February 16, 2000 Statement for the Record of Louis J. Freeh, Director Federal Bureau of Investigation on Cybercrime Before the Senate Committee on Appropriations Subcommittee for the Departments of Commerce, Justice, State, the Judiciary, and Related Agencies Washington, D.C. Ê Good morning, Mr. Chairman and members of the Subcommittee. I am privileged to join Attorney General Reno in this opportunity to discuss cybercrime -- one of the fastest evolving areas of criminal behavior and a significant threat to our national and economic security. Twelve years ago the "Morris Worm" paralyzed half of the Internet, yet so few of us wereconnected at that time that the impact on our society was minimal. Since then, the Internet has grown from a tool primarily in the realm of academia and the defense/intelligence communities, to a global electronic network that touches nearly every aspect of everyday life at the workplace and in our homes. There were over 100 million Internet users in the United States in 1999. That number is projected to reach 177 million in the United States and 502 million worldwide by the end of 2003. Electronic commerce has emerged as a new sector of the American economy, accounting for over $100 billion in sales during 1999, more than double the amount in 1998. By 2003, electronic commerce is projected to exceed $1 trillion. The recent denial of service attacks on leading elements of the electronic economic sector, including Yahoo!, Amazon.com, Ebay, E*Trade, and others, had dramatic and immediate impact on many Americans. I would like to acknowledge the strong support this Subcommittee has provided to the FBI over the past several years for fighting cybercrime. This Subcommittee was the first to support resources -- back in FY 1997 -- for establishing a computer intrusion investigative capability within the FBI. You have generously provided support for our efforts against on-line sexual exploitation of children and child pornography -- the Innocent Images initiative, as well as to develop our Computer Analysis Response Team (CART) program, and the creation of computer crime squads in our field offices. For that support, I would like to say thank you. In my testimony today, I would like to first discuss the nature of the threat that is posed from cybercrime and then describe the FBI's current capabilities for fighting cybercrime. Finally, I would like to close by discussing several of the challenges that cybercrime and technology present for law enforcement. Cybercrime Threats Faced by Law Enforcement Before discussing the FBI's programs and requirements with respect to cybercrime, let me take a few minutes to discuss the dimensions of the problem. Our case load is increasing dramatically. In FY 1998, we opened 547 computer intrusion cases; in FY 1999, that had jumped to 1154. At the same time, because of the opening the National Infrastructure Protection Center (NIPC) in February 1998, and our improving ability to fight cybercrime, we closed more cases. In FY 1998, we closed 399 intrusion cases, and in FY 1999, we closed 912 such cases. However, given the exponential increase in the number of cases opened, cited above, our actual number of pending cases has increased by 39%, from 601 at the end of FY 1998, to 834 at the end of FY 1999. In short, even though we have markedly improved our capabilities to fight cyber intrusions, the problem is growing even faster and thus we are falling further behind. These figures do not even include other types of crimes committed by a computer such as Internet fraud or child pornography on-line. As part of our efforts to counter the mounting cyber threat, the FBI uses both full National Infrastructure Protection and Computer Intrusion squads located in 16 field offices and is developing baseline computer intrusion team capabilities in non-squad field offices. Further, we are establishing partnerships with state and local law enforcement through cybercrime task forces. Cyber Threats Facing the United States The numbers above do not provide a sense of the wide range in the types of cases we see. Over the past several years we have seen a range of computer crimes ranging from simple hacking by juveniles to sophisticated intrusions that we suspect may be sponsored by foreign powers, and everything in between. A website hack that takes an e-commerce site off-line or deprives a citizen of information about the workings of her government or important government services she needs, these are serious matters. An intrusion that results in the theft of credit card numbers or proprietary information or the loss of sensitive government information can threaten our national security and undermine confidence in e-commerce. A denial-of-service attack that can knock e-commerce sites off-line, as we've seen over the last week, can have significant consequences, not only for victim companies, but also for consumers and the economy as a whole. Because of these implications, it is critical that we have in place the programs and resources to confront this threat. The following is a breakdown of types of malicious actors and the seriousness of the threat they pose. Insider Threat. The disgruntled insider is a principal source of computer crimes. Insiders do not need a great deal of knowledge about computer intrusions, because their knowledge of victim systems often allows them to gain unrestricted access to cause damage to the system or to steal system data. The 1999 Computer Security Institute/FBI report notes that 55% of respondents reported malicious activity by insiders. There are many cases in the public domain involving disgruntled insiders. For example, Shakuntla Devi Singla used her insider knowledge and another employee's password and logon identification to delete data from a U.S. Coast Guard personnel database system. It took 115 agency employees over 1800 hours to recover and reenter the lost data. Ms. Singla was convicted and sentenced to five months in prison, five months home detention, and ordered to pay $35,000 in restitution. In January and February 1999 the National Library of Medicine (NLM) computer system, relied on by hundreds of thousands of doctors and medical professionals from around the world for the latest information on diseases, treatments, drugs, and dosage units, suffered a series of intrusions where system administrator passwords were obtained, hundreds of files were downloaded which included sensitive medical "alert" files and programming files that kept the system running properly. The intrusions were a significant threat to public safety and resulted in a monetary loss in excess of $25,000. FBI investigation identified the intruder as Montgomery Johns Gray, III, a former computer programmer for NLM, whose access to the computer system had been revoked. Gray was able to access the system through a "backdoor" he had created in the programming code. Due to the threat to public safety, a search warrant was executed for Gray's computers and Gray was arrested by the FBI within a few days of the intrusions. Subsequent examination of the seized computers disclosed evidence of the intrusion as well as images of child pornography. Gray was convicted by a jury in December 1999 on three counts for violation of 18 U.S.C. 1030. Subsequently, Gray pleaded guilty to receiving obscene images through the Internet, in violation of 47 U.S.C. 223. Hackers. Hackers are also a common threat. They sometimes crack into networks simply for the thrill of the challenge or for bragging rights in the hacker community. More recently, however, we have seen more cases of hacking for illicit financial gain or other malicious purposes. