GUEST ESSAY: The many channels law enforcement pursues to mitigate cyber threats

By Demetrice Rogers

Throughout 2023, we’ve witnessed numerous significant cyber incidents. One of the largest this year was the MOVEit breach, which impacted various state motor vehicle organizations and exposed driver’s license information for nearly 9.5 million individuals.

We have also seen ransomware outbreaks at MGM and Caesar’s Casino, causing losses in the millions of dollars and targeted assaults on the healthcare sector, affecting over 11 million patients.

These attacks are leading to a record number of personally identifiable information posted on the Dark Web, a portion of the internet that is hidden and provides anonymity to its users. Many individuals are curious about the strategies employed by law enforcement agencies to monitor and respond to these threats.

Threat intel sharing

Law enforcement agencies depend on multiple channels to aid their efforts against cyber threats. The primary source is the affected organization or individual. Cybersecurity experts determine the required support level when a cyberattack is reported to a local law enforcement agency. Larger-scale attacks may involve collaboration with various federal agencies for assistance and resolution.

One notable agency is the Cybersecurity & Infrastructure Security Agency (CISA,) often recognized as “America’s Cyber Defense Agency,” which offers extensive resources to support local law enforcement in handling cyberattacks. Reporting these incidents, regardless of size, is crucial in proactively preventing similar cyberattacks for individuals and organizations.

Rogers

Reported attacks help build a threat intelligence feed that organizations and law enforcement agencies monitor worldwide. Threat intelligence information equip agencies with valuable resources, offering immediate or nearly immediate insights into emerging threats, vulnerabilities and cyberattacks. This early warning tool aids in the preparedness of organizations or individuals for an impending cyberattack.

Dark Web presence

Another source that law enforcement agencies monitor is the Dark Web, which has become a haven for illegal activities, allowing cybercrime enterprises to operate on underground forums and websites. Embedded cybercrime units within law enforcement closely track criminal and cyber gangs by tracing their actions on the dark web.

It’s worth noting that numerous attacks are initially reported on this platform, often before an organization becomes aware of the breach. By monitoring the dark web, law enforcement agencies can notify an organization that they may be a victim, allowing for possible incident response to stop the attack from spreading.

Law enforcement agencies also partner with private sector entities like Internet Service Providers (ISPs) and financial institutions to detect and monitor ongoing cyberthreats. ISPs have a critical function as they can observe the network traffic flowing through their systems and promptly report any identified malicious items.

Financial institutions report suspected cybercrime incidents to law enforcement agencies to assist with investigations and the possibility of recovering monetary funds lost during the incident.

Global cooperation

Lastly, one of the most significant partnerships agencies have is the collaboration with international partners. Global law enforcement agencies share information on recent attacks, trends and vulnerabilities. Because cyberattacks have no borders, partnering with other nations has proven to be a dependable source of valuable insights to combat cyber threats.

With the increasing number of cyberattacks worldwide, law enforcement agencies have come to a clear realization regarding the need for cybersecurity experts. These agencies are making considerable strides to strengthen their current cybercrime units by actively recruiting more professionals in the field. This recruitment drive aims to enhance their monitoring capabilities and response to cyberthreats.

One of the most fundamental actions an individual or organization can do to help law enforcement agencies is to report the incident. Fostering a collaborative and proactive relationship between individuals, organizations and law enforcement agencies in the battle against cybercrime is critical to ensure a safer online landscape for everyone.

About the essayist:  Demetrice Rogers, cybersecurity professional and adjunct professor at Tulane University’s School of Professional Advancement.

November 8th, 2023