[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Chef des US Secret Service über Cyber-Wiederaufbau nach dem 11.9. und überhaupt
"Nothing replaces well-trained people."
Darwin, März 2002
The Secret Service's Bob Weaver on Preparing for the New WorldDisorder
On Sept. 11 the office of the Secret Service was destroyed. In two
days, it was fully operational. Bob Weaver, head of the New York
Electronic Crimes Task Force shows what it means to respond to
BY DAINTRY DUFFY
BEST KNOWN AS THE protectors of presidents, the U.S. Secret Service
(USSS) are often seen as the men and women in dark suits and
impenetrable glasses running alongside limousines and walking two
steps behind world leaders. But when the USSS was created in 1865, its
mission was to safeguard the nation's financial payment systems from
fraud, counterfeiting and exploitation. These days, technology is
often the facilitator of these crimes, so understanding and using
technology for the detection and prevention of computer crime has
become an integral part of the USSS's mission.
In 1995, the New York Electronic Crimes Task Force (NYECTF), a
division of the USSS, was developed specifically to help companies
beef up their cybersecurity. It's worked so well in New York that the
newly passed Patriot Act calls for the Secret Service to establish
similar groups across the nation to prevent electronic crime. Groups
are currently being formed in Boston, Charlotte, N.C., Chicago,
Cleveland and Columbia, S.C. Bob Weaver, the assistant special agent
in charge of the task force in New York City, has overseen the
training of more than 20,000 individuals in security awareness, best
practices and contingency planning for security crises. On Sept. 11,
Weaver and his team found themselves on the front line of a real-life
security emergency when their offices at 7 World Trade Center came
crashing down. Weaver's hard work at educating the corporate community
about security paid off in spades when NYECTF members showed up in the
days and hours that followed to work round-the-clock and rebuild his
group. We talked with Weaver about weathering the attack, the effect
it has had on corporate security, the renewed responsibilities CEOs
face to provide security leadership, and how making friends with their
peers could be the most important business decision CEOs make.
Darwin: In the wake of Sept. 11, is there a renewed sense of
patriotism and responsibility that carries over to business? Do
companies now have a larger responsibility to share information about
Weaver: The president has decided that homeland security is a
Cabinet-rank position, and I would suggest that companies should take
that into consideration. If significant portions of the critical
infrastructure go down and it was preventable, then what have we
achieved as a community? Have we failed or succeeded? Reach within
your means to help support and coordinate what can affect you, your
company and your community. Certainly the NYECTF could not have held
up by itself, and I will freely admit to you that because [those
companies] extended themselves beyond their obligations, we were
If businesses partner with government and industry experts to share
security information and fight breaches, how do they benefit?
Well, I don't want to say that you become bulletproof, but you become
stronger tenfold. [Business and government] run parallel to each
other, and where there is common ground, value or mutually beneficial
situations is where we need to come together.
What did your task force do to help companies deal with security risks?
We created a no-strings-attached cyber- and physical security risk
management survey that we give to companies for free. [To download a
copy of the NYECTF security survey, go to the Helpful Links section of
its site at www.ectaskforce.org.] We will help them with it, or they
can do it on their own. When we're in our protection mode-for major
events like the Olympics-we go to great lengths to protect the
critical infrastructure of the community. We check the
telecommunications, water, oil, gas, electricity, emergency services
and transportation. All of these things are outlined in the survey.
It also addresses cybersecurity issues: from just simply backing up
data, to putting up firewalls, to updating viruses and monitoring
What is the role of CEOs in their company's security?
That's very important. I would say to the CEO that his or her senior
executives need to be represented [in a cross-functional security
committee] so that communication about security happens right at the
top of the company. That way the CEO understands what stage the
company is in regarding security planning and where it needs to be
because this is a work in progress. None of this stuff is cast in
stone. That's why senior executives have to be involved in the
process-because it will be fluid, it will change, and it will evolve.
In most companies, cybersecurity is an IS issue, and physical security
is a facility issue. Is this division of security the right approach?
Some people call it enterprise protection planning; some people call
it risk management. But I recommend to companies that directors of
security, CIOs and CEOs consider that streamlining [cyber- and
physical security] can provide them an extra level of fast-track
communication when times get tough. Better coordination and
communication between them is good business. In the corporate world,
we're seeing an awakening in which those two components are coming
Has the mission of the New York Electronic Crimes Task Force changed
given the emphasis on security?
Our mission hasn't changed since Sept. 11, but it has been
rededicated. We're more highly motivated now. We know what it's like
when a company goes down because we were down. We had our quarterly
meeting recently, and at that meeting were 550 people. Almost 70
percent of those individuals were from corporations. That tells you
the stakes are high. And these are very talented people who
How does the task force feed its member companies information about
We've created a Listserv of the participating members of the task
force and a running dialogue of current cases, current schemes to
defraud, criminal enterprises and viruses. Carnegie Mellon is on the
task force, and they run the computer emergency response team
coordination center, so we let them do the notifications. For more
critical conversations, members can go offline and contact each other
Did the attacks raise the bar on the level of security that companies
should aim for? How does a company know when it has enough security?
Well, imagine getting up from your desk right now, walking out the
door and running for your life while everything you left behind is
destroyed. Then tomorrow, go back to work. When you can stand up under
that battle-tested environment and actually go to work the next day,
then you'll know that you have a robust and redundant system that can
come only from preincident planning. You cannot make that up as you go
along-that would be like trying to change the tire on a car as you're
driving down the road. You've got to set policies and procedures at
the strategic, tactical and operational levels while protecting your
information and your intellectual property. Companies that don't do
this are risking everything every day.
To what degree have you found most companies and CEOs willing to seek
help and share information?
>From my experience, all of that is based on trust and confidence.
It's very difficult to call up a stranger and tell him about the crown
jewels. If you have a preexisting relationship, that becomes a very
important component when times are tough. If you look at Secret
Service credentials, they tell you that the agent in front of you is
worthy of trust and confidence. It's not about controlling or
dictating partnerships, it's about caring about what's in companies'
Is trust a stumbling block when companies are competitors and you're
trying to foster an open discussion about security?
Companies usually come to us as a referral from an existing member.
We don't have memorandums of understanding or nondisclosure
agreements. We don't sign any paperwork. We believe that there are
policies and procedures in place now-criminal laws and civil laws-that
protect both of us. If I have to ask you to sign a 35-page document
before I can talk to you, maybe we can't do business.
Because there's not going to be complete honesty there?
Having different objectives doesn't mean we can't be completely
honest. But I would suggest to you that this group is the last place
on earth that you'd want to come to destroy your reputation, end your
professional career or steal intellectual property. You'll have just
announced to the world-100 to 200 of the top high-speed companies-that
you cannot be trusted, that you may be a crook or a thief.
In testimony before Congress last October you mentioned the Secret
Service recognizes that information sharing between law enforcement
and the private sector must shift. What kind of relationship do you
hope to build between the two groups?
The way that we conduct business is the shift I'm referring to where
relationships and partnerships are the watchwords and the high
watermarks that we need to be at. Firemen do it right. They don't
really want to be at your house to put out a fire. Instead they go to
great lengths to educate with regard to fire prevention. But if you
need them, call, and they'll be there. I think that's a good lesson
for all of us. We believe in crime prevention; we believe in
cybercrime prevention-and the best way to do that is to share
What happened to your group after losing your offices at 7 World Trade
For a long time it was our job to take care of the [business]
community, and we never thought the community would have to take care
of us, but that's what happened on Sept. 11. We had total
catastrophic failure. Everything was destroyed-from tables and chairs
to vehicles, computers and phones. We lost all of our information at
that location. Our data is backed up and stored at a remote location,
so that was all recoverable, but no hard copy or hard drive data was
recovered from 7 World Trade. Yet we were able to rebuild within 48
hours, and in seven days we were twice as strong with robust and
redundant wireless communications and computer network capabilities. I
attribute that to the partnerships we had formed with the companies in
They rebuilt us from the ground up. I'm not just talking about regular
people showing up. I'm talking about presidents, CEOs and CIOs showing
up to help us. When it's 2 or 3 o'clock in the morning and the CEO or
CIO of a company is connecting computers and building firewalls, it's
All the companies that came to your rescue were members of the NYECTF.
Had you contracted with any of them ahead of time, or were they coming
strictly out of friendship?
They're participating members of the task force, but they gave back to
us of their own volition. We can't require the private sector to do
anything unless mandated by law. They came without being called.
How important is it for companies to have those kinds of relationships
with service providers before tragedy strikes?
If you want to talk about due diligence, best practices and risk
management, companies should have a contingency plan in effect. And if
that involves third-party contractors, coalitions or alliances that
they have set up, I think it's a very smart thing to do. Equipment,
resources and contingency plans are important because if they're not
in place, you risk everything. So I would say to any company-small,
medium, large or global-have a plan in effect to fall back on.
Are there lessons that you learned from your experience?
Nothing replaces well-trained people. But the events aren't always
going to be catastrophic. We sit down and have debriefings to discuss
what we could do better every time [a security breach] happens. It's a
powerful way to take lessons learned and turn them into action items.
On Sept. 11 we had a relocation plan, a contingency plan, an
evacuation plan, a communications plan and a network plan. These
things need to be up and running in a time-sensitive way. That's where
the companies stepped in to help us. That's the difference between
being operational in 48 hours and 48 days.
Eric Wolbrom, CISSP Safe Harbor Technologies
President & CIO 190 Goldens Bridge Ct.
Voice 914.767.9090 ext. 6000 Katonah, NY 10536
Fax 914.767.3911 http://www.shtech.net
This electronic transmission and the documents accompanying it
contain information from Safe Harbor Technologies, LLC which is
confidential. The information is intended only for the use of the
individual or entity named on herein. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or the taking of any action in reliance on the contents
of this email is strictly prohibited, and that the documents should
be returned to this firm immediately so that we can arrange for the
return of the original documents at no cost to you.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo -!
- attrition -
org with 'unsubscribe isn' in
of the mail.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.