Testimony of Michael A. Vatis, Director, National Infrastructure
Protection Center, FBI
Before the House
Committee on Government Affairs
Subcommittee on Government Management, Infomation, and Technology
July 26, 2000
"The NIPC's International Response to Cyber Attacks
and Computer Crime"
Good morning, Chairman Horn,
Congressman Turner, members of the subcommittee, and distinguished
guests. I am pleased to testify before this subcommittee today
on our international response to cyber attacks and computer
crime in general. The representation you have assembled for
this hearing is truly extraordinary. To my knowledge, never
have so many international law enforcement officials testified
before Congress at one time on issues related to cyber intrusions
and computer crime. A recently released study estimates that
computer viruses and hacking take a toll of $1.6 trillion
on the global economy. This figure dwarfs the gross national
product of most of the world's nations. Given the global nature
of the computer crime problem and the fact that many of our
investigations in the U.S. have an international nexus, it
is vital that we work effectively across borders in concert
with our international partners. I believe this hearing will
contribute to that effort and highlight the extensive endeavors
we have already made in the international arena.
Protecting the Nation's critical
infrastructures and combating computer intrusions is by necessity
a cooperative effort. National governments must work within
themselves, across agencies; with regional and local law enforcement;
with private industry; and with foreign governments to combat
the problem. If cooperation is lacking in any one of these
areas, the whole effort will fall short. Yet if cooperation
is effective across all of these areas, then we can gain the
upper hand against cyber criminals around the world and ensure
that the Internet is a safe place for electronic commerce
and communication.
Cooperative Structures in
the United States
The U.S. government approach
to protecting the nation's critical infrastructures is outlined
in Presidential Decision Directive (PDD) 63, issued in May
1998. That Directive forms a series of cooperative arrangements.
In particular, PDD-63 categorizes our infrastructures into
several sectors and designates federal "Lead Agencies,"
which are responsible for working cooperatively with private
industry from each sector to develop mechanisms and plans
for securing that sector against cyber attacks and for recovering
should an attack occur.
The PDD also gives a significant
coordinating role for operational matters to the National
Infrastructure Protection Center (NIPC), which I head. The
PDD places the NIPC at the core of the government's warning,
investigation, and response system for threats to, or attacks
on, the nation's critical infrastructures. The NIPC is the
focal point for gathering information on threats to the infrastructures
as well as "facilitating and coordinating the Federal
Government's response to an incident." The PDD further
specifies that the NIPC should include "elements responsible
for warning, analysis, computer investigation, coordinating
emergency response, training, outreach, and development and
application of technical tools."
The NIPC has a vital role in
collecting and disseminating information from all relevant
sources. The PDD directs the NIPC to "sanitize law enforcement
and intelligence information for inclusion into analyses and
reports that it will provide, in appropriate form, to relevant
federal, state, and local agencies; the relevant owners and
operators of critical infrastructures; and to any private
sector information sharing and analysis entity." The
NIPC is also charged with issuing "attack warnings or
alerts" to the owners and operators of critical infrastructures
in the private sector.
In order to perform its role,
the NIPC has established, and is continuing to expand, a network
of cooperative relationships with a wide range of entities
in both the government and the private sector. First, the
Center, while located at the FBI, is interagency in its composition,
bringing together representatives from the law enforcement,
defense, and intelligence communities, as well as from many
of the lead agencies specified in the PDD. The Center currently
has representatives from the following federal entities: Navy,
Air Force, Army, Air Force Office of Special Investigations,
Defense Criminal Investigative Service, National Security
Agency, United States Postal Service, Federal Aviation Administration,
General Services Administration, Central Intelligence Agency,
Critical Infrastructure Assurance Office, and Sandia National
Laboratory. In addition, the Center has had state law enforcement
officials detailed on a rotating basis. So far we have had
representatives from the Oregon State Police and the Tuscaloosa
County (Alabama) Sheriff's Department. We also have international
liaison officials who work with the Center. This interagency
composition facilitates the NIPC's ability to share pertinent
information among agencies and to coordinate agencies' activities
in the event of an attack.
Second, pursuant to the PDD,
the NIPC has electronic links to the rest of the government
in order to facilitate the sharing of information and the
issuance of warnings. Third, the PDD directs all executive
departments and agencies to "share with the NIPC information
about threats and warning of attacks and actual attacks on
critical government and private sector infrastructures, to
the extent permitted by law." Fourth, to bolster our
technical capabilities the Center selectively employs private
sector contractors. By bringing other agencies directly into
the Center and building direct communication linkages to government
agencies and the private sector, the Center provides a means
of coordinating the government's cyber expertise and ensuring
full sharing of information, consistent with applicable laws
and regulations.
In addition, in its role under
Presidential Decision Directive (PDD) 63 as the lead agency
for the "Emergency Law Enforcement Sector" (ELES),
the NIPC has been working with state and local law enforcement
to develop a plan to protect that sector from cyber attack
and reduce its vulnerabilities. As part of that effort, the
NIPC's alerts and warnings are regularly sent to state and
local law enforcement agencies via the National Law Enforcement
Telecommunications System (NLETS) and through NIPC e-mail
via the Law Enforcement Online system. Sharing with state
and local law enforcement is critical because they are often
the first responders when an incident occurs.
To fulfill its mandate under
PDD-63, the NIPC's goal is to develop a comprehensive "indications
and warning" system that will be capable of timely collection
of indicators of an imminent or ongoing cyber attack, analysis
of the information, and the timely issuance of alerts and
warnings. This will require additional resources, both personnel
and equipment. It will also require participation by the Intelligence
Community; the Department of Defense; the sector "Lead
Agencies"; other government agencies; federal, state
and local law enforcement; and the private sector owners and
operators of the infrastructures. As I will discuss further
in a moment, the NIPC is currently working with industry to
develop a methodology and system for detecting and warning
of attacks on the national telecommunications and electric
power sectors. These will provide a model for possible systems
for the other sectors.
Finally, the NIPC, as the national
entity responsible for government's warning, investigation,
and response system for threats to, or attacks on, the nation's
critical infrastructures, works on national planning initiatives
with the National Security Council and the Critical Infrastructure
Assurance Office.
To accomplish its goals under
the PDD, the NIPC is organized into three sections:
- The Computer Investigations
and Operations Section (CIOS) is the operational and response
arm of the Center. It program manages computer intrusion
investigations conducted by FBI Field Offices and some of
the joint task forces throughout the country; provides subject
matter experts, equipment, and technical support to cyber
investigators in federal, state, and local government agencies
involved in critical infrastructure protection; and provides
a cyber emergency response capability to help resolve a
cyber incident.
- The Analysis and Warning
Section (AWS) serves as the "indications and warning"
arm of the NIPC. The AWS reviews numerous government and
private sector databases, media, and other sources daily
to collect and disseminate information that is relevant
to any aspect of NIPC's mission, including the gathering
of indications of a possible attack. It provides analytical
support during computer intrusion investigations, performs
analyses of infrastructure risks and threat trends, and
produces current analytic products for the national security
and law enforcement communities, the owners-operators of
the critical infrastructures, and the computer network managers
who protect their systems. It also distributes tactical
warnings, alerts, and advisories to all the relevant partners,
informing them of exploited vulnerabilities and threats.
- The Training, Outreach and
Strategy Section (TOSS) coordinates the training and continuing
education of cyber investigators within the FBI Field Offices
and other federal, state and local law enforcement agencies.
It also coordinates our liaison with private sector companies,
state and local governments, other government agencies,
and the FBI's Field Offices. In addition, this section manages
our collection and cataloguing of information concerning
"key assets" -- i.e., critical individual components
within each infrastructure sector, such as specific power
facilities, telecommunications switch nodes, or financial
systems -- across the country.
To facilitate our ability to
investigate and respond to attacks, the FBI has created the
National Infrastructure Protection and Computer Intrusion
(NIPCI) Program in the 56 FBI Field Offices across the country.
We currently have 193 agents nationwide dedicated to investigating
computer intrusion, denial of service, and virus cases (less
than 2% of all FBI agents nationwide). In order to leverage
these resources most efficiently, we have taken the approach
of creating 16 regional squads that have sufficient size to
work complex intrusion cases and to assist those field offices
without a full NIPCI squad. In those field offices without
squads, the FBI has established a baseline capability by having
at least one or two agents to work NIPCI matters, i.e. computer
intrusions (criminal and national security), viruses, the
InfraGard and Key Asset Initiatives, and state and local liaison.
In addressing cyber incidents,
the NIPC and the 56 FBI field offices work cooperatively with
their federal, state and local law enforcement partners and
with the private sector. For example, in the Melissa Macro
Virus investigation, the NIPC issued public warnings that
helped alert the public, government agencies, and private
industry to the virus and stem the damage to computer networks.
