Cybertelecom Federal Internet Law & Policy An Educational Project

CyberSecurity: Federal Agencies

| DHS |

Department of Justice

Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)

"Implements and supports both the department’s Computer Crime Initiative, designed to combat electronic penetrations, data thefts, and cyber attacks on critical information systems, and the department’s aggressive battle to protect children from individuals who use computers and the Internet to sexually abuse and exploit them.

• "Computer Crimes and Intellectual Property Section (CCIPS):
  • Investigates and prosecutes computer crime and intellectual property offenses.
  • Works with other government agencies, the private sector, academic institutions, and foreign counterparts to prevent, investigate, and prosecute computer crimes.
  • Provides training to federal, state, and local law enforcement agents; prosecutors; and other government officials on a number of cybercrime-related topics.
  • Performs public outreach to improve communications and trust between the public and private sectors.
  • Coordinates closely with the Department of State on international cybercrime initiatives, such as the G-8 High-Tech Crime Subgroup, and negotiation of the Council of Europe’s Convention on Cybercrime.
  • Develops policy and legislation aimed at enhancing the government’s ability to combat cybercrime.
• "Child Exploitation and Obscenity Section (CEOS):
  • Leads and coordinates federal law enforcement agencies in effective strategies and policies to combat online child sexual exploitation.
  • Investigates and prosecutes complex and significant online child sexual exploitation cases.
  • Provides training, policy, and legislative support for prosecution efforts with U.S. Attorneys and law enforcement partners.
  • Works with nongovernment organizations such as the National Center for Missing and Exploited Children and with foreign partners to combat online child sexual exploitation.
• "Fraud Section:
  • Investigates and prosecutes fraud offenses involving misuse of computers and the Internet (e.g., Internet fraud, identity theft).
  • Provides coordination with other departmental components and federal, state, and local law enforcement agencies in investigating and prosecuting Internet fraud.
  • Provides and coordinates training for federal, state, and local law enforcement agencies on Internet fraud and identity theft.
  • Participates in multilateral law enforcement meetings on Internet fraud and identity theft, including heading the U.S. delegation to the United Nations Crime Commission Expert Group on Fraud and Identity Theft."
• Computer and Telecommunications Coordinator (CTC) Program"In 1995, at the recommendation of the then-Computer Crime Unit (now the Computer Crime and Intellectual Property Section (CCIPS)), the Department of Justice created the Computer and Telecommunication Coordinator (CTC) Program to protect the nation's businesses and citizens from the rising tide of computer crime. The CTC program has now grown to 137 attorneys. Each United States Attorney's Office (USAO) has designated at least one CTC and over thirty-five districts have two or more. In addition, a number of Sections in the Criminal Division and other Divisions of Justice also have designated CTCs." Contact List | CTC Responsibilities 

US Attorney's Office

• Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
  • "Coordinate the investigation of, and prosecutes, cybercrime matters.
  • "Computer Hacking and Intellectual Property (CHIP) units: 25 units assigned to select U.S. Attorneys’ Offices throughout the United States. In addition, the remaining 68 U.S. Attorneys’ Offices have at least one full-time equivalent designated to work on CHIP prosecutions. Within their region of jurisdiction, the attorneys
    • prosecute high-technology offenses, including computer hacking, virus and worm proliferation, Internet fraud, and other attacks on computer systems;
    • coordinate with CCIPS, FBI, and other agencies to establish good working relationships with the high-technology community and encourage victims to report crimes;
    • develop and offer regional training programs to increase expertise among federal, state, and local prosecutors; and
    • provide legal advice to prosecutors and law enforcement officers in their respective districts on the collection of digital evidence, cybercrimes, and intellectual property laws.
    Project Safe Childhood Coordinators: Each U.S. Attorneys’ Office has one coordinator trained to prosecute child pornography cases that typically involve the collection and presentation of digital evidence and the use of the Internet."
• Computer Hacking and Intellectual Property (CHIP) Units Fact Sheet | Ashcroft's Speech | Press Release of CHIP Unit established in SDNY on Sept 5, 2001 | CHIPs Unit Established in the Eastern District of California United States Attorney Office (March 5, 2002) | CHIPs Unit Established in the Eastern District of Virginia United States Attorney Office (January 14, 2002) | CHIPs Unit Established in the Eastern District of New York (August 21, 2001) | CHIPs Unit Established in Central District of California United States Attorney Office (September 6, 2001) |

