulale.
At least in Botswana, their banks know they have problems.