Establishing Digital Trust: Don't Sacrifice Security for Convenience
That was the key message organizers of Tuesday's second quarterly meeting of the New England Electronic Crimes Task Force (NET) were trying to drive home to attendees.
NET is one of eight regional task forces established by the U.S. Secret Service (USSS) as a result of the USA Patriot Act, signed by President Bush on Oct. 26, 2001. Like its counterparts around the country, NET is modeled on the New York Electronic Crimes Task Force (NYECTF), established in 1995.
The NYECTF is a coalition of 45 federal, state and local law enforcement agencies, 100 private companies and six universities that cooperate with one another to raise awareness about the problem of computer crime and to find -- and prosecute -- perpetrators. In that effort, it is apparently succeeding. Since its inception, the task force has charged more than 800 people with electronic crimes valued at more than $500 million.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i The challenge now is to recreate that success in the eight other regional task forces, located in Boston, Charlotte, N.C., Chicago, Las Vegas, Los Angeles, Miami, San Francisco and Washington, D.C. Tuesday's meeting at Babson College in Wellesley, Mass. indicated some progress in the New England region.
About 200 attendees were on hand to hear a mix of law enforcement, private sector and academic security professionals exhort them to cooperate with one another in raising awareness of cyber crime.
John O'Hara, special agent in charge with the USSS Boston and New England offices, said the goal was to establish mutually beneficial partnerships and a level of trust, such that the private sector and law enforcement can share information with one another about cyber crime. With that kind of cooperation, "we can get things done," he said.
Participants in a panel discussion at the event agreed that, since Sept. 11, there is more communication between federal, state and local government, and more outreach efforts on the part of the private sector to educate all companies in their supply chains about the importance of proper security.
David Martineau, deputy director of operations for the Massachusetts Emergency Management Agency (MEMA), said his organization learned the value of cooperation following a major blizzard in 1978 that crippled the state for a week. Now, 55 state agencies send a liaison to monthly meetings at MEMA, along with 18 federal agencies, several utilities and volunteer organizations.
In the event of an emergency, these groups can work with one another to make things happen, such as to get health care professionals through a state police barricade.
"The time to work with folks is not when something happens," he said, but well before. That's the kind of cooperation NET is trying to forge to bring resources to bear on the security problem.
Bruce Bonsall, chief information security officer and second vice president at MassMutual Financial Group in Springfield, Mass., said his company shares information about security issues with a number of organizations, including the FBI's InfraGard program and even competitors.
There is also a heavy emphasis on educating employees about security, starting with orientation and with constant awareness programs. The company also seeks to educate its customers about proper security, such as for PCs attached to cable modems.
Asked what security issue most scares the panelists, Bonsall said, "I worry about complacency, that even after September 11 people aren't taking this seriously enough." He noted that 1,000 home PCs attached to cable modems marshaled in a coordinated attack against the financial services sector could be crippling.
Martineau said his concern was the need to communicate potentially sensitive information down to the local level, where people can act on it. He struggled, however, to articulate how such information can be "sanitized" such that it is useful on the local level without compromising security or creating an overreaction.
Other speakers provided case studies to demonstrate how effective law enforcement can be with the benefit of private sector cooperation. Peter Manning, a special agent in the USSS Boston field office, told of one case of internal employee theft that amounted to more than $250,000.
The culprit turned out to be a company manager who was privy to information that she used to open credit cards in other employees' names as well as charge items to company credit cards. She used company funds to make 25 personal car payments in a single month, wired company money to herself via Western Union, booked at least one cruise for her family and purchased several airline tickets, Manning said.
The company called in the USSS, which got the appropriate subpoenas and staged a sting operation to eventually catch the employee. Manning and other speakers stressed that conducting background checks on employees and establishing varying levels of authority for employees can help prevent such activity.
For information on the USSS Electronic Crimes Task Force in your region, go to www.ectaskforce.org.