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the World Wide Web and launch them against victim sites. Thus while attack tools have become more sophisticated, they have also become easier to use. The recent denial-of-service attacks are merely illustrations of the disruption that can be caused by tools now readily available on the Internet. Hacks can also be mistaken for something more serious. This happened initially in the Solar Sunrise case, discussed below. Hactivism. Recently we have seen a rise in what has been dubbed "hacktivism"-- politically motivated attacks on publicly accessible web pages or e-mail servers. These groups and individuals overload e-mail servers and hack into web sites to send a political message. While these attacks generally have not altered operating systems or networks, they still damage services and deny the public access to websites containing valuable information and infringe on others' rights to communicate. One such group is called the "Electronic Disturbance Theater," which promotes civil disobedience on-line in support of its political agenda regarding the Zapatista movement in Mexico and other issues. This past spring they called for worldwide electronic civil disobedience and have taken what they term "protest actions" against White House and Department of Defense servers. In addition, during the recent conflict in Yugoslavia, hackers sympathetic to Serbia electronically "ping" attacked NATO web servers. Russians, as well as other individuals supporting the Serbs, attacked websites in NATO countries, including the United States, using virus-infected e-mail and hacking attempts. Supporters of Kevin Mitnick hacked into the Senate webpage and defaced it in May and June of last year. Mitnick had pled guilty to five felony counts and was sentenced in August 1999 to 46 months in federal prison and ordered to pay restitution. Mitnick was released from custody in January 2000 after receiving credit for time served on prior convictions. The Internet has enabled new forms of political gathering and information sharing for those who want to advance social causes; that is good for our democracy. But illegal activities that disrupt e-mail servers, deface web-sites, and prevent the public from accessing information on U.S. Government and private sector web sites should be regarded as criminal acts that deny others their First Amendment rights to communicate rather than as an acceptable form of protest. Virus Writers. Virus writers are posing an increasingly serious threat to networks and systems worldwide. As noted above, we have had several damaging computer viruses this year, including the Melissa Macro Virus, the Explore.Zip worm, and the CIH (Chernobyl) Virus. The NIPC frequently sends out warnings or advisories regarding particularly dangerous viruses. The Melissa Macro Virus was a good example of our response to a virus spreading in the networks. The NIPC sent out warnings as soon as it had solid information on the virus and its effects. On the investigative side, the NIPC acted as a central point of contact for the field offices who worked leads on the case. A tip received by the New Jersey State Police from America Online, and their follow-up investigation with the FBI's Newark Field Office, led to the April 1, 1999 arrest of David L. Smith. Search warrants were executed in New Jersey by the New Jersey State Police and FBI Special Agents from the Newark Field Office. Mr. Smith pleaded guilty to one count of violating Title 18, U.S.C. 1030 in Federal Court. Smith stipulated to affecting one million computer systems and causing $80 million in damage. Criminal Groups. We are also seeing the increased use of cyber intrusions by criminal groups who attack systems for purposes of monetary gain. In September, 1999, two members of a group dubbed the "Phonemasters" were sentenced after their conviction for theft and possession of unauthorized access devices (18 USC ¤1029) and unauthorized access to a federal interest computer (18 USC ¤1030). The "Phonemasters" were an international group of criminals who penetrated the computer systems of MCI, Sprint, AT&T, Equifax, and even the FBI's National Crime Information Center. Under judicially approved electronic surveillance orders, the FBI's Dallas Field Office made use of new data intercept technology to monitor the calling activity and modem pulses of one of the suspects, Calvin Cantrell. Mr. Cantrell downloaded thousands of Sprint calling card numbers, which he sold to a Canadian individual, who passed them on to someone in Ohio. These numbers made their way to an individual in Switzerland and eventually ended up in the hands of organized crime groups in Italy. Mr. Cantrell was sentenced to two years as a result of his guilty plea, while one of his associates, Cory Lindsay, was sentenced to 41 months. The "Phonemaster's" methods included "dumpster diving" to gather old phone books and technical manuals for systems. They then used this information to trick employees into giving up their logon and password information. The group then used this information to break into victim systems. It is important to remember that often "cyber crimes" are facilitated by old fashioned guile, such as calling employees and tricking them into giving up passwords. Good "cyber security" practices must therefore address personnel security and "social engineering" in addition to instituting electronic security measures. Distributed Denial of Service Attacks. In the fall of 1999, the NIPC began receiving reports about a new threat on the Internet--Distributed Denial of Service Attacks. In these cases, hackers plant tools such as Trinoo, Tribal Flood Net (TFN), TFN2K, or Stacheldraht (German for barbed wire) on a number of unwitting victim systems. Then when the hacker sends the command, the victim systems in turn begin sending messages against a target system. The target system is overwhelmed with the traffic and is unable to function. Users trying to access that system are denied its services. The NIPC issued an alert regarding these tools in December 1999 in order to notify the private sector and government agencies about this threat. Moreover, the NIPC's Special Technologies and Applications Unit (STAU) created and released to the public a software tool that enables system administrators to identify DDOS software installed on victimized machines. The public has downloaded these tools tens of thousands of times from the web site, and has responded to the FBI by reporting many intrusions and installations of the DDOS software. The public received the NIPC tool so well that the computer security trade group SANS awarded their yearly Security Technology Leadership Award to members of the STAU. The availability of this tool has helped facilitate our investigations of ongoing criminal activity by uncovering evidence on victim computer systems. On February 8, 2000, the FBI received reports that Yahoo had experienced a denial of service attack. In a display of the close cooperative relationship the NIPC has developed with the private sector, in the days that followed, several other companies also reported denial of service outages. These companies cooperated with our National Infrastructure Protection and Computer Intrusion squads in the FBI field offices and provided critical logs and other information. Still, the challenges to apprehending the suspects are substantial. In many cases, the attackers used "spoofed" IP addresses, meaning that the address that appeared on the target's log was not the true address of the system that sent the messages. The resources required in these investigations can be substantial. Already we have five FBI field offices with cases opened: Los Angeles, San