What are we doing now?
Increasing attention is being paid to deterring cyber threats, especially by those governments that have the power to investigate criminal activity and the tools to respond. The IT industry takes steps as well. Some key examples are below.
• The Federal Bureau of Investigation (FBI)’s Cyber Division has specially trained cyber squads at FBI headquarters and field offices staffed with agents and analysts who investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud. The FBI partners with the Departments of Defense, Homeland Security, and others in this work.
• The Secret Service’s nationwide network of Electronic Crimes Task Forces (ECTFs) brings together federal, state, and local law enforcement, prosecutors, private industry, and academia to prevent, detect, mitigate, and aggressively investigate attacks on the nation’s financial and critical infrastructures.
• The Economic Espionage Act of 1996 makes the theft or misappropriation of a trade secret a federal crime. The FBI’s Economic Espionage Unit uses this law to investigate economic espionage and punish criminals and spies.
• The U.S. Immigration and Customs Enforcement (ICE) Cyber Crime Center (C3) develops and coordinates investigations related to cyber crimes, child exploitation, and digital forensics. For example, its Cyber Crimes Section (CCS) investigates fraud, theft of intellectual property rights, money laundering, identity and benefit fraud, and other illegal activities.
• The Federal Trade Commission (FTC) has taken action against identity theft for a decade, providing tools to consumers, businesses, and law enforcement. The FTC’s national education campaign - AvoID Theft: Deter, Detect, Defend - aims to empower consumers to protect themselves against identity theft and to minimize its damage.
• The 2004 Council of Europe Convention on Cybercrime is a binding international treaty that lays down guidelines for all governments wishing to develop legislation against cybercrime. Open to signature by non-European states, the convention also provides a framework for international cooperation in this field. It currently has 43 signatories, although only half have ratified the Convention. The U.S. Senate ratified the Convention in 2006.
• Major U.S. information technology (IT) companies utilize various methods to deter cyber threats such as training employees to understand techniques used by bad actors, limiting access to sensitive materials, and implementing tools to identify untrusted and improper behavior on networks and taking appropriate action.
• U.S. IT companies undertake various efforts to minimize being subject to commercial espionage such as ensuring information is properly stored and secured, utilizing proper disposal procedures such as deleting and destroying potentially sensitive data when no longer needed, utilizing non-disclosure agreements, and conducting background checks on potential employees.
The IT Industry’s Cybersecurity Principles for Industry and Government PAGE 21
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24