"Implements and supports both the department’s Computer Crime Initiative, designed to combat electronic penetrations, data thefts, and cyber attacks on critical information systems, and the department’s aggressive battle to protect children from individuals who use computers and the Internet to sexually abuse and exploit them.
"Computer Crimes and Intellectual Property Section (CCIPS):
Investigates and prosecutes fraud offenses involving misuse of computers and the Internet (e.g., Internet fraud, identity theft).
Provides coordination with other departmental components and federal, state, and local law enforcement agencies in investigating and prosecuting Internet fraud.
Provides and coordinates training for federal, state, and local law enforcement agencies on Internet fraud and identity theft.
Participates in multilateral law enforcement meetings on Internet fraud and identity theft, including heading the U.S. delegation to the United Nations Crime Commission Expert Group on Fraud and Identity Theft."
Computer and Telecommunications Coordinator (CTC) Program"In 1995, at the recommendation of the then-Computer Crime Unit (now the Computer Crime and Intellectual Property Section (CCIPS)), the Department of Justice created the Computer and Telecommunication Coordinator (CTC) Program to protect the nation's businesses and citizens from the rising tide of computer crime. The CTC program has now grown to 137 attorneys. Each United States Attorney's Office (USAO) has designated at least one CTC and over thirty-five districts have two or more. In addition, a number of Sections in the Criminal Division and other Divisions of Justice also have designated CTCs." Contact List | CTC Responsibilities
National Internet Crimes Against Children Task Force (ICAC) Program. The Juvenile Justice and Delinquency Prevention Act of 1974 authorized and created an ICAC within DOJ , which is described as: "The Internet Crimes Against Children (ICAC) Task Force Program helps state and local law enforcement agencies develop an effective response to cyber enticement and child pornography cases. This help encompasses forensic and investigative components, training and technical assistance, victim services, and community education. Numerous task forces have been established throughout the nation. " DOJ ICAC Website .
PROTECT Our Children Act of 2008: Section 102 requires the formation of the National Internet Crimes Against Children Task Force (ICAC) Program. The Section 102 ICAC will consist "of state and local task forces (including at least one ICAC Task Force for each state) to address online enticement of children, child exploitation, and child obscenity and pornography." [CRS Summary] Sections 102 - 107 give details of the work of the new program.
"Coordinate the investigation of, and prosecutes, cybercrime matters.
"Computer Hacking and Intellectual Property (CHIP) units: 25 units assigned to select U.S. Attorneys’ Offices throughout the United States. In addition, the remaining 68 U.S. Attorneys’ Offices have at least one full-time equivalent designated to work on CHIP prosecutions. Within their region of jurisdiction, the attorneys
• prosecute high-technology offenses, including computer hacking, virus and worm proliferation, Internet fraud, and other attacks on computer systems;
• coordinate with CCIPS, FBI, and other agencies to establish good working relationships with the high-technology community and encourage victims to report crimes;
• develop and offer regional training programs to increase expertise among federal, state, and local prosecutors; and
• provide legal advice to prosecutors and law enforcement officers in their respective districts on the collection of digital evidence, cybercrimes, and intellectual property laws. Project Safe Childhood Coordinators: Each U.S. Attorneys’ Office has one coordinator trained to prosecute child pornography cases that typically involve the collection and presentation of digital evidence and the use of the Internet."
"Investigates cyber matters and cybercrime as the federal lead agency and as its third strategic priority.
"Computer Intrusion Section: Agents in FBI headquarters and 56 field offices trained to investigate computer intrusion incidents. These agents
• investigate and prevent computer intrusions;
• deploy Cyber Action Teams—highly trained teams of FBI agents, analysts, and computer forensics and malicious code experts—to respond to fast-moving cyber threats; and
• work with the Computer Analysis Response Teams under the Operations Technology Division, Science and Technology Branch, that conduct cyber forensic analysis and evidence gathering in support of cybercrime investigations.
Cyber Crime Section: Agents in FBI headquarters and 56 field offices responsible for computer fraud and child exploitation cases. These agents
• maintain the Innocent Images National Initiatives unit to conduct undercover operations and investigations of child exploitation cases and cybercrime fraud;
• work with public and private entities such as the National Center for Missing and Exploited Children to investigate and share information on child exploitation; and
• coordinate with other federal and local law enforcement to combat cybercrime through the Internet Crime Complaint Center and the Cyber Initiative and Resource Fusion Unit.
Information Sharing and Analysis Section:
• Maintains a national-level responsibility for analyzing and disseminating all FBI cyber threat information.
• Establishes cyber threat collection requirements, in order to deter, detect, and disrupt cyber threats that affect national security and criminal activity.
• Manages the FBI’s InfraGard Program.
The mission of the Cyber Division is to:
coordinate, supervise and facilitate the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited as the principal instruments or targets of terrorist organizations, foreign government sponsored intelligence operations, or criminal activity and for which the use of such systems is essential to that activity;
form and maintain public/private alliances in conjunction with enhanced education and training to maximize counterterrorism, counter-intelligence, and law enforcement cyber response capabilities; and
until such time as a final decision is made regarding the future role and location of the National Infrastructure Protection Center (NIPC), the FBI will direct and coordinate the Center's mission to protect the Nation's critical information infrastructure and other key assets.
"Investigate cyber matters and cybercrime within their region of responsibility.
"Computer Intrusion Program: agents in each of the 56 offices assigned to investigate computer intrusion matters in every state and Puerto Rico. Computer Crime Task Forces: 93 task forces located throughout the country that combine state-of-the-art technology and the resources of federal, state, and local counterparts to combat all types of cybercrimes.
Regional Computer Forensics Laboratories: FBI-funded laboratories that provide forensic laboratory services to a geographic area’s entire law enforcement community. Computer Analysis Response Teams: specialists that gather evidence and perform cyberforensic examinations in support of field-led investigations and gather evidence for the headquarters forensics laboratory.
FBI Federal Intrusion Detection Network (FIDNet) (reported defunct project) See CDT
Infragard.net " A government and private sector alliance. InfraGard was developed by FBI Cleveland in 1996 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. "
"Both the public and private sectors have noted the importance of user
education and consumer awareness relating to emerging cybersecurity
threats. The Federal Trade Commission (FTC) has been a leader in this
area, issuing consumer alerts and releasing several reports on spam as well
as guidance for businesses on how to reduce identity theft. In addition, FTC
has sponsored various events, including a spam forum in the spring of 2003,
a spyware workshop in April 2004, and an e-mail authentication summit in
the fall of 2004. Also notable is its Identity Theft Clearinghouse, an online
resource for taking complaints from consumers." [GAO 05 p 7]
"The FTC’s enforcement authority stems from Section 5 of the FTC Act, which declares unlawful all “unfair or deceptive acts or practices in or affecting commerce.” 15 U.S.C. § 45(a). In order for the FTC to assert that a commercial practice is “unfair,” the consumer injury that results from the practice must be substantial, without corresponding benefits, and one that consumers cannot reasonably avoid.[15 U.S.C. § 45(n) (stating the FTC requirements for the FTC to utilize its unfairness authority)] Similarly, the FTC will bring an action against a company for engaging in a deceptive trade practice if the company makes a representation; that representation is likely to mislead reasonable consumers; and the representation is material. FTC Policy Statement on Deception, appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984) (noting the elements the FTC must establish to find a business practice deceptive under §5 of the FTC Act).] Using its authority, the FTC has brought several enforcement actions against companies for failing to safeguard consumer data through reasonable security measures. See, e.g., Complaint at 1-3, In the Matter of BJ’s Wholesale Club, Inc., (No. C-4148), 2005 WL 2395788 (F.T.C.) (alleging that BJ’s engaged in an unfair practice by failing to take reasonable data security measures); Complaint at 2-5, In the Matter of Twitter, Inc., (No. C-4316), 2011 WL 914034 (F.T.C.), (attacking Twitter’s data security practices as deceptive).] Over the past two decades, the FTC has engaged in numerous enforcement actions that have involved security breaches and other cybersecurity issues with a particular focus around personal privacy and data security issues.20 The FTC’s role in challenging both deceptive and unfair acts or practices in the data security area is vital so that companies’ voluntary efforts to implement specific cybersecurity best practices are backed by a legal obligation to implement reasonable and appropriate security. Public companies must also comply with the Information Integrity provisions of Sarbanes-Oxley that require management to certify internal controls are in place to address a wide range of issues including data security. 15 U.S.C. § 7262" - Cybersecurity, Innovation and the Internet Economy, The Department of Commerce Internet Policy Task Force, p. 12 (June 2011)
Defense Criminal and Counterintelligence Investigative organizations
Leading law enforcement agencies in the DOD for investigating computer crimes.
