International cooperation among law enforcement agencies is key to investigating cyber crimes, according to a panel of federal law enforcement officials and security network experts who spoke at the White House Summit on Cybersecurity and Consumer Protection Friday.
The discussion, hosted by Stanford University and moderated by Assistant Attorney General Leslie Caldwell, addressed the ongoing challenges law enforcement and the private sector face in combating cyber crimes, as well as ways in which global collaborative efforts can, and have, offered faster and more effective solutions.
Kevin Mandia, senior vice president and chief operating officer of the network security company FireEye Inc., said that in order to take appropriate actions against foreign cyber-threats, the company needs to be able to identify who committed the crime.
The problem: outside of Western countries, that’s increasingly harder to do.
“The challenge is safe harbors are international,” Mandia said.
Mandia argued there are no deterrents for hacking a Western nation from places like Iran, Iraq and Syria. Without knowing exactly who’s responsible, penalties can’t be imposed, he added.
That’s where global collaboration across law enforcement agencies comes into play.
Mandia said that greater information sharing with partners overseas would grant countries like the U.S. critical on-the-ground facts that aid in better identifying cyber criminals around the world.
Ed Lowery, assistant director of the Office of Training at the U.S. Secret Service, said that the assistance of law enforcement agencies in countries such as Switzerland, Spain, Costa Rica and the Netherlands in 2013 was key to the arrest of former U.S. citizen Arthur Budovsky in Spain who created Liberty Reserve, a digital currency infrastructure that was used for money laundering scams around the world.
Joseph Demarest, assistant director of the Federal Bureau of Investigation’s cyber division, pointed to the example of Operation Clean Slate, a FBI-led effort launched in 2013 that brought together international law enforcement partners and private sector players like Microsoft Corp. to prioritize and remediate cases of malicious software known as botnets.
Still, many countries — especially developing countries — don’t have the capacity to address or even understand cyber threats, according to Bilal Sen, an expert on cyber and emerging crimes at the United Nations Office of Drug and Crime.
For instance, a 2013 United Nations threat assessment report on transnational organized crime in East Asia and the Pacific noted there is no set protocol for reporting unlawful cyber activities related to child pornography and sexual abuse of children in the region.
For its part, Sen noted that the United Nations has been running programs that support local criminal justice systems to both prosecute and prevent cyber crimes, especially in countries like Cambodia and Indonesia.
“We believe we are playing a role to prevent the creation of safe havens for perpetrators,” Sen said.
He added that the United Nations plans to launch an online cyber crime repository next month that includes cyber crime laws of several countries, case laws and best practices.
Jamie Saunders, director of the National Cyber Crime Unit of the United Kingdom’s National Crime Agency, said that countries need to develop the capacity to recognize and address cyber threats and consistently enforce rules of conduct.
“There should be clear expectations of what kind of behavior is accepted from countries if they are going to participate and benefit in the digital economy,” Saunders said.
It’s key, Saunders said, that law enforcement and the private sector work together to develop necessary tools to ensure cyber criminals are stopped before they adapt to and corrupt new infrastructures.
“What I think we need is clear expectations of what is reasonable to expect individuals and individual businesses to do and what is a reasonable expectation for governments,” Saunders said.