Cybersecurity officers and cyber-crime investigators might have different goals, but that shouldn’t stop them from cooperating with one another, a high-powered panel of law enforcers told an audience at the 2016 RSA conference in San Francisco.
“We’re talking with the computer-security research community to understand their concerns better,” said John Lynch, Chief of the Computer Crime and Intellectual Property Section at the U.S. Department of Justice “In our prosecution and electronic evidence work, we’re not trying to stifle legitimate security research.”
Lynch and his co-presenters extolled the benefits of building trust and understanding between law enforcement and security officers, to facilitate greater information sharing.
“People think about law enforcement as going out and putting handcuffs on people and arresting them,” said William Noonan Deputy Special Agent In Charge, CID, U.S. Secret Service. “But a lot of what we do is about building relationships before the crime. Prevention and information sharing have been big topics of discussion for us in the last couple of years.”
Keith Mularski, Supervisory Special Agent at the FBI concurred.
“Our investigations over the past five years, would never have been able to be done without private collaboration,” he said “We want to get those guys in jail and make them pay, but we can also think about what we can do to prevent those schemes. We really have to work together with industry to look at vulnerabilities we can address.”
The panelists described some of the strides they’re making in finding ways to share threat information without compromising the privacy of affected companies. Noonan, for instance, talked about how the Secret Service shared information about a malware attack at a small company in upstate New York, without identifying the company itself.
As a result other companies, including UPS, could react more quickly and effectively when they experienced similar attacks.
Information sharing can also go beyond technological insights.
“When we debrief people, we’re finding out more about their motivations,” Noonan said. “Data breaches are important – perpetrators will take the easy, low-hanging fruit with the information they’re getting. But the reason for a denial of service attack or an intrusion is often also to lower the stocks so the perpetrators can short them.”
Understanding the goals of would-be criminals can help companies react in ways that minimize potential damage, he said.
Mularski described some of the institutions that have been set up specifically to facilitate better sharing between companies and law enforcement.
“In Pittsburg, we have in the National Cyber-Forensics and Training Alliance,” he said. “It’s a neutral setting that allows industry, academia and law enforcement to tackle the problems together. I know there are many other groups other like that.”
Alliances like these indicate that law enforcement and the cybersecurity community are making progress toward finding common ground.