In addition, the FBI's Newark office worked closely with the
New Jersey State Police, the New Jersey Attorney General's
Office, and the U.S. Attorney's Office in New Jersey in the
investigation, arrest, and prosecution of David L. Smith.
The NIPC supported the overall investigation which spanned
the nation. In other cases where there is concurrent jurisdiction,
the FBI and other agencies often work cases jointly. For example,
the FBI and the U.S. Secret Service worked together on a series
of hacks into the White House Homepage. Eric Burns, a.k.a
Zyklon, hacked into the White House web site as well as other
sites. He was caught and pled guilty to one count of 18 U.S.C.1030.
In November 1999 he was sentenced to 15 months in prison,
3 years supervised release, and ordered to pay $36,240 in
restitution and a $100 fine. While I cannot discuss it in
open hearings, the NIPC also works closely with other agencies
in foreign counter intelligence investigations involving cyber
attacks.
Government-Industry Cooperation
As I noted earlier, however,
it is critical for the government not just to work cooperatively
within itself, but also with the private sector. The NIPC
is engaged in several initiatives to work cooperatively with
the private sector, principally in the area of information
sharing. First, the NIPC, in conjunction with the private
sector, has developed an initiative call "InfraGard"
to expand direct contacts with the private sector infrastructure
owners and operators and to share information about cyber
intrusions, exploited vulnerabilities, and infrastructure
threats. The initiative encourages and facilitates the exchange
of information by government and private sector members through
the formation of local InfraGard chapters within the jurisdiction
of each FBI Field Office. Chapter membership includes representatives
from the FBI, private industry, other government agencies,
state and local law enforcement, and the academic community.
The critical component of InfraGard is the ability of industry
to provide information on intrusions to the NIPC and to the
local FBI Field Office, using secure communications, in both
a "sanitized" and detailed format. The local FBI
Field Offices can, if appropriate, use the detailed version
to initiate an investigation; the NIPC, in turn, can analyze
that information in conjunction with other law enforcement,
intelligence, and industry information to determine if the
intrusion is part of a broader attack on numerous sites. The
Center can simultaneously use the sanitized version to inform
other members of the threat and the techniques used, without
compromising the confidentiality of the reporting company.
The secure website also contains a variety of analytic and
warning products that we make available to the InfraGard community.
We believe InfraGard, once fully
implemented, will be a significant step forward in enhancing
the ability of the private sector and the government to share
information with each other. The government has access to
unique sources of information through its intelligence and
law enforcement activities. These need to be shared, in appropriately
sanitized form, with private sector owners and operators so
that they can protect themselves against threats that we become
aware of. Conversely, the private sector is often the victim
of cyber attacks and threats that are highly relevant to our
mission to protect that nation's critical infrastructures
from attack. Only by bringing these governmental and private
sources of information together can we get a sense of the
full picture of threats and incidents, draw linkages, and
engage in effective "indications and warning" regarding
cyber attacks. In contrast to efforts to share information
solely within one industry sector, InfraGard provides a vehicle
for sharing information across sectors and between the government
and industry generally.
A second effort involving cooperation
with the private sector is the Key Asset Initiative (KAI).
A key asset can be defined as an organization, system, group
of organizations or systems, or physical plant, the loss of
which would have widespread and dire economic or social impact
on a national, regional, or local basis. The KAI initially
involves determining which assets are "key" within
the jurisdiction of each FBI Field Office and obtaining 24-hour
points of contact at each asset in case of an emergency. Eventually,
contingent on future funding, the KAI will include the development
of contingency plans to respond to attacks on each asset,
exercises to test response plans, and modeling to determine
the effects of an attack on particular assets. FBI Field Offices
are responsible for developing a list of the assets within
their respective jurisdictions, while the Center maintains
a national database. This initiative serves the critical needs
of developing lists of the key assets within each critical
infrastructure and also of developing the communications and
liaison links necessary for the collection of information
and the dissemination of warnings to the infrastructure owners
and operators.
Another initiative is a pilot
program we have developed with the North American Electrical
Reliability Council (NERC) to develop an "Indications
and Warning" System for physical and cyber attacks. Under
the pilot program, electric utility companies and other power
entities transmit incident reports to the NIPC. These reports
are analyzed and assessed to determine whether an NIPC alert,
advisory, or assessment is warranted to the electric utility
community. Electric power participants in the pilot program
have stated that the information and analysis provided by
the NIPC back to the power companies make this program especially
worthwhile. NERC has recently decided to expand this initiative
nationwide. We see this initiative as a good example of government
and industry working together to share information and it
is our expectation that the Electrical Power Indications and
Warning System will provide a model for the other critical
infrastructures. We are currently working with industry on
developing an Indications and Warning program for the telecommunications
sector.