Francisco, Atlanta, Boston, and Seattle. Each of these offices has victim companies in its jurisdiction. In addition, so far seven field offices are supporting the five offices that have opened investigations. The NIPC is coordinating the nationwide investigative effort, performing technical analysis of logs from victims sites and Internet Service Providers, and providing all-source analytical assistance to field offices. Agents from these offices are following up literally hundreds of leads. While the crime may be high tech, investigating it involves a substantial amount of traditional police work as well as technical work. For example, in addition to following up leads, NIPC personnel need to review an overwhelming amount of log information received from the victims. Much of this analysis needs to be done manually. Analysts and agents conducting this analysis have been drawn off other case work. In the coming years we expect our case load to substantially increase. Terrorists. Terrorists are known to use information technology and the Internet to formulate plans, raise funds, spread propaganda, and to communicate securely. For example, convicted terrorist Ramzi Yousef, the mastermind of the World Trade Center bombing, stored detailed plans to destroy United States airliners on encrypted files on his laptop computer. Moreover, some groups have already used cyber attacks to inflict damage on their enemies' information systems. For example, a group calling itself the Internet Black Tigers conducted a successful "denial of service" attack on servers of Sri Lankan government embassies. Italian sympathizers of the Mexican Zapatista rebels attacked web pages of Mexican financial institutions. Thus, while we have yet to see a significant instance of "cyber terrorism" with widespread disruption of critical infrastructures, all of these facts portend the use of cyber attacks by terrorists to cause pain to targeted governments or civilian populations by disrupting critical systems. Foreign intelligence services. Foreign intelligence services have adapted to using cyber tools as part of their information gathering and espionage tradecraft. In a case dubbed "the Cuckoo's Egg," between 1986 and 1989 a ring of West German hackers penetrated numerous military, scientific, and industry computers in the United States, Western Europe, and Japan, stealing passwords, programs, and other information which they sold to the Soviet KGB. Significantly, this was over a decade ago -- ancient history in Internet years. While I cannot go into specifics about the situation today in an open hearing, it is clear that foreign intelligence services increasingly view computer intrusions as a useful tool for acquiring sensitive U.S. Government and private sector information. Sensitive Intrusions. In the last two years we have seen a series of intrusions into numerous Department of Defense computer networks as well as networks of other federal agencies, universities, and private sector entities. Intruders have successfully accessed U.S. Government networks and taken enormous amounts of unclassified but sensitive information. In investigating these cases, the NIPC has been coordinating with FBI Field Offices, Legats, the Department of Defense (DOD), and other government agencies, as circumstances require. The investigation has determined that these intrusions appear to originate in Russia. The NIPC has also supported other very sensitive investigations, including the possible theft of nuclear secrets from Los Alamos National Laboratory in New Mexico. It is important that the Congress and the American public understand the very real threat that we are facing in the cyber realm, not just in the future, but now. Information Warfare. One of the greatest potential threats to our national security is the prospect of "information warfare" by foreign militaries against our critical infrastructures. We know that several foreign nations are already developing information warfare doctrine, programs, and capabilities for use against each other and the United States or other nations. Foreign nations are developing information warfare programs because they see that they cannot defeat the United States in a head-to-head military encounter and they believe that information operations are a way to strike at what they perceive as America's Achilles Heel -- our reliance on information technology to control critical government and private sector systems. For example, two Chinese military officers recently published a book that called for the use of unconventional measures, including the propagation of computer viruses, to counterbalance the military power of the United States. A serious challenge we face is even recognizing when a nation may be undertaking some form of information warfare. If another nation launched an information warfare attack against the United States, the NIPC would be responsible to gather information on the attack and work with the appropriate defense, intelligence, and national command authorities. Traditional Threats to Society Moved to the Cyber Realm Computers and networks are not just being used to commit new crimes such as computer intrusions, denial of service attacks, and virus propagation, but they are also facilitating some traditional criminal behavior such as extortion threats, fraud and the transmission of child pornography. For example, the NIPC recently supported an investigation involving e-mail threats sent to a Columbine High School student threatening violence. Child Pornography and Exploitation. While the Internet has been a tremendous boon for information sharing and for our economy, it unfortunately has also become a zone where predators prey on the weakest and most vulnerable members of our society, our children. The sex offender using a computer is not a new type of criminal. Rather it is simply a case of modern technology being combined with an age old problem. The use of computers has made child pornography more available now than at any time since the 1970s. An offender can use a computer to transfer, manipulate, or even create child pornography. Images can be stored, transferred from video tape or print media, and transmitted via the Internet. With newer technology, faster processors and modems, moving images can now also be transmitted. In addition, the information and images stored and transmitted can be encrypted to deter or avoid detection. As computers and technological enhancements, such as faster modems and processors, become less expensive and more sophisticated, the potential for abuse will grow. Challenges to Law Enforcement in Investigating Cybercrime The burgeoning problem of cuber crime poses unique challenges to law enforcement. These challenges require novel solutions, close teamwork among agencies and with the private sector, and adequate numbers of trained and experienced agents and analysts with sophisticated equipment. Identification and Jurisdictional Challenges Identifying the Intruder. One major difficulty that distinguishes cyber threats from physical threats is determining who is attacking your system, why, how, and from where. This difficulty stems from the ease with which individuals can hide or disguise their tracks by manipulating logs and directing their attacks through networks in many countries before hitting their ultimate target. The now well know "Solar Sunrise" case illustrates this point. Solar Sunrise was a multi-agency investigation (which occurred while the NIPC was being established) of intrusions into more than 500 military, civilian government, and private sector computer systems in the United States, during February and March 1998. The intrusions occurred during the build-up of United States military personnel in the Persian Gulf in response to tension with Iraq over United Nations weapons inspections. The intruders penetrated at least 200 unclassified U.S. military computer systems, including seven Air Force bases and four Navy installations, Department of Energy National Laboratories, NASA sites, and university sites. Agencies involved in the investigation included the FBI, DOD, NASA, Defense Information Systems Agency, AFOSI, and the Department of Justice (DOJ). The timing of the intrusions and links to some Internet Service Providers in the Gulf region caused many to believe that Iraq was behind the intrusions. The investigation, however, revealed that two juveniles in Cloverdale, California, and several individuals in Israel were the culprits. Solar Sunrise thus demonstrated to the interagency community how difficult it is to identify an intruder until facts are gathered in an investigation, and why assumptions cannot be made until sufficient facts are available. It also vividly demonstrated the vulnerabilities that exist in our networks; if these individuals were able to assume "root access" to DOD systems, it is not difficult to imagine what hostile adversaries with greater skills and resources would be able to do. Finally, Solar Sunrise demonstrated the need for interagency coordination by the NIPC. Jurisdictional Issues. Another significant challenge we face is hacking in multiple jurisdictions. A typical hacking investigation involves victim sites in multiple states and often many countries. This is the case even when the hacker and victim are both locatedin the United States. In the United States, we can subpoena records and execute search warrants on suspects' homes, seize evidence, and examine it. We can do none of those things ourselves overseas, rather, we depend on the local authorities. In some cases the local police forces simply do not understand or cannot cope with the technology. In other cases, these nations simply do not have laws against computer intrusions. Our Legats are working very hard to build bridges with local law enforcement to enhance cooperation on cybercrime. The NIPC has held international computer crime conferences with foreign law enforcement officials to develop liaison contacts and bring these officials up to speed on cybercrime issues. We have also held cybercrime training classes for officers from partner nations. Despite the difficulties, we have had some success in investigating and prosecuting these crimes. In 1996 and 1997, the National Oceanic and Atmospheric Administration (NOAA) suffered a series of computer intrusions that were linked to a set of intrusions occurring at the National Aeronautics and Space Administration (NASA). Working with the Canadian authorities, it was determined that the subject resided in Canada. In April 1999, Jason G. Mewhiney was indicted by Canadian authorities. In January 2000, he pled guilty to 12 counts of computer intrusions and the Canadian Superior Court of Justice sentenced him to 6 months in jail for each of the counts, with the sentences running concurrently. In another case, Peter Iliev Pentchev, a Princeton University student, was identified as an intruder on an e-commerce system. An estimated 1800 credit card numbers, customer names, and user passwords were stolen. The company had to shut down its web servers for five days to repair the damages estimated at $100,000. Pentchev has fled to his native Bulgaria and the process is being determined to return Pentchev to the United States to face charges. In 1994-95, an organized crime group headquartered in St. Petersburg, Russia, transferred $10.4 million from Citibank into accounts all over the world. After investigation by the FBI's New York field office, all but $400,000 of the funds were recovered. Cooperation with Russian authorities helped bring Vladimir Levin, the perpetrator, to justice. In another case, the FBI investigated Julio Cesar Ardita, an Argentine computer science student who gained unauthorized access to Navy and NASA computer systems. He committed these intrusions from Argentina, and Argentine authorities cooperated with the FBI on the investigation. While he could not be extradited for the offenses, he returned voluntarily to the United States and was sentenced to three years probation. In all of these cases, Legats have been essential to the investigation. As the Internet spreads to even more countries, we will see greater demand placed on the Legats to support computer intrusion investigations. Human and Technical Challenges The threats we face are compounded by human and technical challenges posed by these types of investigations. The first problem is, of course, having enough positions foragents, computer scientists, and analysts to work computer intrusions. Once we have the authorized positions, we face the issue of recruiting people to fill these positions, training them in the rapidly changing technology, and retaining them. There is a very tight market out there for information technology professionals. The Federal Government needs to be able to recruit the very best people into its programs. Fortunately, we can offer exciting, cutting-edge work in this area and can offer agents, analysts, and computer scientists the opportunities to work on issues that no one else addresses, and to make a difference to our national security and public safety. Our current resources are stretched paper thin. We only have 193 agents assigned to NIPC squads and teams nationwide. Major cases, such as the recent DDOS attacks on Yahoo, draw a tremendous amount of personnel resources. Most of our technical analysts will have to be pulled from other work to examine the log files received from the victim companies. Tracking down hundreds of leads will absorb the energy of a dozen field offices. And this is all reactive. My goal is for the FBI to become proactive in this area just as we have in other areas such as drugs and violent crime. In a few minutes I'll discuss what we need to do to improve our cybercrime fighting capabilities to become proactive in fighting cybercrime. The technical challenges of fighting crime in this arena are equally vast. We can start just by looking at the size of the Internet and its exponential growth. Today it is estimated that more than 60,000 individual networks with 40 million users are connected to the Internet. Thousands of more sites and people are coming on line every month. In addition, the power of personal computers is vastly increasing. The FBI's Computer Analysis Response Team (CART) examiners conducted 1,260 forensic examinations in 1998 and 1,900 in 1999. With the anticipated increase in high technology crime and the growth of private sector technologies, the FBI expects 50 percent of its caseload to require at least one computer forensic examination. By 2001, the FBI anticipates the number of required CART examinations to rise to 6,000. It is important to note that personnel resources with very specific technical skills are required not only for computer and Internet based crimes such as the DDOS incidents, but are increasingly necessary for more traditional matters as well. Examples of this type of problem include the approximately 6000 man hours that the NIPC was required to expend investigating a recent computer-based espionage case. The NIPC's Special Technologies and Applications Unit (STAU) received approximately one million raw files from CART, and was required by the investigators to reproduce the activities of individuals over a period of years from that raw data. The amount of information which was required to be processed by STAU, and is still necessary