Incident Response Plan

Law Enforcement Involvement

When an incident or disaster violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. Selecting the appropriate law enforcement agency depends on the type of crime committed. The Federal Bureau of Investigation (FBI), for example, handles computer crimes that cross state lines and investigates terrorism and cyberterrorism, which can include attacks against businesses and other organizations. The U.S. Secret Service examines crimes involving U.S. currency, counterfeiting, credit cards, and identity theft. The U.S. Treasury Department has a bank fraud investigation unit, and the Securities and Exchange Commission has investigation and fraud control units as well. However, the heavy caseloads of these agencies mean that they typically prioritize incidents that affect the national critical infrastructure or that have significant economic impact. The FBI Web site, for example, states that it has “built a whole new set of technological and investigative capabilities and partnerships—so we’re as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents.” It then describes some of these capabilities and partnerships:

• A “Cyber Division” at FBI headquarters to address cybercrime in a coordinated and cohesive manner

• Specially trained “cyber squads” at FBI headquarters and in each of our 56 field offices, staffed with agents and analysts who protect against and investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud

• New “Cyber Action Teams” that travel around the world on a moment’s notice to assist in computer intrusion cases and that gather vital intelligence that helps us identify the cybercrimes that are most dangerous to our national security and to our economy

• Our 93 “Computer Crimes Task Forces” nationwide that combine state-of-the-art technology and the resources of our federal, state, and local counterparts

• A growing partnership with other federal agencies, including the Department of Defense, the Department of Homeland Security, and others—which share similar concerns and resolve in combating cyber crime *

  Federal Bureau of Investigation. “Computer Intrusions.” Accessed 7/13/15 from www.fbi.gov/about-us/investigate/cyber/computer-intrusions.

Each state, county, and city in the United States has its own law enforcement agencies. These agencies enforce all local and state laws, and they handle suspects and security at crime scenes for state and federal cases. Local law enforcement agencies rarely have computer crimes task forces, but the investigative (detective) units are quite capable of processing crime scenes and handling most common criminal violations, such as physical theft or trespassing as well as damage to property, and including the apprehension and processing of suspects in computer-related crimes.

Involving law enforcement agencies has both advantages and disadvantages. Such agencies are usually much better equipped to process evidence than a business. Unless the security forces in the organization have been trained in processing evidence and computer forensics, they may do more harm than good when attempting to extract information that can lead to the legal conviction of a suspected criminal. Law enforcement agencies are also prepared to handle the warrants and subpoenas necessary when documenting a case. They are adept at obtaining statements from witnesses, affidavits, and other required documents. For all these reasons, law enforcement personnel can be a security administrator’s greatest ally in prosecuting a computer crime. It is therefore important to become familiar with the appropriate local and state agencies before you have to make a call to report a suspected crime. Most state and federal agencies sponsor awareness programs, provide guest speakers at conferences, and offer programs such as the FBI’s InfraGard program, which is currently assigned to the Department of Homeland Security’s Cyber Division. These agents clearly understand the challenges facing security administrators.

For more information on the InfraGard program, including how to find a chapter near you, visit their Web site at www.infragard.net.

The disadvantages of law enforcement involvement include possible loss of control over the chain of events following an incident—for example, the collection of information and evidence and the prosecution of suspects. An organization that simply wants to reprimand or dismiss an employee should not involve a law enforcement agency in the resolution of an incident. Additionally, the organization may not hear about the case for weeks or even months due to heavy caseloads or resource shortages. A very real issue for commercial organizations that involve law enforcement agencies is the confiscation of vital equipment as evidence. Assets can be removed, stored, and preserved to prepare the criminal case. Despite these difficulties, if the organization detects a criminal act, it has the legal obligation to notify appropriate law enforcement officials. Failure to do so can subject the organization and its officers to prosecution as accessories to the crimes or for impeding the course of an investigation. It is up to the security administrator to ask questions of law enforcement agencies and determine when each agency should be involved, and specifically to determine which crimes will be addressed by each agency.

Listen webReader by ReadSpeaker

• Settings
• Reading LanguageAmerican English - Female - Selected American English - Male Australian English British English
• Read on Hover
• Enlarge Text
• Text Mode
• Page Mask
• Download mp3
• Help

Open/close toolbar