FBI

• Cyber Division.
  • Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
    • "Investigates cyber matters and cybercrime as the federal lead agency and as its third strategic priority.
    • "Computer Intrusion Section: Agents in FBI headquarters and 56 field offices trained to investigate computer intrusion incidents. These agents
      • investigate and prevent computer intrusions;
      • deploy Cyber Action Teams—highly trained teams of FBI agents, analysts, and computer forensics and malicious code experts—to respond to fast-moving cyber threats; and
      • work with the Computer Analysis Response Teams under the Operations Technology Division, Science and Technology Branch, that conduct cyber forensic analysis and evidence gathering in support of cybercrime investigations.
    • Cyber Crime Section: Agents in FBI headquarters and 56 field offices responsible for computer fraud and child exploitation cases. These agents
      • maintain the Innocent Images National Initiatives unit to conduct undercover operations and investigations of child exploitation cases and cybercrime fraud;
      • work with public and private entities such as the National Center for Missing and Exploited Children to investigate and share information on child exploitation; and
      • coordinate with other federal and local law enforcement to combat cybercrime through the Internet Crime Complaint Center and the Cyber Initiative and Resource Fusion Unit.
    • Information Sharing and Analysis Section:
      • Maintains a national-level responsibility for analyzing and disseminating all FBI cyber threat information.
      • Establishes cyber threat collection requirements, in order to deter, detect, and disrupt cyber threats that affect national security and criminal activity.
      • Manages the FBI’s InfraGard Program.
  • The mission of the Cyber Division is to:
    • coordinate, supervise and facilitate the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited as the principal instruments or targets of terrorist organizations, foreign government sponsored intelligence operations, or criminal activity and for which the use of such systems is essential to that activity;
    • form and maintain public/private alliances in conjunction with enhanced education and training to maximize counterterrorism, counter-intelligence, and law enforcement cyber response capabilities; and
    • until such time as a final decision is made regarding the future role and location of the National Infrastructure Protection Center (NIPC), the FBI will direct and coordinate the Center's mission to protect the Nation's critical information infrastructure and other key assets.
• FBI Field Offices

  Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)

  • "Investigate cyber matters and cybercrime within their region of responsibility.
  • "Computer Intrusion Program: agents in each of the 56 offices assigned to investigate computer intrusion matters in every state and Puerto Rico.
    Computer Crime Task Forces: 93 task forces located throughout the country that combine state-of-the-art technology and the resources of federal, state, and local counterparts to combat all types of cybercrimes.
    Regional Computer Forensics Laboratories: FBI-funded laboratories that provide forensic laboratory services to a geographic area’s entire law enforcement community.
    Computer Analysis Response Teams: specialists that gather evidence and perform cyberforensic examinations in support of field-led investigations and gather evidence for the headquarters forensics laboratory.
  • FBI Local Field Offices
• National Cyber Forensics and Training Alliance (seeking to "find better ways to migitate, respond to, and prosecute computer crimes")
• Chicago Computer Crime Squad
• FBI Federal Intrusion Detection Network (FIDNet) (reported defunct project) See CDT
• Infragard.net " A government and private sector alliance. InfraGard was developed by FBI Cleveland in 1996 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. "
• Seattle Computer Crime Office
• N'Orleans Computer Crime Division

DOD

• Defense Criminal and Counterintelligence Investigative organizations

  • Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
    • Leading law enforcement agencies in the DOD for investigating computer crimes.
    • Department of Defense Criminal Investigative Service (DCIS):
      Computer Crime Coordinators (CCCs) and Agents (CCAs) investigating cybercrime and computer intrusions that directly impact DOD.
      • Establishes policies and procedures for computer crime investigations and computer forensics.
      • Investigates all computer intrusions and attacks involving DOD and DOD-protected computers.
      • Maintains six field offices with CCCs to determine the appropriate investigative response for computer crimes and CCAs to investigate and provide computer forensics support.
      • Manages a Web site to increase awareness about threats children face from the Internet and to provide a Web portal to report suspicious situations.
      Air Force Office of Special Investigation (AFOSI): Special agents and support personnel in AFOSI’s Information Operations and Investigations program conduct criminal and counterintelligence investigations in response to cyber crimes and threats directed against the U.S. Air Force and numerous DOD activities.
      • Provides forensic analysis of digital evidence and other highly specialized investigative support to criminal, fraud, counterintelligence, and counterespionage cybercrime investigations.
      • Conducts local, national, and international computer network intrusion investigations.
      Army Counterintelligence:
      • Investigates reported cybercrimes to determine if counterintelligence efforts are warranted.
      Naval Criminal Investigative Service (NCIS): Special agents and computer scientists in NCIS’s Cybercrime Department investigate cyber threats against the U.S. Navy and Marine Corps.
      • Conducts national and local computer network intrusion investigations.
      • Provides advanced forensic media analysis tools and techniques to support cybercrime investigations.
      • Collaborates with the Naval Network Warfare Command and Navy Cyber Defense Operations Command on cybercrime investigation, counter intelligence, and operational defense efforts related to Navy networks.
• DC3
  • "Performs computer forensic investigations for the Defense Criminal and Counterintelligence Investigative organizations.
  • "Defense Computer Forensics Laboratory: An accredited laboratory for digital forensic examinations in DOD.
    • Performs digital forensic examinations on digital evidence from counterintelligence, child pornography, and illegal use of government computer investigations.
    • Provides services such as digital media restoration.
    Defense Computer Investigations Training Program: A program producing digital forensic examiners and cybercrime investigators.
    • Trains investigators from the DOD, FBI, Secret Service, and the State Department’s Diplomatic Security Services.
    • Introduces trainees to state-of-the-art equipment and technologies.
    Defense Cyber Crime Institute: A research and development directorate for cyber forensics.
    • Researches and tests digital forensic hardware and software that includes the preview and testing of vendor products.
    • Develops and tests digital forensics tools.
    • Maintains a knowledge management system for digital forensics tactics.
• Joint Task Force—Global Network Operations
  • "Protects and detects computer crimes affecting the DOD Global Information Grid.
  • "Global Network Operations: A task force of 375 special agents and analysts from each of the Defense Criminal Investigative and Counterintelligence organizations.
    • Directs the operations and defense of the DOD Global Information Grid.
    • Continually monitors the grid and notifies its collocated law enforcement and counterintelligence staff of any unusual activity.
• Cyber Crime Center
• Office of the Inspector General: Defense Criminal Investigative Service: Computer Crimes Program

Department of Commerce

• NIST
  • NIST Computer System Security and Privacy Advisory Board
  • NIST Computer Security Resource Center 
  • NIST Cerberus, An IPsec Reference Implementation for Linux
  • NIST Computer Security Division (may transfer to Homeland Security)
  • NIST Federal Computer Security Program Managers' Forum
• National Telecommunications and Information Administration
  • Critical Infrastructure Protection: "The mission of the Critical Infrastructure Protection (CIP) is to assist policy makers, industry, and consumers to become more educated about how to manage risks and protect cyberspace. We must seek solutions to protecting cyberspace that emphasize people, process, technology, innovation, effective law enforcement, a robust public private partnership, and an understanding that we all have a role to play to be aware, accountable and take action for securing our piece of cyberspace."

