Secret Service head calls for cybersecurity cooperation

WASHINGTON - Companies with compromised data have a duty to report that information to investigators as a way to keep others from being victimized, the director of the U.S. Secret Service said Tuesday.

The Secret Service, which has jurisdiction to investigate financial crimes as well as protect the U.S. president, is working hard to prevent Internet-related crimes such as identity theft, but it needs assistance from private companies, said Ralph Basham, Secret Service director, speaking at an event on organized cybercrime in Washington, D.C.

"Information is the world's new currency; information has value," Basham said at the event, sponsored by trade group Business Software Alliance (BSA) and think tank Center for Strategic & International Studies (CSIS). "Information discloses our vulnerabilities and systemic weaknesses, and therefore ... compromises of information must be aggressively investigated."

Compromises that affect one company are increasingly rare in a world connected by the Internet, Basham added. "The days when a single institution guards the system intrusion as a secret are no longer acceptable," he said. "An intrusion for one represents a collective threat for us all."

Still, the sharing of information between law enforcement agencies and private industry remains an area that needs significant improvement, said a group of IT security experts, speaking on a panel discussion following Basham's remarks. Technology that could help reduce cybercrime does exist, but law enforcement agencies conducting investigations often don't immediately share information about new threats, said Albert Sisto, president and chief executive officer of Phoenix Technologies Ltd., a security software vendor.

Federal law enforcement agencies are trying to share more information, but it's often difficult to disclose too much information without compromising an active investigation, responded Kimberly Peretti, a lawyer in the Computer Crime and Intellectual Property Division at the U.S Department of Justice. The Secret Service is working on ways to distribute information faster, said Brian Nagel, assistant director for investigations at the Secret Service.

Most panelists agreed that technology can help fight organized cybercrime, but also called for other changes, including better international cooperation among law enforcement agencies and more tools and training for law enforcement agents. Cybercrime cases cost more to investigate than traditional crime, Nagel noted.

A combination of technology, law enforcement resources and laws are needed to combat cybercrime, said Bill Conner, chief executive officer and chairman of Entrust Inc., a security vendor.

But a number of federal laws passed in recent years haven't done as much to raise awareness about data security as one California bill requiring companies with data breaches to notify victims, which became law in 2003, he said. Other states are now working on similar laws, and U.S. lawmakers have introduced similar federal legislation.

Technology alone can't solve the problem, either, he said. "Technology is used by the good guys, and it's used even more by the bad guys," Conner added. "They've got lots of money."