- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
IDG News Service - U.S. government agencies are getting better at sharing information about cyberattacks with private companies, but cybercrime shows no signs of slowing down, cybersecurity experts told lawmakers Wednesday.
The U.S. Secret Service, the Federal Bureau of Investigation and the Department of Homeland Security work closely together to combat cybercrime, witnesses from the three organizations told a subcommittee of the House of Representatives Financial Services Committee. But criminals are taking advantage of the growing amount of personal information online and the ability to share attack tools and strategies over the Internet, said A.T. Smith, assistant director of the Secret Service.
"The Secret Service has observed a marked increase in the quality, quantity and complexity of cybercrimes targeting private industry and critical infrastructure," he said.
The FBI is currently investigating more than 400 cases involving unauthorized wire transfers from bank accounts of U.S. businesses, said Gordon Snow, the assistant director there. Those 400 cases involved the attempted theft of US$255 million, with actual losses of $85 million, and the cases involving the takeover of accounts represent just one type of attack against financial systems, he said.
Snow also listed recent examples of payment processor breaches, stock trading fraud, ATM skimming, mobile banking attacks and other schemes targeting the U.S. financial system. Cybercriminals' capabilities are at "an all-time high," although combating cybercrime is a top priority for the FBI and other agencies, he said.
The annual cost of cybercrime is about $388 billion, including money and time lost, said Brian Tillett, chief security strategist at Symantec. That's about $100 billion more than the global black market trade in heroin, cocaine and marijuana combined, he said.
The financial services industry, the focus of Wednesday's hearing, is a top target for cybercriminals, Tillett said, but he also praised cybersecurity efforts there.
"The financial services industry generally, has been ahead of the curve on cybersecurity, recognizing the importance of these issues long before they were common in daily headlines," he said. "Thus, the need for action is not so much an issue of additional legislation or regulation, but rather an issue of responding to evolving threats by implementing mitigation and protection measures."
Subcommittee Chairwoman Shelley Moore Capito asked if the DHS and other agencies were sharing information about cyberattacks with each other and with private companies.
Employees of private companies with security clearances now have access to the DHS National Cybersecurity and Communications Integration Center (NCCIC), which coordinates cyberincident response efforts within the U.S. government, said Greg Schaffer, acting deputy under secretary at the DHS. U.S. agencies have also provided assistance to the financial services industry during cyberattacks, he said.
"We are in a better place today, in terms of information sharing, than we've been in the 15 to 17 years I've been in this space," Schaffer said. "We have certainly made a lot of progress."