FBI to expand computer intrusion reporting program

The FBI plans to roll out to more than 50 cities an intrusion-detection reporting program that will be one of the first large-scale examples of private companies working with federal law enforcement agencies to fight computer crime.

The FBI is testing the program, called InfraGuard, in Cleveland [FCW, Dec. 15, 1997], but the agency intends to expand the program in the next several months to all 56 cities with an FBI field office.

The initiative seeks to have private-sector entities electronically report computer break-ins to field offices using advanced information technology methods. The key to the program's success is that it allows companies to report computer intrusions without fear that the information will be made public. Traditionally, companies— especially financial institutions and publicly traded companies— have been loath to reveal information about attacks on their systems.

"There seems to be just a lot of interest throughout the private sector," said Kenneth Geide, chief of computer investigations and operations security at the new National Infrastructure Protection Center. "The private sector is hungry for real data about what kinds of exploits [are occurring] so they can risk-manage their activities. If there are no glitches [in Cleveland]...then we're looking to do this immediately."

The government— spurred by its fear of the damage an electronic attack could do to such infrastructures as the electrical power grid and telecommunications systems operated by the private sector— has focused increased attention on tracking threats to the computer systems that operate these critical infrastructures.

Donald Krysakowski, director of laboratories with the International Computer Security Association, said that while the shortage of raw data on cyberthreats to the private sector does present a problem for the government, it is not clear if private companies have put aside their fears of reporting these incidents.

Using public-key cryptography technology, private-sector participants in the Cleveland pilot are issued certificates from VeriSign Inc., which carry digital signatures to authenticate a user's identity. The participants then use technology from AT&T, called Secret Agent, to encrypt and digitally sign e-mail messages detailing computer break-ins before sending them to an FBI file server.

The server collects the messages and sends them back to all other program participants— without information that would identify the companies that were attacked— so participants will be aware of common attack methods.

Geide said FBI officials have not yet determined which technology they will use for the expansion because they want to make sure they have the "latest and greatest" products when each program is rolled out in the various cities.