Framingham, MA-February
12, 2002-Today,
the first set of national Cyberthreat Response and Reporting
Guidelines jointly sanctioned by the Federal Bureau
of Investigation (FBI) and the United States Secret
Service (USSS) was unveiled to the nation's CIOs (chief
information officers). Four months ago, CIO magazine
requested the FBI and USSS help create and standardize
a process for businesses to report cybercrime and security
breaches to law enforcement authorities.
The CIO Cyberthreat Response
& Reporting Guidelines provide step-by-step information
on how businesses should plan and respond to attacks
on their information systems, including worms, viruses,
hacks and other breaches. The guidelines advise CIOs
and business leaders to establish a relationship with
law enforcement today, before their next attack happens.
The document also provides suggested points of contact,
as well as an easy-to-follow report form detailing the
initial information law enforcement needs to investigate.
Abbie Lundberg, Editor
in Chief of CIO magazine says, "The new CIO Cyberthreat
Response & Reporting Guidelines provide guidance
and resources and, most important, make it easier for
CIOs to report to law enforcement."
According to Ronald L.
Dick, National Infrastructure Protection Center &
Deputy Assistant Director, Counterterrorism Division,
FBI, "The US government is aware of the cyberthreats
businesses face. The guidelines are just one method
we can deploy to help businesses protect themselves.
The FBI, together with the National Infrastructure Protection
Center (NIPC), is fully committed to stopping the spread
of cybercrime."
The FBI and USSS share
federal jurisdiction for investigating and prosecuting
cybercrime across state lines. Law enforcement's ability
to identify coordinated efforts by cybercriminals is
directly tied to the amount of reporting that takes
place. Historically, reported cyberattacks are those
of great magnitude such as the Code Red virus.
"The Secret Service
continues to believe that prevention coupled with aggressive
proactive investigations provide the best outcome when
attacking cybercrime. This cannot be accomplished without
the partnerships that have been established with industry,
other law enforcement agencies and, in this case, the
media. In fact, with today's technology and the sophisticated
nature of electronic crime, law enforcement will lose
the battle and the war without sharing information and
resources," says Bruce Townsend, Special Agent
in Charge, Financial Crimes Division, Secret Service.
Townsend adds, "In
October, the Secret Service received authorization to
set up Electronic Crimes Task Forces around the country.
These now published reporting guidelines will allow
industry professionals to take full advantage of these
task forces and the collective expertise of federal,
state and local law enforcement that these task forces
create."
Dick (FBI) adds, "The
NIPC and FBI are also working closely with businesses
through the InfraGard program. More than 3,000 companies
have joined the 65 chapters that are spread throughout
the United States, and are working with the NIPC and
each other to share information on cyber threats and
vulnerabilities. Membership is free to any company that
wants to join."
The need for cyber reporting
guidelines came to the forefront at a CIO magazine conference
in October 2001. Lundberg (CIO) explains, "A United
States Attorney addressed CIOs on law enforcement post
9/11 and the need for businesses to report cybercrime
to officials. A member of the audience said his company
was suffering thousands of attacks a month and asked
which attacks to report and where to send the information."
Methodology:
Following the CIO Conference in October 2001, CIO magazine
editor in chief Abbie Lundberg identified the need for
creating cybercrime-reporting standards. The government
and public relations arm of CXO Media Inc. (publisher
of CIO magazine) initiated discussions with the FBI
and USSS on creating such guidelines for reporting cyberthreats
and attacks. A select team of industry advisors and
law enforcement officials was brought together to develop
project goals, logistics, resources and a reporting
template for businesses to follow. A larger team of
experts reviewed and tested the guidelines before they
were turned over to the FBI and USSS for review, validation
and authorization. A complete copy of the CIO Cyberthreat
Response & Reporting Guidelines is available at
www.cio.com/security/response.
About CIO Magazine:
CIO magazine (launched in 1987) is published by CXO
Media Inc. CXO Media serves CIOs, CEOs, CFOs, COOs and
other corporate officers who use technology to thrive
and prosper in this new era of business. The company
strives to enhance partnerships between C-level executives,
as well as create opportunities for information technology
(IT) and consumer marketers to reach them. In addition
to publishing CIO, CXO Media produces www.cio.com, The
CIO Insider, Darwin magazine and www.darwinmagazine.com,
as well as CIO and Darwin Executive Programs, a series
of conferences that provide educational and networking
opportunities for corporate and government leaders.
CXO Media Inc. is a subsidiary
of IDG, the world's leading technology media, research
and event company. IDG publishes more than 300 magazines
and newspapers and offers online users the largest network
of technology-specific sites around the world through
IDG.net (www.idg.net), which comprises more than 300
targeted Web sites in 70 countries. IDG is also a leading
producer of 168 computer-related expositions worldwide,
and provides IT market analysis through 51 offices in
43 countries worldwide. Company information is available
at www.idg.com.
Press Contacts: