Cybersecurity: A Strategic Imperative

We are under constant cyber attack from both outside entities and domestic cyber thieves. While the federal government acknowledges the issue, it has been slow to develop policies and strategies to deal with the threat. We know that redundant government policies and regulations are costing businesses millions of dollars in compliance and fines with no guarantee of enhanced protection. We know that state standards vary, are inconsistent, and require significant resources to monitor and that business needs a voice at the table during policy discussions. It is time for the business community to act with clarity and purpose to help educate legislators and establish policies that protect the competitive vitality of American companies and the interests of consumers.

Federal Cyber Interview Series

INTERVIEW #2: BAC INTERVIEW WITH IMMIGRATION AND CUSTOMS ENFORCEMENT (ICE)

In conjunction with its regular meetings with Federal agencies, the Bay Area Council (BAC) presents a series of interviews with U.S. agencies on their role in working with the business community on cybersecurity. In this interview, the Bay Area Council speaks with ICE about how companies can engage, work with the agency, and prepare.

BAC: What role does ICE play in commercial cybersecurity breaches?

ICE: ICE conducts and coordinates national level investigations where the Internet is used to further criminal activities in the following areas:

  • Identity and benefit document fraud
  • Money Laundering
  • Financial fraud (including e-payment fraud and Internet gambling)
  • Commercial fraud
  • Counter-proliferation investigations
  • Narcotics trafficking
  • Illegal exports
  • Human trafficking and smuggling
  • General smuggling

Cyber Economic Crimes

  • We work these investigations holistically with international collaborations as a goal from the beginning. We focus on the layers of the crime starting with the Transnational Criminal Organization (TCOs–hacking groups) that specialize in the theft of PII by the use of malware, botnets, social engineering, etc. We then follow the sale of the PII via underground markets or carding sites to the next TCO that specializes in utilizing a variety of cash out schemes to turn the stolen PII into proceeds.

Digital Theft of Intellectual Property  (Moves, Music, Software, Apps) and their redistribution online

  • The HSI led multi-agency National Intellectual Property Rights Coordination Center (https://www.iprcenter.gov/) partners with industry in the targeting of websites that sell counterfeit goods.

Dark Nets and Underground Marketplaces

  • HSI targets TCOs that utilize the anonymization provided by the TOR Network and Virtual Currency to hide their illicit activity.
  • Example- The Silk Road Investigation.  The investigation ran concurrently with the FBI and focused on the identification and arrest of the site’s main administrators who were openly selling narcotics on this underground market.

Cyber-Enabled Digital Theft of Export Controlled Data

  • HSI is the primary enforcer of the Arms Export Control Act and as such has responsibility to work with industry to safeguard this data from being exploited and smuggled out of the country.  This includes the investigation of websites that offer the sale of prohibited items as well as TCOs that steal the data without the knowledge of industry.

 

BAC: When is the right time for a company to reach out to ICE about cybersecurity?

ICE: The best time to contact ICE about a cybersecurity issue is before you have one.  Staying informed about the various techniques cybercriminals use to defraud or disrupt businesses is vital to a company’s cybersecurity posture.  This is one of those areas where an ounce of prevention is worth several pounds of cure.

However, if a breach is detected, you should inform ICE immediately.  Crucial evidence can be lost due to a delay in reporting an incident.

 

BAC: Does ICE prefer to have contact with a company’s general counsel, chief information security officer, or other contacts?

ICE: In most instances, ICE will work closely with an organization’s CISO and General Counsel when investigating a breach.  Additional components (Finance, Human Resources) may be contacted based on the nature of the incident.

 

BAC: How can ICE help a company prepare for and address cyber risks?

ICE: Companies need to be aware that there are no perfect security solutions when it comes to Cyber defense.  Every system designed to address this problem has been or will be defeated at some point.  A company’s most worthwhile investment in combating these threats is in the education of its workforce and this is where ICE can be of assistance.  ICE agents conduct outreach with companies and their employees to make them aware of the current cyber threat landscape.  Through education and identifying and implementing best practices, we hope to help companies mitigate their exposure to cybercrime.

 

BAC: Where can a company get more information on ICE cybersecurity activities?

ICE: For additional information, you can visit us at www.ice.gov/cyber-crimes or contact our San Francisco field office representatives at HSISFCYBER@ice.dhs.gov.

 

BAC: Who at ICE should a company contact in the Bay Area?

ICE: In the event of a security incident, you should contact ICE at 415-844-5455.  For general inquiries, you can write to us at HSISFCYBER@ice.dhs.gov.  For 24×7 assistance, please contact Sector communications at 1-800-973-2867 and request to speak with a representative from the HSI San Francisco Cyber Crimes Investigations Group.

Download a PDF of the cybersecurity interview with ICE>>

Archive

Download interview with FBI cyber unit (August 2015)>>