FBI, companies join forces to guard against cyberattacks
- By Heather Harreld
- Dec 14, 1997
In what may be the first example of organized private-sector cooperation with federal law enforcement officials to fight computer break-ins the FBI will launch a new computer threat-analysis program with some 50 organizations in Cleveland.
The FBI's Cleveland field office is working out the final software kinks for a pilot program called InfraGuard which is an initiative that allows private-sector companies and other organizations to electronically report computer attacks to their systems said Van Harp the special agent in charge of the FBI's Cleveland field office. A Defense Department official said the FBI's 55 other field offices soon will be trying to set up similar programs in cities throughout the United States.
Local financial institutions telecommunications companies utility concerns health care providers academic institutions and various private companies will send encrypted e-mail messages detailing computer attacks or attempted attacks to officials at the FBI field office. Bureau officials will remove any identifying information about the entity that was the target of the intrusion and then issue to InfraGuard participants alerts that detail the attack Harp said.
The FBI will not monitor private-sector systems it will only use the information provided to create profiles of attacks and potential attackers. Although Harp declined to name the participating organizations FCW has learned that they include the Cleveland Clinic NASA's Lewis Research Center and Cleveland State University. While most companies - especially financial institutions and publicly owned companies - traditionally have been loathe to reveal any information about attacks on their systems companies are slowly learning that publicity from computer break-ins is not as damaging to the corporate bottom line as simply writing off the losses from cyberattacks Harp said. Most public companies that have sought law enforcement help for security breaches have not seen a significant stock drop he said. In addition the FBI has guaranteed the participants that no proprietary information offered as part of the program would be publicly released he said.
"We sat down with these people and explained to them what our approach was why we wanted the information why it was in their best interest to give us the information " Harp said. "It has not been as big an obstacle as people think."
The information warfare threat has focused increased government attention on opening the lines of communication between the government and the private-sector owners and operators of the nation's critical infrastructure such as electric utilities telecommunications companies and financial institutions. Last month the President's Commission on Critical Information Protection (PCCIP) released to the Clinton administration a set of recommendations that called for information sharing and cooperation among various critical infrastructure sectors and the federal government. Jim Christy DOD's representative to the President's Infrastructure Protection Task Force said InfraGuard is the exact type of partnership that is needed for the federal government to tackle the monumental task of protecting the private-sector infrastructure.
With regard to the "private-/public-sector working relationship...the trust that is developed between them is important " Christy said. "It's exactly what [PCCIP] was recommending. If the government doesn't know about [computer attacks on critical infrastructure systems] they're not going to have the resources...to address the problem."