Critical Infrastructure Protection Board

Executive Order : Critical Infrastructure Protection in the Information Age, WH 10/16/01 ("I hereby establish the "President's Critical Infrastructure Protection Board" (the "Board")").  The Board has membership from the leadership of federal agencies.  It is not at this time clear what the Board will be doing. Howard Schmidt, Chairman of the PCIP

• President's Council on Critical Infrastructure Protection
• PCCIP Final Report -- Critical Foundations: Protecting America's Infrastructures. (October 1997)

One of the oldest and most active internal federal efforts is the US Dept of Energy Computer Incident Advisory Capability (CIAC) "provides on-call technical assistance and information to U.S. Department of Energy  (DOE) sites faced with computer security incidents. This central incident handling  capability is one component of all encompassing service provided to the DOE community.  The other services CIAC provides are: awareness, training, and education; trend, threat,  vulnerability data collection and analysis; and technology watch. CIAC was established in 1989 to serve the DOE Community. CIAC is one of two oldest response teams and is recognized nationally and internationally for its contributions to the Internet community. CIAC is a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide." Who is CIAC One of the more interesting services that CIAC provides is Hoaxbusters, an information source debunking many of the popular myths and legends on the Internet.  See Hoaxbusters. 

• M-001: Cisco Secure IDS Signature Obfuscation Vulnerability October 1, 2001 20:00 GMT 
• M-013: Mac OS X Downloading Applications Vulnerability [Microsoft Security Bulletin MS01-053] November 1, 2001 22:00 GMT 
• M-012: Oracle File Overwrite Security Vulnerability [Oracle Security Alert #20] October 29, 2001 22:00 GMT

• DOE ISRC Information Security Resource Center 

NSA/CSS INFOSEC Information Assurance Directorate

"NSA/CSS provides the Solutions, Products and Services, and conducts Defensive Information Operations, to achieve Information Assurance for information infrastructures critical to U.S. National Security interests."  NSA/CSS Infosec Page

"In order to enable our customers to protect and defend cyber systems, the NSA develops, and supports a variety of products and services. We also conduct ongoing research to aid in the development of next generation solutions. Our IA solutions must encompass a wide range of voice, data and video applications, extending across networked, tactical and satellite systems. IA solutions include the technologies, specifications and criteria, products, product configurations, tools, standards, operational doctrine and support activities needed to implement the protect, detect and report, and respond elements of cyber defense.

"The Information Assurance Framework Forum, developed in a collaborative effort by NSA solution architects, customers with requirements, component vendors, and commercial integrators, guides our solution development. It finds the right solution for environments ranging from outerspace to the office or foxhole. Our framework provides top level guidance in addition to the specification of essential security features and assurances for the security products. It brings producers and consumers together before products are built so that products which better meet our customers' needs will be built.

"The internationally recognized Common Criteria (CC) employs standardized terms to describe the security functionality and assurance of consumers' requirements and manufacturers' products. CC-based Protection Profiles specify what consumers need at both the system and the component level to fulfill their mission. CC-based Security Targets describe how specific products meet consumers' requirements.

"These IA solutions take maximum advantage of commercial components, using NSA developed products and services to fill gaps in areas not satisfied by commercial offerings. Commercial-off-the-shelf (COTS) products include security products (e.g. a firewall) or security enabled or enhanced Information Technology (IT) products (e.g. an e-mail application or secure cellular phone). Our solutions include technologies and tools necessary for a layered defense-in-depth strategy and tools for defensive information operations such as intrusion detection, automated data reduction and modeling/simulation tools.

The NSA constantly works with its government and industry partners to facilitate emerging technology, taking the lead in problems not addressed by industry." About the ISSO

• The Air Force Computer Emercency Response Team (AFCERT) 
• The Navy Computer Incident Response Team (NAVCIRT) 
• The National Aeronautics and Space Administartion's NASA INCIDENT RESPONSE CENTER (NASIRC) 
• DOD CERT
• The National Institute of Health Computer Security Information

CERT Cordination Center

One of the best known efforts is the CERT Coordination Center.  CERT/CC's scope is Internet security issues.  It is a part Carnegie Mellon University's Software Engineering Institute, a federally funded research and development center.  It was created after the Morris Worm by the Department of Defense DARPA, which continues to be a major sponsor of the effort.  CERT was charged with the task of coordinating communications among experts during emergencies and helping to prevent future situations.  CERT's focus is on network vulnerabilities, advising network operators of the problems and how they can be addressed. CERT has become a model effort and its practices have been adopted by 90 similar efforts worldwide.  CERT disseminates security information through its website, a hotline, a mailing group, and USENET.  It is frequently the authority quoted by the media in coverage of cyber events.  CERT disseminates information through multiple channels:
                    telephone and email
                         hotline: +1 412 268-7090 
                         email: cert@cert.org 
                         mailing list: majordomo@cert.org
                    USENET newsgroup: comp.security.announce 
                    World Wide Web: http://www.cert.org/" 
See About the CERT/CC; CERT Homepage;SEI Sponsoring and Oversight Organization; Annual Report 2000.

