Feds tells companies: Report those intrusions

Computerworld - NEW YORK -- Corporate executives are often reluctant to report network intrusions for fear of having those security breaches made public and drag down stock prices. But state and federal law enforcement officials who spoke on an information security panel here yesterday said such reports can sometimes provide an important missing link in larger cybersecurity investigations.
"It may be a critical piece of information you're submitting to us -- you never know where that fits into the pie," said Ron Layton, section chief of the cyber coordination branch for the U.S. Department of Homeland Security in Ballston, Va. Layton was one of several law enforcement officials who spoke at the final stop of a four-city information security conference sponsored by Kings Park, N.Y.-based AIT Global Inc. and InfoWorld Media Group, a sister company to Computerworld.
Simply put, if corporate managers fail to report network breaches, state and federal authorities have a much tougher time catching hackers and other cyberpunks.
"If we're not getting the [reports], we're not getting a good gauge of what's happening out there," said Mike Levin, assistant to the special agent in charge for the U.S. Secret Service Electronic Crimes Task Forces in Washington.
Levin conceded that the Secret Service can't respond to every security report filed. "But if someone has penetrated your network, or certainly if there is a financial loss, then you should call us."
Network intrusion reports don't necessarily have to fall within the statutory $5,000 minimum loss for federal authorities to investigate them, said Kent McCarthy, a special agent for the U.S. Secret Service in New York. He pointed to one recent network intrusion investigation at a multibillion-dollar company in New York where there was no dollar loss. The investigation traced the intrusion to a former employee who is now in jail, and the Secret Service worked with the company to try to prevent future IT security breaches.
McCarthy said the Secret Service does its best to protect the anonymity of corporations that report network intrusions. "We're not looking for a press release," he said.
Levin said that the older the crime is, the less interested the media tends to be about reporting on it "because it's not fresh anymore."
Besides, it can backfire on law enforcement agencies to make such disclosures. Said Layton, "If we imprudently disclose [an organization's identity], we've closed that conduit to a trusted source."