working with law enforcement on cyber security strategies

Edit the text with your own short phrase.

The animation is already done for you; just copy and paste the slide into your existing presentation.

October 30, 2014 Don't be the next target

TO CATCH A CYBER CRIMINAL: TRENDS IN CYBER CRIME

Andreas Kaltsounis, Special Agent Defense Criminal Investigative Service Task Force Officer, Seattle FBI Cyber Task Force

Andrew Friedman, Assistant United States Attorney Western District of Washington

Craig Spiezle, CEO & Executive Director Online Trust Alliance

Timothy Wallach, Supervisory Special Agent, Cyber Task Force Federal Bureau of Investigation

Laws of Data

• Your company includes “covered information”

• You have regulatory requirement(s)

• You will have a data breach incident

• If you are unprepared it will cost you • Direct expenses

• Remediation

• Brand

• Business Shock

© 2014 All rights reserved. Online Trust Alliance (OTA) Slide 3

Lack of a Breach Plan

So Who You Gonna Call?

Open Dialog

•Contacting Law Enforcement • When, Who, Why, How

•Regulatory Requirements – • State, FTC, FCC, SEC ….. & International

• Incidents vs Attempts • The need for threat intel

Role of Law Enforcement

•What specific assistance can LE responders provide during or after an incident that adds value to an organization's incident response? What is outside the scope of LE?

Sharing Data & Results

• What should I share? - Attempts or only breaches

• What are the implications if a case is actually solved and prosecuted?

• Are cybercrime cases ever actually solved and prosecuted?

• What are the international jurisdictional issues? Do we need new laws?

• Can I get any remediation or recover any losses / damages?

Forensics – “Do Not Try This At Home”

Status of Federal Breach Legislation

• Two weeks ago President Obama stated, "Today, data breaches are handled by dozens of separate state laws, and it's time to have one clear national standard that brings certainty to businesses and keeps consumers safe."

Communications – Being Prepared

Summary

• Be prepared – develop your breach response plan.

• Develop, test and update your plans quarterly.

• Complete an audit of all systems, data stores and cloud providers.

• Include law enforcement in your incident response. Don't leave it until the emergency...it could result in unneeded delay.

• Develop a relationship with the appropriate Law Enforcement Agency in the next 72 hours!

• Validate your Boards “Risk Appetite”

Resources • Data Breach Response Readiness Guide https://otalliance.org/breach

• FBI Cybercrime Resources http://www.fbi.gov/about-us/investigate/cyber/cyber

• FBI Cyber Task Force; Seattle.CTF@ic.fbi.gov; 206-622-0460

• InfraGard https://www.infragard.org/

• Internet Crime Complaint Center (IC3) http://www.ic3.gov/default.aspx

• U.S. Department of Defense http://www.defense.gov/home/features/2013/0713_cyberdomain/ http://www.dodig.mil/inv_dcis/pdfs/DCIS_CyberCrime.pdf

Contact Us

• Andreas Kaltsounis +1 206-913-4594 Andreas.Kaltsounis@DODIG.MIL

• Andrew Friedman Andrew.Friedman@usdoj.gov

• Craig Spiezle +1 425-455-7400 craigs@otalliance.org

• Timothy Wallach Timothy.Wallach@ic.fbi.gov