CIO Magazine, FBI, and Secret Service Announce New Cyberthreat Reporting Guidelines for Businesses
| Washington, D.C. February 12, 2002 |
Guidelines Mark First Standards Authorized by U.S. Federal Law Enforcement
Framingham, MA-February 12, 2002-Today, the first set of national Cyberthreat Response and Reporting Guidelines jointly sanctioned by the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) was unveiled to the nation’s CIOs (chief information officers). Four months ago, CIO magazine requested the FBI and USSS help create and standardize a process for businesses to report cybercrime and security breaches to law enforcement authorities.
The CIO Cyberthreat Response & Reporting Guidelines provide step-by-step information on how businesses should plan and respond to attacks on their information systems, including worms, viruses, hacks and other breaches. The guidelines advise CIOs and business leaders to establish a relationship with law enforcement today, before their next attack happens. The document also provides suggested points of contact, as well as an easy-to-follow report form detailing the initial information law enforcement needs to investigate.
Abbie Lundberg, Editor in Chief of CIO magazine says, “The new CIO Cyberthreat Response & Reporting Guidelines provide guidance and resources and, most important, make it easier for CIOs to report to law enforcement.”
According to Ronald L. Dick, National Infrastructure Protection Center & Deputy Assistant Director, Counterterrorism Division, FBI, “The US government is aware of the cyberthreats businesses face. The guidelines are just one method we can deploy to help businesses protect themselves. The FBI, together with the National Infrastructure Protection Center (NIPC), is fully committed to stopping the spread of cybercrime.”
The FBI and USSS share federal jurisdiction for investigating and prosecuting cybercrime across state lines. Law enforcement’s ability to identify coordinated efforts by cybercriminals is directly tied to the amount of reporting that takes place. Historically, reported cyberattacks are those of great magnitude such as the Code Red virus.
“The Secret Service continues to believe that prevention coupled with aggressive proactive investigations provide the best outcome when attacking cybercrime. This cannot be accomplished without the partnerships that have been established with industry, other law enforcement agencies and, in this case, the media. In fact, with today’s technology and the sophisticated nature of electronic crime, law enforcement will lose the battle and the war without sharing information and resources,” says Bruce Townsend, Special Agent in Charge, Financial Crimes Division, Secret Service.
Townsend adds, “In October, the Secret Service received authorization to set up Electronic Crimes Task Forces around the country. These now published reporting guidelines will allow industry professionals to take full advantage of these task forces and the collective expertise of federal, state and local law enforcement that these task forces create.”
Dick (FBI) adds, “The NIPC and FBI are also working closely with businesses through the InfraGard program. More than 3,000 companies have joined the 65 chapters that are spread throughout the United States, and are working with the NIPC and each other to share information on cyber threats and vulnerabilities. Membership is free to any company that wants to join.”
The need for cyber reporting guidelines came to the forefront at a CIO magazine conference in October 2001. Lundberg (CIO) explains, “A United States Attorney addressed CIOs on law enforcement post 9/11 and the need for businesses to report cybercrime to officials. A member of the audience said his company was suffering thousands of attacks a month and asked which attacks to report and where to send the information.”
Methodology:
Following the CIO Conference in October 2001, CIO magazine editor in chief Abbie Lundberg identified the need for creating cybercrime-reporting standards. The government and public relations arm of CXO Media Inc. (publisher of CIO magazine) initiated discussions with the FBI and USSS on creating such guidelines for reporting cyberthreats and attacks. A select team of industry advisors and law enforcement officials was brought together to develop project goals, logistics, resources and a reporting template for businesses to follow. A larger team of experts reviewed and tested the guidelines before they were turned over to the FBI and USSS for review, validation and authorization. A complete copy of the CIO Cyberthreat Response & Reporting Guidelines is available at www.cio.com/security/response.
About CIO Magazine:
CIO magazine (launched in 1987) is published by CXO Media Inc. CXO Media serves CIOs, CEOs, CFOs, COOs and other corporate officers who use technology to thrive and prosper in this new era of business. The company strives to enhance partnerships between C-level executives, as well as create opportunities for information technology (IT) and consumer marketers to reach them. In addition to publishing CIO, CXO Media produces www.cio.com, The CIO Insider, Darwin magazine and www.darwinmagazine.com, as well as CIO and Darwin Executive Programs, a series of conferences that provide educational and networking opportunities for corporate and government leaders.
CXO Media Inc. is a subsidiary of IDG, the world’s leading technology media, research and event company. IDG publishes more than 300 magazines and newspapers and offers online users the largest network of technology-specific sites around the world through IDG.net (www.idg.net), which comprises more than 300 targeted Web sites in 70 countries. IDG is also a leading producer of 168 computer-related expositions worldwide, and provides IT market analysis through 51 offices in 43 countries worldwide. Company information is available at www.idg.com.