Increase in cyberthreats spurs feds, industry

ORLANDO, Fla. -- A reinforced cadre of federal cybercrime prosecutors and technicians at the third annual GFirst conference marshaled new deterrents and defenses against the rising level of cyberattacks, as industry executives forecast increases in the market for security products.More than 550 people from about 70 organizations attended the conference, including dozens from the Justice Department’s Computer Hacking and Intellectual Property Coordinators’ Conference. The CHIPS attendees convened several closed meetings to discuss investigative and legal strategies against cybercrime.CHIPS has grown from five prosecutors in 1991 to more than 240 DOJ attorneys, including two prosecutors in each regional office and a headquarters team in Washington, officials said. CHIPS members provide technical and legal support to other prosecutors and Justice officials.Greg Garcia, the Homeland Security Department’s assistant secretary for cybersecurity and communications, said his organization had received more than 21,000 reports of cyber incidents through May during this fiscal year, in contrast to about 24,000 during all of 2006.“Phishing attacks accounted for about 72 percent of complaints in the most recent quarter,” Garcia said in his opening remarks.He highlighted the importance of the sector-specific infrastructure protection plans that DHS released in May. Adding operational content to those plans is a major department goal for the rest of this year and beyond, he added. DHS worked with infrastructure-sector teams known as Information Sharing and Analysis Councils (ISACs) to frame the plans.Speaking during a subsequent panel alongside leaders of the Information Technology and Communications ISACs, Garcia said he and his industry peers would work during the coming months to combine operational functions of the two industry groups.“Increasingly we are finding that IT and communications are one and the same,” Garcia said.“We are working with the IT ISAC [and its communications counterpart] to co-locate them under one roof to increase the level of integration and situational awareness,” Garcia said. “This is a longer-term objective of mine and one we are getting started on right now.”The IT ISAC recently convened the first meeting of a horizontal national computer infrastructure working group that attracted participation from representatives of several other infrastructure sectors, said Guy Copeland, president of the IT ISAC.That working group’s initial meeting last month drew more than 40 attendees, and more are expected to attend future meetings, Copeland said. He also works as vice president for Information Infrastructure Advisory Programs at Computer Sciences Corp. “The first step [for the horizontal IT ISAC working group] will be to look for commonly shared IT issues” across the various infrastructure sectors,” Copeland said.IT security industry executives at the concurrent security product exposition agreed that the market for their products is booming. “With security products, you expect attention from early adopters such as the federal government and the financial industry,” said Joshua Shaul, director of systems engineering at Application Security, a software vendor. “Now, there is increased attention from the manufacturing, retail and other sectors.”Other vendor executives cited increased security threats from factors such as botnets as drivers of market growth in the government and private sectors.In a separate, private interview, Garcia cited the role of botnets during recent cyberattacks on Estonian government and commercial sites. He noted that although Estonian government officials charged that the attacks were orchestrated by the Kremlin, the North Atlantic Treaty Organization had not characterized them as an act of war.In botnet incidents, Garcia said, “attribution is really difficult. Before you declare war you have to know who the enemy is.“That is what makes the botnet challenge so vexing,” Garcia continued. “It is very difficult to trace back to the botnet herder. We have working group within the National Cyber Response Coordination Group working to understand botnets better, to deal with them and stop them.”Garcia said his office had assigned a technical support official to work in Estonia for several days to assist technicians in that NATO member country.Additional sessions at the conference focused on detailed legal and technical approaches to analyzing and prosecuting cyber crimes, among other topics.GFirst is an acronym for Government Forum of Incident Response and Security Teams.