• Cisco ties up with CERT to provide Internet security, Hindu 3/14/2006

Other Federal Links

• DOJ Reporting Computer, Internet-Related, or Intellectual Property Crime
• National Counterintelligence Center
• National Infrastructure Simulation and Analysis Center which is a part of the Defense Threat Reduction Agency and Los Alamos
• FEMA - Federal Emergency Management Agency
• Los Alamos
  • National Infrastructure Simulation and Analysis Center – NISAC
  • Cyber Defenders Institute
• National Science Foundation NSF
  • Cyber Corps
    • The Cyber Corps Program is open to students currently completing their junior year of undergraduate school or first-year of graduate school. In addition to a stipend of approximately $1,000 per month, the Program pays for each student's tuition for two years, room and board, and travel to conferences. After one year of training, students complete a summer internship in a federal agency, learning first-hand about computer security issues and putting into practice what they've learned in class. By the end of the second year students earn an undergraduate or graduate degree in computer science in addition to multiple federal-level computer security certificates as endorsed by the Committee on National Security Systems (CNSS).
  • CyberTrust Funding (Directorate for Computer and Information Science & Engineering)
    • "CT will support a portfolio of projects that:
      • contribute to the cybersecurity knowledge base and advance cybersecurity technologies;
      • address trustworthiness at all levels of system design, implementation and use;
      • consider the social, economic, organizational and legal factors influencing the successful adoption of new cybersecurity approaches and technologies; and,
      • build national education and workforce capacity, addressing undergraduate, graduate, and faculty development and training.

      Proposals funded will cover a broad range of disciplines contributing to the CT vision."

• NSF Advisory Committee for Cyberinfrastructure, NSF 2/4/03
• CyberCorps
  • Cyber Corps Funding Boosted, fcw 8/14/02
• Partnership for Critical Infrastructure Security
• North American Electric Reliability Council
  • Reliability Standards :: Critical Infrastruction Protection (Best Practices)

 National Association of State CIOs

"NASCIO represents state chief information officers and information resource executives and managers from the 50 states, six U. S. territories, and the District of Columbia. State members are senior officials from any of the three branches of state government who have executive-level and statewide responsibility for information resource management. Representatives from federal, municipal, and international governments and state officials who are involved in information resource management but do not have chief responsibility for that function participate in the organization as associate members. Private-sector firms and non-profit organizations may join as corporate members."  About NASCIO

Multi State ISAC

• Recognizing the need for collaboration, a Multi-State Information Sharing and Analysis Center (ISAC) was established in January 2003. The MS-ISAC began with the Northeast states, and quickly expanded. Currently, there are 49 states and the District of Columbia participating. The goal is to have this MS-ISAC include all fifty states, which would provide a valuable centrally-coordinated mechanism for sharing important security intelligence and information between the States. The MS-ISAC can serve as a critical point of contact between the States and the Federal government. A primary goal of the MS-ISAC is to eliminate duplicative efforts. The MS-ISAC member states meet monthly by teleconference to discuss issues and share information relating to each state’s cyber security readiness and resilience. The MS-ISAC has moved quickly since its inception and has been recognized by the Department of Homeland Security for its proactive role in bringing the states together. The Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) and the MS-ISAC are working together on a number of programs, including the National Webcast Initiative, to help enhance our Nation's cyber security readiness and response.

• State CIOs set to share information, FCW 11/15/01

• NARUC/CCI - National Association of Regulatory Utility Commissioners Ad Hoc Committee on Critical Infrastructure
• National Association of Attorneys General: Computer Crime Point-of-Contact List 
• At the State level, you may wish to contact an official on the National Association of Attorneys General: Computer Crime Point-of-Contact List