to process, would fill the Library of Congress nearly twice. This type of case illustrates where technical analysis of the highest order has become necessary in sophisticated espionage matters. A recent extortion and bombing illustrate how traditional violent criminals are also turning to high technology. In this extortion case, the bomber's demands included that the victim post their responses to his requirements on their web site. The STAU was required to sort through millions of web site "hits" to discern which entries may have come from the bomber. Based on information generated by the STAU's efforts, agents were able to trace the bomber to a specific telephone line to his home address. Clearly, the FBI needs engineering personnel to develop and deploy sophisticated electronic surveillance capabilities in an increasingly complex and technical investigativeenvironment, skilled CART personnel to conduct the computer forensics examinations to support an increasingly diverse set of cases involving computers, as well as expert NIPC personnel to examine network log files to track the path an intruder took to his victim. In cases such as Los Alamos or Columbine, both NIPC and CART personnel were called in to bring their unique areas of expertise to bear on the case. During the last part of 1998, most computers on the market had hard drives of 6-8 gigabytes (GB). Very soon 13-27 GB hard drives will become the norm. By the end of 2000, we will be seeing 60-80 GB hard drives. All this increase in storage capacity means more data that must be searched by our forensics examiners, since even if these hard drives are not full, the CART examiner must review every bit of data and every area of the media to search for evidence. The FBI has an urgent requirement for improved tools, techniques and services for gathering, processing, and analyzing data from computers and computer networks to acquire critical intelligence and evidence of criminal activity. Over the past three years, the FBI's Laboratory Division (LD) has been increasingly requested to provide data interception support for such investigative programs as: Infrastructure Protection, Violent Crimes (Exploitation of Children, Extortion), Counterterrorism, and Espionage. In fact, since 1997, the LD has seen a dramatic increase in field requests for assistance with interception of data communications. Unless the FBI increases its capability and capacity for gathering and processing computer data, investigators and prosecutors will be denied timely access to valuable evidence that will solve crimes and support the successful prosecutions of child pornographers, drug traffickers, corrupt officials, persons committing fraud, terrorists, and other criminals. One of the largest challenges to FBI computer investigative capabilities lies in the increasingly widespread use of strong encryption. The widespread use of digitally-based telecommunications technologies, and the unprecedented expansion of computer networks incorporating privacy features/capabilities through the use of cryptography (i.e. encryption), has placed a tremendous burden on the FBI's electronic surveillance technologies. Today the most basic communications employ layers of protocols, formatting, compression and proprietary coding that were non-existent only a few years ago. New cryptographic systems provide robust security to conventional and cellular telephone conversations, facsimile transmissions, local and wide area networks, Internetcommunications, personal computers, wireless transmissions, electronically stored information, remote keyless entry systems, advanced messaging systems, and radio frequency communications systems. The FBI is already encountering the use of strong encryption. In 1999, 53 new cases involved the use of encryption. The FBI is establishing a centralized capability for development of investigative tools which support the law enforcement community's technical needs for cybercrime investigations, including processing and decrypting lawfully intercepted digital communications and electronically stored information. A centralized approach is appropriate since state and local law enforcement have neither the processing power nortrained individuals to assume highly complex analysis or reverse engineering tasks. The FY 2001 budget includes $7,000,000 for this effort. The need for a law enforcement centralized civilian resource for processing and decrypting lawfully intercepted digital communications and electronically stored information is well documented in several studies, including: * The National Research Council's Committee Report entitled "Cryptography's Role in Securing the Information Society." Specifically, the Committee recommended that high priority be given to the development of technical capabilities, such as signal analysis and decryption, to assist law enforcement in coping with technological challenges. * In 1996, Public Law 104-132 Section 811, the 104th Congress acknowledged the critical need and authorized the Attorney General to "...support and enhance the technical support [capabilities]..." of the FBI. * The Administration policy position as set forth in the September 16, 1998, press release acknowledges that "The Administration intends to support FBI's establishment of a technical support [capability] to help build the technical capacity of law enforcement - Federal, State, and local - to stay abreast of advancing communications technology." It has been the position of the FBI that law enforcement should seek the voluntary cooperation of the computer hardware and software industry as a means of attempting to address the public safety issues associated with use of encryption in furtherance of serious criminal activity. Over the past year and a half, the FBI has initiated an aggressive industry outreach strategy to inform industry of law enforcement's needs in the area of encryption, to continue to encourage the development of recoverable encryption products that meet law enforcement's needs, and to seek industry's assistance regarding the development of law enforcement plain text access "tools" and capabilities when non-recoverable encryption products are encountered during the course of lawful investigations. The FBI will be meeting this year with industry in an environment wherein various computer and software industry representatives can exchange technical and business information regarding encryption and encryption products with law enforcement. This information will assist law enforcement agencies with establishing development and operational strategies to make the most effective use of limited resources. State and Local Assistance Just as with other crimes, often the state and local authorities are going to be the first ones on the scene. The challenge for these law enforcement officers is even greater than the one the Federal Government faces in that state and local law enforcement is less likely to have the expertise to investigate computer intrusions, gather and examine cyber media and evidence. The challenge for the federal government is to provide the training and backup resources to the state and local levels so that they can successfully conduct investigations and prosecutions in their jurisdictions. This sort of cooperation is already showing results. For example, the FBI worked with the New Jersey State Police on the Melissa Macro Virus case that resulted in the arrest of David L. Smith by the New Jersey authorities. In addition, the NIPC and our Training Division are working together to provide training to state and local law enforcement officers on cybercrime. In FY 1999 over 383 FBI Agents, state and local law enforcement and other government representatives have taken NIPC sponsored or outside training on computer intrusion and network analysis, energy and telecommunications key assets. We have made great strides in developing our training program for state and local law enforcement officials. More NIPC training than ever before is being conducted outside of Washington, DC, meaning that more state and local officers should have the opportunityto attend these classes with less disruption to their schedules and less travel. One of the main responsibilities of the NIPC Training and Continuing Education Unit is to develop and manage the state and local Law Enforcement Training Program. This program trains state and local law enforcement officials in a myriad of state-of-the-art cyber courses. Building on the success of the San Diego Regional Computer Forensic Laboratory, the Attorney General asked the FBI and the Office of Justice Programs, to work in partnership to develop a series of regional laboratories. These facilities will provide computer forensic services as joint ventures among federal, state and local law enforcement. Six million dollars is requested in the Office of Justice Programs to establish several regional computer forensic laboratories. Working together, we are identifying geographical areas where the establishment of such partnerships could make significant impact. The NIPC is supporting the Attorney General's proposal to create a network of federal, state, and local law enforcement personnel for combating cybercrimes. We are instructing each field office to have a point of contact at the appropriate investigative agencies regarding their area of jurisdiction and to provide this information to NIPC at FBIHQ. Presidential Decision Directive (PDD) 63 identified the Emergency Law Enforcement Services Sector (ELES) as one of the eight critical infrastructures. PDD 63 further designated the Federal Bureau of Investigation as the lead agency with protecting the ELES. The NIPC is currently working on a strategic plan for this sector and holding meetings with sector representatives. This involves developing and implementing a plan to help law enforcement protect its own systems from attack so it will be able to deliver vitally needed services to the public. Success of the NIPC requires building on proven mechanisms to develop and maintain long-term relationships with state and local law enforcement agencies. NIPC oversees outreach programs, coordinates training, shares information and coordinates interagency efforts to plan for, deter, and respond to cyber attacks. Currently, the NIPC is sharing information with state and local governments via Law Enforcement On-line (LEO) and the National Law Enforcement Telecommunications System. Timely coordination and sharing of information with other law enforcement agencies is essential in combating the cyber threat in the Information Age. Local law enforcement is also encouraged to join the InfraGard chapters in their area. State and local agencies investigate and prosecute cyber crimes based on violations of local laws. By sharing investigative data with the NIPC, emerging trends can be identified, analyzed and further shared with other agencies to share investigative responsibilities with their local FBI field office and the NIPC. The cross-jurisdictional nature of cyber crimes, in which attacks occur outside the state or even national borders, means that investigative efforts must be coordinated among local, state and federal agencies to ensure effective prosecution. FBI Cybercrime Investigation Capabilities National Infrastructure Protection Center Under PDD-63, the NIPC's mission is to detect, warn of, respond to, and investigate computer intrusions and unlawful acts that threaten or target our critical infrastructures. The Center not only provides a reactive response to an attack that has already occurred, but proactively seeks to discover planned attacks and issues warnings before they occur. This large and difficult task requires the collection and analysis of information gathered from all available sources (including law enforcement investigations, intelligence sources, data voluntarily provided by industry and open sources) and dissemination of analyses and warnings of possible attacks to potential victims, whether in the government or the private sector. To accomplish this mission, the NIPC relies on the assistance of, and information gathered by the FBI's 56 field offices, other federal agencies, state and local law enforcement, and perhaps most importantly, the private sector. The NIPC, while located at the FBI, is an interagency center, with representatives from many other agencies, including DOD, the U.S. Intelligence Community, and other federal agencies. The NIPC at FBI Headquarters currently has 79 FBI personnel, with an authorized ceiling of 94. There are 22 representatives from Other Government Agencies (OGAs), the private sector, state and local law enforcement, and our international partners at the Center. Our target for OGA and private sector participation is 40. To accomplish its goals, the NIPC is organized into three sections: The Computer Investigations and Operations Section (CIOS) is the operational response arm of the Center. It program manages computer intrusion investigations conducted by FBI field offices throughout the country: provides subject matter experts, equipment, and technical support to cyber investigators in federal, state and local government agencies involved in critical infrastructure protection; and provides a cyber emergency response capability to help resolve a cyber incident. The Analysis and Warning Section (AWS) serves as the "indications and warning arm of the NIPC. It provides analytical support during computer intrusion investigations and long-term analyses of vulnerability and threat trends. Through its 24/7 watch and warning capability, it distributes tactical warnings and analyses to all the relevant partners, informing them of potential vulnerabilities and threats and long-term trends. It also reviews numerous government and private sector databases, media, and other sources daily to gather information that may be relevant to any aspect of our mission, including the gathering of indications of a possible attack. The Training, Outreach and Strategy Section (TOSS) coordinates the training and education of cyber investigators within the FBI field offices, state and local law enforcement agencies, and private sector organizations. It also coordinates outreach to private sector companies, state and local governments, other government agencies, and the FBI's field offices. In addition, this section manages collection and cataloguing of information concerning "key assets" across the country. Finally, it handles our strategic planning and administrative functions with FBI and DOJ, the National Security Counsel, other agencies and Congress. Through these, the Center brings its unique perspective as the only national organization devoted to investigation, analysis, warning, and response to attacks on the infrastructures. Further, as an interagency entity, the NIPC takes a broad view of infrastructure protection, looking not just at reactive investigations but also at proactive warnings and prevention. Finally, through the FBI, the Center has a national reach to implement policy. The Center is working closely on policy initiatives with its Federal partners and meets regularly with the other Federal lead agencies on policy issues. National Infrastructure Protection and Computer Intrusion Squads/Teams In October 1998, the National Infrastructure Protection and Computer Intrusion Program (NIPCP) was approved as an investigative program and resources were created and placed in each FBI field office with the NIPC at FBI Headquarters acting as program manager. By the end of this fiscal year, there will be 16 FBI Field Offices with regional NIPC squads. Each of these squads will be staffed with 7 to 8 agents. Nationwide, there are 193 agents dedicated to investigating NIPC matters. In order to maximize investigative resources the FBI has taken the approach of creating regional squads that have sufficient size to work difficult major cases and to assist those field offices without an NIPC squad. In those field offices without squads, the FBI is building a baseline capability by having one or two agents to work NIPC matters, i.e. computer intrusions (criminal and national security), viruses, InfraGard, state and local liaison etc. Computer Analysis and Response Teams (CART) An essential element in the investigation of computer crime is the recovery of evidence from electronic media. In a murder investigation, the detectives investigate the case but the coroner examines the body for evidence of how the crime was committed. The CART personnel serve this function in cyber investigations. CART examiners perform three essential functions. First, they extract data from computer and network systems, and conduct forensic examinations and on-site field support to all FBI investigations and programs where computers and storage media are required as evidence. Second, they provide technical support and advice to field agents conducting such investigations. Finally, they assist in the development of technical capabilities needed to produce timely and accurate forensic information. Currently the FBI has 26 full time CART personnel at FBI Headquarters and 62 full-time and 54 part-time CART personnel in the field, for a total of 142 trained CART personnel. CART resources are used in a variety of investigations ranging from sensitive espionage cases to health care fraud. For example, on September 12, 1998, the FBI executed the arrest of individuals who were involved in an espionage ring trying to penetrate U.S. military bases on behalf of the Cuban government. During the arrest of these individuals CART conducted the seizure of 35 Gb of digital evidence to include personal computers containing twelve (12) hard drives, 2,500 floppy diskettes, and assorted CD-ROMs. The FBI deployed more than 30 CART field examiners during the search and examination which consumed thousands of hours of their time. In order to process the vast quantities of information required, the CART program needs to purchase or develop new ways of handling digital evidence. One program used by the FBI is the Automated Computer Examination System (ACES), a data exploration tool developed by the FBI Laboratory, to scan thousands of files for identification of known format and executable program files. ACES verifies that certain program, batch or executable files are for computer operation and do not represent a file in which potential evidentiary material is stored. Results from an ACES examination can be passed to other analytical utilities used in examining a computer. The FBI is also working with other federal agencies as well as state and local law enforcement to share data and forensic expertise. In San Diego, a regional computer forensic capability has been established that is staffed by the FBI, the Navy, and the San Diego police department, among others. This lab serves as a resource for the entire region. The vast majority of all computer related seizures in San Diego County are currently being made through the RCFL. During the start-up period (Summer 1999 to December 1999), although all participating agencies had been co-located, each examiner had been working on his own agencies's cases. As of January 3, 2000, the San Diego lab started receiving submissions as a joint facility and jointly tracking those submissions. As of February 3, the lab had received 26 cases, including three federal cases consisting of large scale networks, and local cases including a death threat to a Judge, a poisoning case, and a child molestation case. We recognize that state and local law enforcement often will not have the resources for complex computer forensics, and we hope that the San Diego model can be expanded. Technical Investigative Support The FBI has long had capabilities regarding the interception of conventional phone lines and modems. The rapid advance of data technologies and the unregulated nature of the Internet has resulted in a myriad of technologies and protocols which make the interception of data communications extremely difficult. It is critical that the FBI properly equip investigators with technical capabilities for utilizing the critical investigative tools on lawfully authorized Title III and Title 50 interception. Innocent Images Initiative/Child Pornography The FBI has moved aggressively against child pornographers. In 1995 the FBI's first undercover operation, code name Innocent Images, was initiated. Almost five years later, Innocent Images is an FBI National Initiative, supported by annual funding of $10 million, with undercover operations in eleven FBI field offices -- Baltimore, Birmingham, Cleveland, Dallas, Houston, Las Vegas, Los Angeles, Newark, Phoenix, San Francisco, and Tampa -- being worked by task forces that combine the resources of the FBI with other federal, state and local law enforcement officers from Maryland, Virginia, the District of Columbia, Alabama, Ohio, Texas, Nevada, California, New Jersey, Arizona, and Florida. Investigations developed by the National Initiative's undercover operations are being conducted by every field office and information has been referred to foreign law enforcement agencies through the FBI's Legal Attache Offices. During Fiscal Year 1999 a total of 1,497 new cases were opened. Every one of these investigations has digital evidence and requires the assistance of a CART examiner. Additionally, 188 search warrants and 57 consent searches were executed, and 193 arrests, 125 indictments, 29 information and 108 convictions were obtained as a result of the Innocent Images National Initiative. Also in Fiscal Year 1999, the IINI provided 227 presentations to 17,522 individuals from foreign and domestic law enforcement and government officials, civilian groups, and private citizens in an effort to raise awareness about child pornography/child sexual exploitation issues and increase coordination between federal, state and local law enforcement. Intellectual Property Rights/Internet Fraud Intellectual property is the driver of the 21st century American economy. In many ways it has become what America does best. The United States is the leader in the development of creative, technical intellectual property. Violations of Intellectual Property Rights, therefore, threaten the very basis of our economy. Of primary concern is the development and production of trade secret information. The American Society of Industrial Security estimated the potential losses at $2 billion per month in 1997. Pirated products threaten public safety in that many are manufactured to inferior or non-existent quality standards. A growing percentage of IPR violations now involve the Internet. There are thousands of web sites solely devoted to the distribution of pirated materials. The FBI has recognized, along with other federal agencies, that a coordinated effort must be made to attack this problem. The FBI, along with the Department of Justice, U.S. Customs Service, and other agencies with IPR responsibilities, will be opening an IPR Center this year to enhance our national ability to investigate and prosecute IPR crimes through the sharing of information among agencies. One of the most critical challenges facing the FBI and law enforcement in general, is the use of the Internet for criminal purposes. Understanding and using the Internet to combat Internet fraud is essential for law enforcement. The fraud being committed over the Internet is the same type of white collar fraud the FBI has traditionally investigated but poses additional concerns and challenges because of the new environment in which it is located. Internet fraud is defined as any fraudulent scheme in which one or more components of the Internet, such as Web sites, chat rooms, and E-mail, play a significant role in offering nonexistent goods or services to consumers, communicating false or fraudulent representations about the schemes to consumers, or transmitting victims' funds, access devices, or other items of value to the control of the scheme's perpetrators. The accessibility of such an immense audience coupled with the anonymity of the subject, require a different approach. The frauds range from simple geometric progression schemes to complex frauds. The Internet appears to be a perfect manner to locate victims and provides an environment where the victims don't see or speak to the fraud perpetrators. Anyone in the privacy of their own home can create a very persuasive vehicle for fraud over the Internet. In addition, the expenses associated with the operation of a "home page" and the use of electronic mail (E-mail) are minimal. Fraud perpetrators do not require the capital to send out mailers, hire people to respond to the mailers, finance and operate toll free numbers, etc. This technology has evolved exponentially over the past few years and will continue to evolve at a tremendous rate. By now it is common knowledge that the Internet is being used to host criminal behavior. The top ten most frequently reported frauds committed on the Internet include Web auctions, Internet services, general merchandise, computer equipment/software, pyramid schemes, business opportunities/franchises, work at home plans, credit card issuing, prizes/sweepstakes and book sales. Improving FBI Cybercrime Capabilities The last two years have seen tremendous strides in the development of the National Infrastructure Protection Center in both the Headquarters and field program. We have directed our resources into developing our prevention, detection, and response capabilities. This has meant recruiting talented personnel from both inside and outside the FBI, training those personnel, and developing investigative, analytic, and outreach programs. Most of these programs had to be developed from scratch, either because no program previously existed or because the program had to be reinvigorated from an earlier FBI incarnation. The cyber crime scene is dynamic-- it grows, contracts, and can change shape. Determining whether an intrusion is even occurring can often be difficult in the cyber world, and usually a determination cannot be made until after an investigation is initiated. The establishment of the NIPC has greatly enhanced the FBI's investigative, analytic, and case support capabilities. A few years ago, the NIPC would have been limited in its ability to undertake some of the sensitive investigations of computer intrusions that the FBI has supported. While the FBI has been able to develop and maintain its present response capability, the explosive nature of the crime problem continues to challenge our capacities. While much has been accomplished, much remains to be done. Building Investigative Capacity Trained personnel and resources present the greatest challenges to the FBI critical infrastructure protection mission. The FBI must make sure that the NIPC and Field Office squads are fully staffed with technologically competent investigators and analysts. It is also essential that these professional have state of the art equipment and connectivity they need to conduct their training. To accomplish this, the FBI must identify, recruit, and train personnel who have the technical, analytical, investigative, and intelligence skills for engaging in cyber investigations. This includes personnel to provide early warnings of attacks, to read and analyze log files, write analytic reports and products for the field and the private sector, and to support other investigations with cyber components. With such a configuration of selected personnel skills, the FBI will be able to effectively and efficiently investigate cyber threats, allegations, incidents, and violations of the law that target and/or impact critical infrastructure facilities, components, and key assets. Aggressive recruitment of qualified specialists is critical. Targeting the right people and providing hiring and educational incentives are good steps in building this professional cadre. Developing and deploying the best equipment in support of the mission is very important. Not only do investigators and analysts need the best equipment to conduct investigations in the rapidly evolving cyber system but the NIPC must be on the cutting edge of cyber research and development. NIPC must not only keep abreast of the criminal element but they must also accurately predict the next generation of criminal activity. In order to support state and local law enforcement efforts, field offices will seek to form cybercrime task forces. This should include assigning a prosecutor to handle task force cases. Building Partnerships with Industry and Academia NIPC is founded on the notion of partnership. This partnership is critical to ensuring timely information sharing about threats and incidents, new technologies, and keeping our capabilities at the cutting edge. The FBI, in conjunction with the private sector, has also developed an initiative call "InfraGard" to expand direct contacts with the private sector infrastructure owners and operators and to share information about cyber intrusions, exploited vulnerabilities, and physical infrastructure threats. The initiative encourages the exchange of information by government and private sector members through the formation of local InfraGard chapters within the jurisdiction of each Field Office. Chapter membership includes representatives from the FBI, private industry, other government agencies, State and local law enforcement, and the academic community. The initiative provides four basic services to its members: an intrusion alert network using encrypted e-mail; a secure website for communication about suspicious activity or intrusions; local chapter activities; and a help desk for questions. The critical component of InfraGard is the ability of industry to provide information on intrusions to the local FBI Field Office using secure communications in both a "sanitized" and detailed format. The local FBI Field Offices can, if appropriate, use the detailed version to initiate an investigation; while NIPC Headquarters can analyze that information in conjunction with other law enforcement, intelligence, or industry information to determine if the intrusion is part of a broader attack on numerous sites. The Center can simultaneously use the sanitized version to inform other members of the intrusion without compromising the confidentiality of the reporting company. The secure website will also contain a variety of analytic and warning products that we can make available to the InfraGard community. The NIPC has also developed and is implementing an aggressive outreach program. We have briefed a number of key critical infrastructure sector groups including the North American Electric Reliability Council and business groups such as the U.S. Chamber of Commerce. We are also working closely with our international partners. