Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
CHICAGO (ZDNet) [8.10.98] - The back-alley talk was gloomy here at the
13th Annual International Symposium on Criminal Justice Issues.
The upshot: It's going to take a major high-tech disaster to shake up
corporate and government officials enough to work together in fighting
high-tech crime.
Back-alley discussions form an expected part of any conference with
representatives from the major three-letter government groups, and the
Symposium, which ended Friday, didn't disappoint. Hosted by the University
of Illinois at Chicago, it featured meetings between officials from the
FBI, CIA, DOD and NSA with law-enforcement and industry-security
representatives. The main topic: Issues in investigating high-tech crime,
preventing cyber-terrorism and protecting against information warfare.
While the public seminars offered hope to cops playing catch-up in
technology and to prosecutors with loads of cases that they, frequently,
are not sure how to prosecute, the back-alley talk came to a different
conclusion.
Follow the money
A major problem is corporate reluctance to report computer problems,
leaving others open to the same problems.
One DOD official pointed a finger directly at banks, and their secrecy.
"You cannot convince me that there is not a conspiracy in the financial
community not to report (computer security problems)," said Jim Christy,
assistance secretary of defense for Command, Control, Communications and
Intelligence (ASDC3I).
Christy cited a survey of Fortune 1000 companies that found that 94
percent of surveyed firms did not have the in-house expertise to respond
to a critical computer emergency. Of the firms that answered the survey,
58 percent, or 411, detected computer security incidents, but only four of
the incidents were reported.
According to Christy, not one financial company revealed whether it had
had a security problem in the last 12 months -- they just X-ed out the
question. Despite the fact that reporting security break-ins is mandatory
for banks with federal insurance, few actually want to make their problems
public. Such a visible airing of their security holes could cause
customers to lose confidence and abandon ship.
"It's a risk for them," said Doris Gardner, a representative of the FBI's
just-established National Infrastructure Protection Center. "Should they
admit they have been hacked or hush up the problem?"
Whose bailiwick?
To make matters worse, law enforcement officials seem poised to fight over
who has jurisdiction in cyberspace.
Because the Internet crosses state boundaries, the FBI has been quick --
after an initial slow start -- to assert its jurisdiction over
cyber-crimes. But now state and local police look like they're ready to
take issue with the FBI.
"If someone in [the neighborhood] has a computer problem, their first
notion is to go the local police -- that's me," said a Chicago police
officer at the conference, who asked not to be named. "They don't want to
deal with the FBI."
Another problem: Despite the fact that only about one in 20 cases of
computer break-ins are reported, the FBI is quickly becoming swamped.
According to the NICP's Gardner, the new FBI organization has more than
500 cases of computer crime pending, up 130 percent from 1996. If more
cases of break-ins are detected and reported, the FBI might have too much
to handle at once.
Not just the U.S.
This spells serious trouble for the United States. Because the United
States depends on the Internet and computer more than any other country,
it's the country most at risk.
Yet, other nations -- including Israel, Canada, France, and Germany -- had
representative looking to learn from the States' problems.
The problems have even reached the hinterlands of the Internet. Five
officers from the Botswana police department had made the trek to Chicago
for the conference.
"We have had many problems with banks and computer crime," said Officer
Tabathu Mulale.
At least in Botswana, their banks know they have problems.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Thu Aug 13 09:28:42 1998