The NIPC has also been working
on a set of outreach conferences under the auspices of the
Department of Justice and the Information Technology Association
of America. In April, 2000 the Attorney General, representatives
from the NIPC, Special Agents from FBI Field Offices, and
other law enforcement officials met with west coast industry
representatives at Stanford University. Last month, we met
with east coast industry representatives at EDS in Herndon,
Virginia. At both conferences the Attorney General stressed
ways that industry and law enforcement need to work together
against computer hackers and intrusions. It was clear at both
conferences, too, that industry wants a good, cooperative
relationship with law enforcement to share information about
threats and incidents, and to investigate cyber attacks successfully.
A number of initiatives stemming from those conferences are
currently underway to further this cooperative relationship.
NIPC representatives spend a
significant portion of our time speaking across the country
and around the world to private sector and government groups,
as part of our effort to raise awareness about the cyber threat
and to foster cooperation between industry and law enforcement.
For example, we have recently participated in meetings of
the National Security Telecommunications Advisory Committee
(NSTAC), a private sector advisory committee to the President
whose purpose is to provide advice and expertise on national
security and emergency preparedness telecommunications policy);
the System Administration, Networking, and Security (SANS)
Institute, a cooperative research and education organization
founded in 1989 for the purpose of sharing information among
system administrators, security professionals, and network
administrators; the Information Security Forum, an association
of organizations who share best practices and other solutions
to information security problems; the National Governors Association;
the American Society for Industrial Security (ASIS), a 32,000
member organization for professionals responsible for security;
and the American Bar Association (ABA).
Finally, the NIPC is working
with the Critical Infrastructure Assurance Office in the Department
of Commerce on outreach initiatives. All of these efforts
are critical to the goal of building a partnership between
industry and the government for the purpose of securing our
nation's critical infrastructures and reducing our vulnerability
to cyber crime.
NIPC and International Cooperation
Most pertinent to this hearing
is the issue of cooperation across national borders. A typical
cyber investigation can involve victim sites in multiple states
and often many countries, and can require tracing an evidentiary
trail that crosses numerous state and international boundaries.
Even intrusions into U.S. systems by a perpetrator operating
within the U.S. often require international investigative
activity because the attack is routed through Internet Service
Providers and computer networks located outside the United
States. When evidence is located within the United States,
we can subpoena records, conduct electronic surveillance,
execute search warrants, seize evidence, and examine it. We
can do none of those things ourselves overseas to solve a
U.S. criminal case. Instead, we must depend on the local authorities
to assist us. This means that effective international cooperation
is essential to our ability to investigate cyber crime.
International investigations
pose special problems. First, while the situation has improved
markedly in recent years, many countries lack substantive
laws that specifically criminalize computer crimes. This means
that those countries often lack the authority not only to
investigate or prosecute computer crimes that occur within
their borders, but also to assist us when evidence might be
located in those countries. Moreover, the quickly evolving
technological aspects of these investigations can exceed the
capabilities of local police forces in some countries. Finally,
even when countries have the requisite laws and have developed
the technical expertise necessary to conduct cyber investigations,
successful investigation in this arena requires more expeditious
response than has traditionally been the case in international
matters, because electronic evidence is fleeting and, if not
secured quickly, can be lost forever.
NIPC International Outreach
The NIPC is working with its
international partners on several fronts to address the issues
outlined above. The first area consists of outreach activities
designed to raise awareness about the cyber threat, encourage
countries to address the threat through substantive legislation,
and provide advice on how to organize to deal with the threat
most effectively. Almost weekly the NIPC hosts a foreign delegation
to discuss topics ranging from current cases to the establishment
of NIPC-like entities in other nations. Since the NIPC was
founded, Japan, the United Kingdom, Canada, Germany, and Sweden
have formed or are in the process of forming interagency entities
like the NIPC. The NIPC has briefed visitors from the United
Kingdom, Germany, France, Norway, Canada, Japan, Denmark,
Sweden, Israel, and other nations over the past year. In addition,
to promote understanding of the NIPC mission, an "open
house" for embassy personnel was held in March 2000.
Abroad, the FBI's Legal Attaches
(Legats) are often the first officials contacted by foreign
law enforcement should an incident occur. We are providing
training to our Legats on how to coordinate computer intrusion
and infrastructure protection matters with us to make them
more effective. In addition, NIPC personnel are in almost
daily contact with Legats around the world to assist in coordinating
requests for information.
