The Best Defense

When your computer gets hacked, why can't you call the police to deal with it?

By Irving Lachow and Evan Wolff

Best Defense guest columnists

You come home one night and your house has been ransacked. What do you do? Easy, you call the police. They show up, assess the crime scene, gather evidence, write a report, and notify other authorities if necessary.

Now, assume that you find out that your computer has been hacked and your online accounts infiltrated. Do you call the local police? You may, but local law enforcement may be too busy to address your crime. Even if they have the time, police officers will likely lack the skills and tools necessary to assess the digital crime scene and gather evidence showing how your computer was compromised and what data was taken. You could try calling the FBI, but while federal law enforcement officials may have the skills to respond, they do not have the resources or the jurisdiction to handle small-scale crimes. Unless a very large sum of money has been stolen, you are going to be left to deal with this situation on your own. 

This gap in the ability of law enforcement officials to respond to low-level cybercrime is a growing problem. Cybercriminals are becoming increasingly sophisticated and the number of people and small businesses affected by malware, fraud, identify theft and other digital crimes is increasing concomitantly. In 2012, businesses reported losses of over $500 million dollars, a gross underestimation of the total harm because many businesses do not report losses due to cybercrime. At the same time, the growing number of serious cyber incidents requiring federal attention-such as the recent attack on Target-means that fewer resources are available to help the average person or small business deal with cybercrimes. Our nation needs to grow a cadre of "cyber cops" to address this gap.

What would a world with cyber police look like? Imagine that you discover that your digital accounts have been infiltrated and that fraudulent transactions have originated from your computer. You call the local police and two officers arrive at your house with hardware and software that they use to make a copy of your computer's hard drive. By analyzing the contents of the drive, they can determine if a crime has been committed, the extent of the crime, and perhaps gather evidence left behind by the cyber criminals. They input this information into a database that enables them to check for commonalities with other cybercrimes. Through this database, the local police discover that similar malware has been used across the country in recent months and report the incident to their federal partners. The local police add their new information to the database, which may help the FBI to identify and track the cyber criminals. The police officers compile information for a report that you can use with your insurance company. Perhaps the police officers even provide you with suggestions for removing the malware from your computers.

So how do we get to a world where local police play a central role in helping small-scale victims of cybercrime? The first step is education. Police officers need to become cyber savvy. The Secret Service has already trained over 1400 state and local police officers on responding to cybercrime, but demand is outstripping supply. More education is needed. This is where high schools, community colleges, and local universities can play an increasingly important role. Easily accessible and inexpensive education and training programs can help not only police officers, but other professionals who will increasingly need to become cyber smart.

Second, we need to develop the technical infrastructure and tools to enable the collection and sharing of relevant data. This should include a system for cooperation among local, state and federal law enforcement officials. For example, police must be able to download and upload cybercrime information wherever and whenever needed. This data must be tagged to enable easy analysis and retrieval. Simultaneously, a system of checks and balances will need to be put in place to protect privacy and prevent misuse of the data. Finally, the networks and data used by law enforcement must be protected from cyber criminals who are growing increasingly willing to go after police forces directly.

The partnership enabled by this technical infrastructure will benefit local and federal law enforcement. A cadre of cyber savvy police will increase situational awareness for federal officials by increasing the quantity and quality of data they receive about cybercrimes. In addition, local police will be able to handle minor cyber incidents while escalating more serious incidents to regional or national levels. In turn, federal law enforcement can provide information -- context, intelligence, best practices -- that may help local officials response appropriately to a given situation.

Cybercrime is both a national and a local problem. Local law enforcement officers must play a bigger role in responding to victims and helping prevent and solve such crimes. We believe that a properly educated and equipped police force can make a difference.

Irving Lachow is a principal cyber security engineer at the MITRE Corporation. The views of the author are his alone and do not represent the positions of the MITRE Corporation or its sponsors. Evan D. Wolff is a partner in Crowell & Moring's Washington, D.C. office, where he helps lead the privacy & cybersecurity practice.

Wikimedia

The Best Defense

Optimists about the U.S. military may be conflating its reach with its effectiveness

So warns Evan B. Montgomery in the Spring 2014 issue of International Security, in an article about military competition in the Western Pacific.

Meanwhile, a contributor to the Lawfare blog says he thinks that the recent U.S. indictment of Chinese officers for hacking may have had an effect on the thinking of Chinese officials.

Wikimedia