Department of Defense Criminal Investigative Service (DCIS):
Computer Crime Coordinators (CCCs) and Agents (CCAs) investigating cybercrime and computer intrusions that directly impact DOD.
• Establishes policies and procedures for computer crime investigations and computer forensics.
• Investigates all computer intrusions and attacks involving DOD and DOD-protected computers.
• Maintains six field offices with CCCs to determine the appropriate investigative response for computer crimes and CCAs to investigate and provide computer forensics support.
• Manages a Web site to increase awareness about threats children face from the Internet and to provide a Web portal to report suspicious situations. Air Force Office of Special Investigation (AFOSI): Special agents and support personnel in AFOSI’s Information Operations and Investigations program conduct criminal and counterintelligence investigations in response to cyber crimes and threats directed against the U.S. Air Force and numerous DOD activities.
• Provides forensic analysis of digital evidence and other highly specialized investigative support to criminal, fraud, counterintelligence, and counterespionage cybercrime investigations.
• Conducts local, national, and international computer network intrusion investigations. Army Counterintelligence:
• Investigates reported cybercrimes to determine if counterintelligence efforts are warranted.
Naval Criminal Investigative Service (NCIS): Special agents and computer scientists in NCIS’s Cybercrime Department investigate cyber threats against the U.S. Navy and Marine Corps.
• Conducts national and local computer network intrusion investigations.
• Provides advanced forensic media analysis tools and techniques to support cybercrime investigations.
• Collaborates with the Naval Network Warfare Command and Navy Cyber Defense Operations Command on cybercrime investigation, counter intelligence, and operational defense efforts related to Navy networks.
"Performs computer forensic investigations for the Defense Criminal and Counterintelligence Investigative organizations.
"Defense Computer Forensics Laboratory: An accredited laboratory for digital forensic examinations in DOD.
• Performs digital forensic examinations on digital evidence from counterintelligence, child pornography, and illegal use of government computer investigations.
• Provides services such as digital media restoration.
Defense Computer Investigations Training Program: A program producing digital forensic examiners and cybercrime investigators.
• Trains investigators from the DOD, FBI, Secret Service, and the State Department’s Diplomatic Security Services.
• Introduces trainees to state-of-the-art equipment and technologies.
Defense Cyber Crime Institute: A research and development directorate for cyber forensics.
• Researches and tests digital forensic hardware and software that includes the preview and testing of vendor products.
• Develops and tests digital forensics tools.
• Maintains a knowledge management system for digital forensics tactics.
Joint Task Force—Global Network Operations
"Protects and detects computer crimes affecting the DOD Global Information Grid.
"Global Network Operations: A task force of 375 special agents and analysts from each of the Defense Criminal Investigative and Counterintelligence organizations.
• Directs the operations and defense of the DOD Global Information Grid.
• Continually monitors the grid and notifies its collocated law enforcement and counterintelligence staff of any unusual activity.
Federal Register Notice : Cybersecurity, Innovation and the Internet Economy : The Department of Commerce's Internet Policy Task Force is conducting a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department seeks comments on measures to improve cybersecurity while sustaining innovation. The Department intends to issue a report that will contribute to the Administration's domestic and international policies and activities in advancing both cybersecurity and the Internet economy. (455 KB PDF file)
Posted July 26, 2010 . Comments Due 45 days from Fed Reg posting.
