Secret Service Launching Private-Sector Cyber Crime Council

Standard
Image: U.S. Secret Service (Twitter)

The 16-member federal advisory committee (FAC) will be the first one ever for the investigative unit, which focuses on financial crimes such as counterfeiting, card-skimming and other forms of fraud.

_____________________________________________________________________________

“Previous FACs all have been established for the Secret Service’s more widely known protection mission, which provides security for U.S. presidents and other dignitaries.

Invitations for the FAC were sent earlier this month. Jonah Hill, a senior cyber policy advisor at the Secret Service, who will be executive director of the board, declined to name the other members of the FAC during an interview with CyberScoop. The move comes as the Secret Service — like most high-level law enforcement agencies — is trying to adapt as crooks move from one digital tool to the next.

“Cybercriminals are constantly changing their tactics and their targets … law enforcement must be equally persistent in our efforts to combat these ever-evolving criminal groups,” Secret Service Deputy Director Leon Newsome told CyberScoop.

The goal is to help the investigative unit “think outside of the box” in fighting cybercrime and how the Secret Service trains to combat it, Hill said.

“What we’re trying to do is get a diverse set of viewpoints and experience and expertise from industry, from academia, from state and local government, really to kind of get a holistic picture of some of the threats we face and some of the approaches the Secret Service can take to combat those threats,” he said.

Hill said the FAC’s members were selected to represent a wide array of experiences. Some of the invited are former Secret Service leaders, he said, and others are law enforcement officers, computer scientists and experts on network security, malware, ransomware, criminal trends, business email compromise, identity theft and credit card theft.

Hill declined to comment on what members of other federal agencies, if any, would participate in meetings. (The Secret Service is part of the Department of Homeland Security.) The first meeting will probably be this summer, he said, after which the board is expected to meet twice annually.

Transnational cybercrime

One area of attention is likely to be foreign governments’ practice of tapping of talented cybercriminals to do their bidding, which has presented challenges for U.S. crime-fighters as they seek to coordinate with law enforcement entities abroad to take down transnational groups.

“There’s a growing trend of a confluence between nation-state criminal actors, whether those actors are acting at the behest of government, or for the protection of government, or if governments are turning a blind eye to them,” Hill said. “To the extent that this group can help us navigate those waters we will certainly turn to them for their guidance.”

Hill declined to say which nation-state hackers the Secret Service wants the CIAB to provide guidance on explicitly.

Encryption issues and more

The Secret Service is also seeking outside expertise to help it maneuver U.S. government tech-policy changes that may be on the horizon. The Trump administration’s concerns about end-to-end encryption of email and messaging software, in particular, has stirred up the perennial debate in recent months about what to do when criminals “go dark” online. The White House, Congress, federal law enforcement agencies and Silicon Valley powerhouses like Facebook and Apple all have a stake in the debate.

“It’s really [about] understanding, helping us work through as the encryption debate advances … helping us prepare for whatever changes in either encryption law or industry approaches to encryption,” Hill told CyberScoop. “However those debates evolve, we want to be prepared to meet the challenge.”

The Secret Service doesn’t intend to advocate one way or the other on encryption, Hill said; the board will track other policy issues that affect the agency’s investigations, including privacy rules and data breach notification requirements, he said.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s