NIPC International Training
In order to help make our foreign
partners more capable to assist our international investigations
and to address cyber crime within their own countries, the
NIPC has also provided training to investigators from several
nations. Much of this training takes place at the International
Law Enforcement Academies in Budapest, Hungary and Bankok,
Thailand. In addition, a small number of select international
investigators receive training in NIPC sponsored classes in
the United States. The NIPC also holds workshops with other
nations to share information on techniques and trends in cyber
intrusions. For example, in September 1999 the NIPC sponsored
an International Cyber Crime Conference in New Orleans to
provide training to international law enforcement officers
and forge links between foreign law enforcement officers and
personnel representing: the NIPC, FBI field offices, FBI Legats,
the U.S. Secret Service, the Naval Criminal Investigative
Service, the Air Force Office of Special Investigations, and
the U.S. Postal Inspection Service.
The G-8 High-Tech Crime Working
Group
Another international initiative
that the NIPC has been involved in is the G-8's High-Tech
Crime Subgroup of the G-8 "Lyon Group." A representative
of the NIPC serves as a member of the United States delegation
to the Subgroup, which has been considering several issues
concerning international cyber crime investigations, including
the establishment of a 24/7 high-tech crime points of contact
network, international training conferences, review of legal
systems in G-8 countries, and the development of the G-8 principles
on transborder access to stored computer data.
The 24/7 high-tech points of
contact network was established in March 1998. Each of the
G-8 countries identified a point of contact for law enforcement
in each of their respective countries. These contacts are
required to be available twenty-four hours a day, seven days
a week, in order to respond to requests for assistance in
important high-tech crime investigations in which electronic
evidence may either be altered or destroyed.
With regard to training, the
subgroup hosted an international computer crime training conference
in November 1998, for law enforcement investigators of the
G-8 countries. This conference addressed law enforcement issues
relating to high-tech crime investigations and the technical
issues involved in these specific types of investigations.
In addition, the subgroup has compiled a collection of the
substantive and procedural laws regarding computer crimes
in each of the G-8 countries. Regarding the critical issue
of transborder access to stored data, the subgroup has provided
recommendations for principles of transborder access to stored
computer data. In addition, the subgroup has written principles
that provide a mechanism to secure the rapid preservation
of stored data in computer systems. These recommendations
will attempt to prevent instances where computer data of possible
evidentiary value is altered or deleted while a formal request
for assistance under a Mutual Legal Assistance Treaty (MLAT)
is processed. Lastly, the G-8 subgroup has referred the task
of developing common terms and common formats for forensic
requests and developing international standards for the retrieval
and processing of electronic evidence to the International
Organization of Computer Evidence (IOCE), which has representation
in most of the G-8 countries.
In May 2000, the NIPC attended
a G-8 industry/law enforcement conference in Paris, France.
This meeting, which included individuals representing industry
and consumer groups, was structured to allow both industry
and law enforcement officials to share ideas and concerns
regarding the security of the Internet. Each participating
country's contingent consisted of industry and government
representatives, from a variety of agencies, and each country
had one industry and one government representative make a
presentation to the group about issues concerning their nation.
Government officials were sensitized to the concerns of both
industry and consumers, and industry and the public representatives
were exposed to some of the challenges facing law enforcement
and other government agencies in their struggle to provide
a safe, secure environment for e-commerce. A subsequent meeting
building on the success of the Paris forum is planned for
October 2000.
The NIPC and International
Investigations
Since the creation of the NIPC
in February 1998, we have seen a significant increase in the
number of investigations requiring international cooperation.
The NIPC has provided an effective vehicle for coordinating
these investigations. I will provide a few examples to demonstrate
the issues raised by such investigations and how they have
been addressed by the NIPC.
One example is the Solar Sunrise
case, the code name for a multi-agency investigation of intrusions
into more than 500 military, civilian government, and private
sector computer systems in the United States during February
and March 1998. These intrusions occurred just as the NIPC
was being established. The intrusions took place during the
build-up of United States military personnel in the Middle
East in response to tensions with Iraq over United Nations
weapons inspections. The intruders penetrated at least 200
unclassified U.S. military computer systems, including seven
Air Force bases and four Navy installations, Department of
Energy National Laboratories, NASA sites, and university sites.
