WASHINGTON (07/26/2000) - An international panel of computer security officials told a U.S. congressional committee Wednesday that a quicker response to cyber attacks is needed both between countries and between government and private industry.
Law enforcement officials from the Philippines, Israel, Germany and Sweden provided the committee with details on the international scope and challenges of coordinating the sharing of information when a cyber attack occurs.
The witnesses said many of their investigations involve connections to the U.S., and, while their dealings with U.S. law enforcement historically have been good, more needs to be done to speed up response times and define how and when information will be shared.
Representative Stephen Horn, a Republican from California, and the chairman of the U.S. House of Representatives Committee on Government Affairs' Subcommittee on Government Management, said he arranged the hearing because, as the ILOVEYOU worm virus proved, attacks can originate outside the U.S. and affect numerous countries.
The alleged hacker accused in the ILOVEYOU case, which flooded the Internet with massive amounts of e-mail by sending a message to everyone in the address book of the people who opened it, is a Filipino college student. The case embarrassed the Philippines because at that time the country had no law against hacking. However, Elfren Meneses, director of the Filipino National Bureau (NBI) of Investigation's Anti-Fraud and Computer Crimes Division, told the subcommittee the Philippines moved quickly to pass legislation and now has in place an antihacking law.
Meneses also said the cooperation between the NBI and the U.S. Federal Bureau of Investigation (FBI) during the initial investigation of the virus was excellent. But he said NBI agents should be trained at the FBI Academy in Quantico, Virginia, in order to improve cooperation.
The Israeli police representative, Ohad Genis, advocate and chief inspector of the National Unit for Fraud Investigations, complained that the response from other countries in computer crime investigations is too slow.
"When we are obliged to request international assistance, due to the complexity of the legal process we know for sure that we have lost the... momentum and the entire investigation will be put on hold for weeks and sometime for months until we receive the relevant information," he said.
For example, during the recent rounds of Middle East peace negotiations at Camp David, the Israeli police continuously received information that there were Internet sites calling for the assassination of Israel's Prime Minister Ehud Barak. The Israeli authorities had to go through long procedures to try to identify the people responsible for the Net threats.
In order to obtain the names of users who use specific IP (Internet Protocol) address "we still have to wait weeks and months," Genis said. He proposed the establishment of a central organization that could handle all requests for international assistance, thereby reducing response times.
Juergen Maurer, detective chief superintendent of the German Federal Police, said German authorities dealt with the U.S. National Infrastructure Protection Center (NIPC) in only one case, the denial-of-service Web attack that occurred in February.
"The case showed that, even though the cooperation was very good, there is still a need to establish a more efficient and effective way of exchange information," Maurer said.
In June, German officials and the NIPC discussed efforts to improve cooperation, which Maurer said was important given the number of suspected Internet crimes turned up by German investigators that somehow link to the U.S.
Companies who are the victims of cyber intrusions and ISPs (Internet service providers) should keep locked files providing information about the IP addresses used by suspects -- a useful tool for law enforcement, Maurer said.
He also said many companies in Germany who fall prey to cybercrime are hesitant to file a criminal complaint because they feel a loss of prestige. Maurer said it's important to forge cooperative partnerships with the system administrators of the affected companies as a way to obtain the required information.
Particularly in extortion and cases of violent crime, access to the desired data should be possible without having to go through the time-consuming formalities underlying international law, Maurer said.
Other panelists from U.S. law enforcement agencies agreed that everyone involved must respond to cyber events in real time and that there is a need to raise awareness about the nature of the threat to critical infrastructures.
"There's a very real threat that can come from an insider, a lone hacker that's out for a joy ride, from an organized group of hackers, from a terrorist group or, as NSA (U.S. National Security Agency) estimates, from one of over 100 countries that now has the capability of launching an offensive cyber attack," said Jack Brock, director of the government-wide and defense information systems in the U.S. General Accounting Office (GAO).
Among the challenges are establishing trust, particularly with private companies, who don't always trust the government with the information they release and also don't want to give up a competitive advantage, Brock said.
Numerous relationships have to be established and it's not realistic to assume that everyone views the threat in the same way or sees the response in the same way, he added.
Michael Vatis, director of NIPC, said he's made efforts himself to raise awareness, including a classified briefing with the leaders of the electrical power industry. But he said cooperation from companies remains a big challenge.
"Companies are not going to do anything until they see that it's necessary to protect their bottom line," Vatis said.