Forwarded from: sscaletat_private http://www.nytimes.com/2002/02/12/technology/12CYBE.html?ex=1014550854&ei=1&en=9b30c31569228713 February 12, 2002 By BARNABY J. FEDER The first guidelines for responding to attacks on computer systems to be endorsed by both the F.B.I. and the Secret Service, the main Federal agencies fighting such crimes, were published yesterday. The guidelines were drafted by government and private security experts brought together by CIO magazine, a trade publication for information technology executives. The guidance comes at a time when the number of both government and private organizations trying to track and fight electronic crimes has been expanding, partly in response to Sept. 11. But experts say many businesses continue to be reluctant to provide law enforcement officials with enough information to pursue cybercriminals. Companies often fear that they will lose business if security breaches become public or that they will become the target of revenge attacks. "People are very fearful of all the publicity that surrounds going after someone and convicting them," said Bruce Schneier, chief technology officer of Counterpane, a computer security company based in Cupertino, Calif. Such fears can be overcome in many cases, said Ronald L. Dick, the F.B.I. official who heads the government's National Infrastructure Protection Center. "They'll share information with us every time if they have an inkling we can prosecute successfully," Mr. Dick said. Still, he said, the new guidelines should help fight fears that the government agencies would respond to intrusion reports "by seizing your server and putting yellow tape around it." The 12-page CIO guidelines provide complete contact information for businesses to report intrusions to public authorities and various information-sharing partnerships like the 65 InfraGard chapters the F.B.I. has helped set up around the nation. They also outline practices that the F.B.I. and Secret Service advocate, like developing relationships with electronic crimes experts at the agencies ahead of time so that managers have a personal contact to take their call. The guidelines advise against reporting minor intrusions, like the efforts of outsiders to scan corporate systems for ways to penetrate them. Such probes can occur hundreds or even thousand of times a month at a major company. While such information could be useful in theory, the guidelines say, it would swamp the current data systems of clearinghouses like the National Infrastructure Protection Center or the Internet Storm Center, which is operated by the SANS Institute, an international research organization for security experts. Breaches of computer defenses by worms, viruses, hacks and other intrusions that cause damage are another matter. Law enforcement officials need all the help they can get in catching up with such activity, said Bruce A. Townsend, special agent in charge of the Secret Service's financial crimes division. "This is constantly evolving, unlike something like drug trafficking," Mr. Townsend said. Most experts say cybercrimes cost billions of dollars annually. Last year, only 36 percent of those who experienced intrusions reported them to authorities, according to an annual survey by the Computer Security Institute and the San Francisco office of the F.B.I. Mr. Townsend said the major part of the guidelines was not the standardized form for reporting intrusions but the emphasis on planning ahead. Some experts argue though that few companies will do an adequate job in that regard unless forced to by regulatory authorities. "We need metrics of how prepared people are for cyberattacks and provisions like the Securities and Exchange Commission required for Y2K for corporate disclosure," said Harris N. Miller, president of the Information Technology Association of America, a trade group that has participated in organizing information-sharing groups on security matters. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 04:59:49 PST