About: "The Computer Security Division (CSD), a component of NIST's Information
Technology Laboratory (ITL), provides standards and technology
to protect information systems against threats to the confidentiality,
integrity, and availability of information and services. During Fiscal Year 2008
(FY2008), CSD successfully responded to numerous challenges and opportunities
in fulfilling its mission. CSD carried out a diverse research agenda
and participated in many national priority initiatives, leading to the development
and implementation of high-quality, cost-effective security and privacy
mechanisms that improved information security across the federal government
and throughout the national and international information security
community." 2008 Annual Report
The Information Security and Privacy Advisory Board (ISPAB) was originally created by the Computer Security Act of 1987 (P.L. 100-235) as the Computer System Security and Privacy Advisory Board. As a result of Public Law 107-347, The E-Government Act of 2002, Title III, The Federal Information Security Management Act of 2002, the Board's name was changed and its mandate was amended.
Identify emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy;
Advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems, including thorough review of proposed standards and guidelines developed by NIST.
Annually report its findings to the Secretary of Commerce, the Director of the Office of Management and Budget, the Director of the National Security Agency and the appropriate committees of the Congress.
The Board's authority does not extend to private sector systems or federal systems which process classified information. Their objectives and duties include:
The membership of the Board consists of twelve members and a Chairperson. TheDirector of NIST approves membership appointments and appoints the Chairperson. The Board meets quarterly throughout the year and all meetings are open to the public.
National Telecommunications and Information Administration
Critical Infrastructure Protection: "The mission of the Critical Infrastructure Protection (CIP) is to assist policy makers, industry, and consumers to become more educated about how to manage risks and protect cyberspace. We must seek solutions to protecting cyberspace that emphasize people, process, technology, innovation, effective law enforcement, a robust public private partnership, and an understanding that we all have a role to play to be aware, accountable and take action for securing our piece of cyberspace."
National Science Foundation
Computer and Information Science & Engineering
Computer and Network Systems Division
CISE Pathways to Revitalized Undergraduate Computing Educatio
Undergraduate Education Division
Federal Cyber Service: Scholarship for Service
(aka Cyber Corps)
" Scholarship For Service (SFS) is a unique program designed to increase and strengthen the cadre of federal information assurance professionals that protect the government's critical information infrastructure. This program provides scholarships that fully fund the typical costs that students pay for books, tuition, and room and board while attending an approved institution of higher learning. Additionally, participants receive stipends of up to $8,000 for undergraduate and $12,000 for graduate students. The scholarships are funded through grants awarded by the National Science Foundation NSF . "
One of the oldest and most active internal federal efforts is the US Dept of Energy Computer Incident Advisory Capability (CIAC) "provides on-call technical assistance and information to U.S. Department of Energy (DOE) sites faced with computer security incidents. This central incident handling capability is one component of all encompassing service provided to the DOE community. The other services CIAC provides are: awareness, training, and education; trend, threat, vulnerability data collection and analysis; and technology watch. CIAC was established in 1989 to serve the DOE Community. CIAC is one of two oldest response teams and is recognized nationally and internationally for its contributions to the Internet community. CIAC is a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide." Who is CIAC One of the more interesting services that CIAC provides is Hoaxbusters, an information source debunking many of the popular myths and legends on the Internet. See Hoaxbusters.
"NSA/CSS provides the Solutions, Products and Services, and conducts Defensive Information Operations, to achieve Information Assurance for information infrastructures critical to U.S. National Security interests." NSA/CSS Infosec Page
"In order to enable our customers to protect and defend cyber systems, the NSA develops, and supports a variety of products and services. We also conduct ongoing research to aid in the development of next generation solutions. Our IA solutions must encompass a wide range of voice, data and video applications, extending across networked, tactical and satellite systems. IA solutions include the technologies, specifications and criteria, products, product configurations, tools, standards, operational doctrine and support activities needed to implement the protect, detect and report, and respond elements of cyber defense.
"The Information Assurance Framework Forum, developed in a collaborative effort by NSA solution architects, customers with requirements, component vendors, and commercial integrators, guides our solution development. It finds the right solution for environments ranging from outerspace to the office or foxhole. Our framework provides top level guidance in addition to the specification of essential security features and assurances for the security products. It brings producers and consumers together before products are built so that products which better meet our customers' needs will be built.
