Combatting Cyber Crime: A Shared Responsibility

WASHINGTON, D.C.—October is National Cyber Security Awareness Month. Unfortunately, we are reminded nearly every week of the growing threat of being constantly connected to the web, with the reporting of high profile companies and organizations being victims of a cyberattack.

Last month, Home Depot reported the credit and debit card information of nearly 56 million people was jeopardized from a malware attack. In addition, a recent report by the Securities and Exchange Commission revealed the accounts of 76 million households and 7 million small businesses were exposed from this summer’s cyberattack on JPMorgan Chase Bank; making this the largest cyber breach recorded.

The threat is not only against large corporations. Rogue hackers are attacking all types of businesses, federal agencies, small businesses, and state and local governments. In 2013, the Internet Crime Complaint Center within the U.S. Department of Justice recorded 262,813 cybersecurity related complaints, resulting in an estimated $781 billion in direct losses. The graph below highlights the amount of reported cyber crimes recorded per year.

IC3 ComplaintsThe methods to steal information vary in scope and sophistication. The most common forms of attacks include hacking, malware, physical error and lost or stolen devices. The expansion of global communications technology and the Internet allows criminals to conduct these attacks from nearly anywhere in the world. Many foreign nations are responsible for direct cyberattacks on the United States in an effort to gain intellectual property and economic information.

The Office of the National Counterintelligence Executive released a report spotlighting the Chinese and Russian governments for their role in stealing tens of billions of dollars in trade secrets, intellectual property and technology from computer systems in the federal and state governments, corporations and academic institutions.

No one target is immune to this threat. Naturally, the Internet is an intertwined chain and all parties play a role in securing and protecting against cyberattacks. From the Internet Service Provider, or ISP, to the state government employee who clicks on a suspicious email, all parties play a role in protecting against cyberattacks.

Cyber Crime MapCalifornia was the number one state reporting cyber related crimes, with more than 12 percent of the national total. Florida at 7.4 percent, Texas with 6.7 percent, New York at 5.3 percent and Pennsylvania at 3.3 percent rounded out the top five states. The full list of states can be found on page 23 of the Internet Crime Complaints Center’s 2013 report.

Will Congress Act on Cybersecurity Legislation?

Many Congressional members understand this threat and have been pushing for comprehensive cybersecurity legislation in the 114th Congress. Even with a limited amount of time left in session, many Congressional leaders are optimistic about the possibility of passing some form of cybersecurity legislation. The most likely bills include the cybersecurity information-sharing bills and the government surveillance bill.

C.A. “Dutch” Ruppersberger, ranking member of the House Intelligence Committee, spoke with some optimism at the 2014 Intelligence and National Security Summit in Maryland in September.

“I do believe there’s a short window to get this done during the lame duck,” he said. “We’re trying everything we can. The problem isn’t here, it’s in the Senate.”

The Senate has passed cybersecurity information-sharing legislation (S. 2588) out of the Intelligence Committee, but it is uncertain if the bill has enough support to pass during the crowded lame duck session.

There also have been efforts to create a federal standard to report and inform the public about cyber breaches, but those efforts have stalled. Forty-seven states have enacted laws that require governments, private organizations and organizations to inform individuals of a certain breach of information.

Where to go for Information and Best Practices

  • General Information on Cybersecurity: The U.S. Department of Homeland Security is the lead federal agency in combating cybersecurity and sharing information with the state and local governments, private sector and other organizations.
  • Reporting a Crime to Federal Agencies: The Federal Bureau of Investigation leads the Internet Crime Complaint Center, where victims can report cyber crimes.
  • Federal Enforcement: The U.S. Department of Justice Crime Center is the lead federal agency for enforcing and prosecuting cyber criminals.
  • State and Local Best Practices: The Multi-State Information Sharing and Analysis Center is comprised of technology directors from state and local governments, with the mission of strengthening state cybersecurity positions by sharing best practices and resources.
  • National Cyber Security Alliance: The alliance of public and private entities aimed to educate and raise awareness around cybersecurity issues. It is a resource for best practices, information-sharing and public-private coordination.

The Department of Homeland Security is hosting a variety of educational events during National Cyber Security Awareness Month to raise awareness. Here is a link to the events. You can help educate your local community on how to best prepare against cyber crimes and keep our nation secure.