|
Earlier this year, Iron Mountain shared a podium with Special Agent (SA) Michael McKeown at a CIO Forum. Here is some valuable information about how the FBI can help companies protect their data that we gleaned from him at that time.
Iron Mountain: There is rising incidence of worms and viruses, employee sabotage and other cyber crimes, and physical threats from terrorists. What can companies do to be more prepared for these potential disasters and to ensure recovery?
Special Agent McKeown: Companies can join InfraGard. This is an FBI-private sector partnership created specifically to deal with the threats that you mentioned.
“InfraGard” is short for infrastructure guardian. Its purpose is to protect critical information systems as well as the US infrastructure for the water supply, gas and oil, electrical energy, transportation, telecommunications, banking and finance, and government operations.
Because most of this infrastructure is in private hands, the FBI needs to be directly connected to business leaders to know what is happening in the “real world.” At the same time, to ensure the relationship works both ways, we can give back some value-added information and help to companies because of the rising incidence of cyber crime and other threats to their data and business.
As a result, InfraGard was started in 1996 to strengthen the relationship between the business community and the FBI. After 9/ll, we received equal funding for terrorism, counterintelligence, and cyber crime because these areas were seen as equivalent threats to national and business security. InfraGard benefits from this new funding.
Iron Mountain: How can companies participate in InfraGard, and how much does it cost?
Special Agent McKeown: It's easy to participate at the local level. Any company can join, and there's no cost to belong. There are InfraGard chapters in every city with an FBI Field Office, which assigns a Special Agent to its organization.
Iron Mountain: What are the benefits of membership for businesses?
Special Agent McKeown: Each InfraGard chapter:
- Provides a forum for its members to communicate with each other and the FBI.
- Promptly disseminates threat information and warnings relevant to the region.
- Helps to protect computer systems.
- Offers education and training on infrastructure vulnerabilities…and, as a result,
- Provides a local community that shares information.
Iron Mountain: Can you provide some specifics about InfraGard's programs and interactions to illustrate?
Special Agent McKeown: Each InfraGard chapter holds regulars meetings to discuss threats and other issues that affect member companies. There are often speakers from public and private agencies and law enforcement groups.
The FBI Field Office in a region also sends out emails to members specific to that office's city and state. These report current events the FBI is watching and evaluate regional terrorist, cyber, and criminal threats.
Each region has its own secure Web site with VPN access to provide information to members on recent cyber intrusions, research related to protecting critical infrastructure, and the capability to communicate securely with other members.
Iron Mountain: What about members communicating with the FBI office?
Special Agent McKeown: Members are encouraged to call the FBI if they see anything strange or suspicious in their network or company - let alone experience a cyber crime like employee sabotage.
The FBI will take the information for the protection of others and the country. However, if a company does not want to prosecute a cyber crime for business reasons, the FBI won't. We are sensitive to the needs of business.
Iron Mountain: If you could give only one reason to companies why they should join InfraGard, what would it be?
Special Agent McKeown: A 2002 FBI-Computer Security Institute survey showed that 64 percent of the 502 organizations surveyed faced some kind of “insider” attack on their systems. It can happen to you.
Let me give you an example of how the FBI can help. A large national retailer that is an InfraGard member experienced a series of cyber intrusions into its network that attempted to deny computer services to its stores in the U.S. and Canada during the Christmas season. The company called the FBI. It suspected a former Data Communications Manager, whom it had fired in October.
The FBI got a federal search warrant for the man's computer and interviewed him. He confessed to hacking into the store routers through the main headquarter routers using former contractor accounts he knew from when he worked for the company.
He had also posted two Yahoo message board notes on how to hack into his former employer's system, including internal IP address routing. (A message board reader informed the company.) The company contacted Yahoo, which immediately removed the messages. However, the FBI could have also gotten a cease-and-desist order to remove the messages - had the company and Yahoo not acted themselves.
Through fast action, the company and the FBI were able to quickly nail the hacker and limit the economic impact on the stores. The hacker was sentenced to 18 months in federal prison for password trafficking and computer damage in connection to his plot to give others access to the company's computer network.
Iron Mountain: What advice do you have for companies to help them help the FBI and to avoid destructive cyber intrusions?
Special Agent McKeown: Make sure that you have a complete, up-to-date copy of your data - including passwords - in a place where employees can't get at every single copy. That means you need to store a copy of your data off-line and out-of-reach of employees.
If you want to prosecute a cyber crime, the FBI often needs a clean copy of your data before the time of the cyber attack as sample evidence. Of course, whether you want to prosecute or not, you will need a clean copy of your data to ensure recovery is possible.
By joining InfraGard, you'll get more advice on protecting your systems - and help us to monitor the critical US infrastructure. Just call your local FBI Field Office or visit www.infragard.net for more information.
|
with the lock icon requires a
one-time registration for use.