"The internationally recognized Common Criteria (CC) employs standardized terms to describe the security functionality and assurance of consumers' requirements and manufacturers' products. CC-based Protection Profiles specify what consumers need at both the system and the component level to fulfill their mission. CC-based Security Targets describe how specific products meet consumers' requirements.
"These IA solutions take maximum advantage of commercial components, using NSA developed products and services to fill gaps in areas not satisfied by commercial offerings. Commercial-off-the-shelf (COTS) products include security products (e.g. a firewall) or security enabled or enhanced Information Technology (IT) products (e.g. an e-mail application or secure cellular phone). Our solutions include technologies and tools necessary for a layered defense-in-depth strategy and tools for defensive information operations such as intrusion detection, automated data reduction and modeling/simulation tools.
The NSA constantly works with its government and industry partners to facilitate emerging technology, taking the lead in problems not addressed by industry." About the ISSO
One of the best known efforts is the CERT Coordination Center. CERT/CC's scope is Internet security issues. It is a part Carnegie Mellon University's Software Engineering Institute, a federally funded research and development center. It was created after the Morris Worm by the Department of Defense DARPA, which continues to be a major sponsor of the effort. CERT was charged with the task of coordinating communications among experts during emergencies and helping to prevent future situations. CERT's focus is on network vulnerabilities, advising network operators of the problems and how they can be addressed. CERT has become a model effort and its practices have been adopted by 90 similar efforts worldwide. CERT disseminates security information through its website, a hotline, a mailing group, and USENET. It is frequently the authority quoted by the media in coverage of cyber events. CERT disseminates information through multiple channels:
telephone and email
hotline: +1 412 268-7090
mailing list: firstname.lastname@example.org
USENET newsgroup: comp.security.announce
World Wide Web: http://www.cert.org/" SeeAbout the CERT/CC; CERT Homepage;SEI Sponsoring and Oversight Organization; Annual Report 2000.
The Cyber Corps Program is open to students currently completing their junior year of undergraduate school or first-year of graduate school. In addition to a stipend of approximately $1,000 per month, the Program pays for each student's tuition for two years, room and board, and travel to conferences. After one year of training, students complete a summer internship in a federal agency, learning first-hand about computer security issues and putting into practice what they've learned in class. By the end of the second year students earn an undergraduate or graduate degree in computer science in addition to multiple federal-level computer security certificates as endorsed by the Committee on National Security Systems (CNSS).
ITU : Cybersecurity
A fundamental role of ITU, following the World Summit on the Information Society (WSIS) and the 2006 ITU Plenipotentiary Conference is to build confidence and security in the use of information and communication technologies (ICTs).
SG17 Security "
Work on telecommunication security continues to intensify to meet today's challenges for more secure network infrastructure, services and applications. Over seventy standards (ITU-T Recommendations) focusing on security have been published. And recently added emphasis was given to the topic when attendees to a cybersecurity symposium asked ITU-T to accelerate its work in the field.
"NASCIO represents state chief information officers and information resource executives and managers from the 50 states, six U. S. territories, and the District of Columbia. State members are senior officials from any of the three branches of state government who have executive-level and statewide responsibility for information resource management. Representatives from federal, municipal, and international governments and state officials who are involved in information resource management but do not have chief responsibility for that function participate in the organization as associate members. Private-sector firms and non-profit organizations may join as corporate members." About NASCIO
Recognizing the need for collaboration, a Multi-State Information Sharing and Analysis Center (ISAC) was established in January 2003. The MS-ISAC began with the Northeast states, and quickly expanded. Currently, there are 49 states and the District of Columbia participating. The goal is to have this MS-ISAC include all fifty states, which would provide a valuable centrally-coordinated mechanism for sharing important security intelligence and information between the States. The MS-ISAC can serve as a critical point of contact between the States and the Federal government. A primary goal of the MS-ISAC is to eliminate duplicative efforts. The MS-ISAC member states meet monthly by teleconference to discuss issues and share information relating to each state’s cyber security readiness and resilience. The MS-ISAC has moved quickly since its inception and has been recognized by the Department of Homeland Security for its proactive role in bringing the states together. The Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) and the MS-ISAC are working together on a number of programs, including the National Webcast Initiative, to help enhance our Nation's cyber security readiness and response.