The timing of the intrusions, and the fact that some activity
appeared to come from an ISP in the Middle East, led many
U.S. military officials to suspect that this might be an instance
of Iraqi information warfare. The NIPC coordinated an extensive
interagency investigation involving FBI Field Offices, the
Department of Defense, NASA, Defense Information Systems Agency,
Air Force Office of Special Investigations, the Department
of Justice, and the Intelligence Community. Internationally
the NIPC worked closely with the Israeli law enforcement authorities.
Within several days, the investigation determined that two
juveniles in Cloverdale, California, and individuals in Israel
were the perpetrators. This case demonstrated the critical
need for an interagency center to coordinate our investigative
efforts to determine the source of such intrusions and the
need for strong international cooperation. Israeli authorities
are preparing to prosecute the chief defendant in their case
in the summer of 2000.
More recent cases demonstrate
how much international cooperation has improved in this area.
In February 2000, the NIPC received reports that CNN, Yahoo,
Amazon. Com, e-Bay, and other e-commerce sites had been subject
to "Distributed Denial of Service" (DDOS) attacks.
The NIPC had issued warnings in December 1999 about the possibility
of such attacks, and even created and released a tool that
victims could use to detect whether their system had been
infiltrated by an attacker for use against other systems.
When attacks did occur in February, companies cooperated with
the NIPC and our National Infrastructure Protection and Computer
Intrusion Squads in several FBI field offices (including Los
Angeles and Atlanta) and provided critical logs and other
information. Within days, the FBI and NIPC had traced some
of the attacks to Canada, and subsequently worked with the
Royal Canadian Mountain Police to identify the suspect. The
Royal Canadian Mounted Police (RCMP) arrested a juvenile subject
in April 2000, and charges are expected to be brought shortly
for at least some of the attacks. The unprecedented speed
and scope of this investigation was evidence of the great
improvement made in our ability to conduct large scale, complex
international investigations.
Another example involves the
compromise between January and March 2000 of multiple e-commerce
websites in the U.S., Canada, Thailand, Japan and the United
Kingdom by a hacker known as "Curador." Curador
broke into the sites and apparently stole as many as 28,000
credit card numbers, with losses estimated to be at least
$3.5 million. Thousands of credit card numbers and expiration
dates were posted to various Internet websites. After an extensive
investigation, on March 23, 2000, the FBI assisted the Dyfed
Powys (Wales, UK) Police Service in a search at the residence
of "Curador," whose real name is Raphael Gray. Mr.
Gray, age 18, was arrested in the UK along with a co-conspirator
under the UK's Computer Misuse Act of 1990.
This case was predicated on
the investigative work by the FBI, the Dyfed Powys Police
Service in the United Kingdom, Internet security consultants,
the RCMP, and the international banking and credit card industry.
This case illustrates the benefits of law enforcement and
private industry, around the world, working together in partnership
on computer crime investigations.
Most recently, companies and
individuals around the world by the "Love Bug,"
a virus (or, technically, a "worm") that traveled
as an attachment to an e-mail message and propagated itself
extremely rapidly through the address books of Microsoft Outlook
users. Investigative work by the FBI's New York Field Office,
with assistance from the NIPC, traced the source of the virus
to the Phillippines within 24 hours. The FBI then worked,
through the LEGAT in Manila, with the Phillippines' National
Bureau of Investigation, to identify the perpetrator. The
investigation in the Phillippines was hampered by the lack
of a specific computer crime statute. Nevertheless, Onel de
Guzman was charged on June 29, with fraud, theft, malicious
mischief, and violation of the Devices Regulation Act. The
speed with which the virus was traced back to its source is
unprecedented. As a postscript, it is important to note that
the Phillippines' government on June 14, 2000 approved the
E-Commerce Act, which now specifically criminalizes computer
hacking and virus propagation.
In addition to the matters mentioned
above, we are currently working on numerous cases that require
international cooperation. Because these are all pending matters,
I cannot comment on them in this hearing. But I can say that
the percentage of cases with an international element is increasing
significantly.
These cases all illustrate the
tremendous progress that has been made in the international
arena. Countries around the world are addressing the cyber
crime problem by creating new computer crime laws, establishing
organizations and capabilities to handle investigations, and
forging ties across international borders to facilitate investigations.
While much work remains to be done, we can point with pride
to the considerable advances that have been made in a very
short time to strengthen international cooperation against
cyber crime.
Conclusion
Cooperation among governments
and between government and industry is the key to combating
crime in cyberspace and making the Internet a safe and secure
environment for e-commerce and communications. The NIPC has
played an important role in fostering such cooperation. With
the support of this committee and Congress as a whole, we
hope to continue to build on this success.
Thank you.
|