All 56 FBI field offices have enlisted private businesses around the nation in a program to share information about computer crime and how to thwart and react to it, the bureau said Friday.
The program, known as InfraGard and established by the FBI's National Infrastructure Protection Center, now has 518 company members. They range from giants like IBM to tiny startup companies and even include some foreign companies that do business in the United States.
"We need to build trust and understanding between the private sector and law enforcement," Attorney General Janet Reno said. Such contacts are "nowhere more important than in our efforts to protect the national information infrastructure."
Michael Vatis, director of the infrastructure protection center, said, "The government cannot go it alone" because most crucial computerized information networks in telecommunications, energy, banking and finance are privately owned.
He said the four-year effort to expand InfraGard from a pilot program in Cleveland to a nationwide effort had already borne fruit. "You hear that industry simply won't share information with the government," Vatis said, referring to corporations' fears that disclosing computer intrusions could undermine the confidence of their customers and investors.
But Vatis said that, thanks to expanded reporting from businesses, FBI computer intrusion investigations had grown from 450 to 1,200 over the past three years.
He said the program has helped dispel fears that agents investigating an attack will seize computers from cooperating companies. "We don't victimize the victims by shutting down their companies," Vatis said.
The FBI provides the businesses in InfraGard with secure Web sites, open only to member companies, and with secure e-mail systems on which to exchange information about new threats, countermeasures, technical vulnerabilities and incidents. "Companies can feel comfortable and share only as much information as they want," Vatis said.
Last fall, a report to an FBI field office by an InfraGard member company allowed the bureau to warn more than 100 companies that their computers may have been harboring programs, known as zombies, planted by intruders for use later in attacking other computers by remote control, Vatis said. He would not name the cooperating company, noting that the bureau will preserve the anonymity of companies that wanted their identities withheld.
Mickey Bauer, a security analyst for the Federal Reserve Bank of Cleveland and interim president of InfraGard's board, said that the FBI and the companies share the goals of building working relationships and trust, sharing technical information and expertise, preventing incidents and responding effectively to those that cannot be prevented.
Vatis said the bureau currently sees hackers penetrate Web sites for fun or to send political messages; organized criminal groups steal credit card number or proprietary data or commit extortion; and foreign spies hunt secrets.
Terrorist groups have begun discussing using computers for their ends, but the bureau has not seen them take such actions yet, Vatis said.
©MMI The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed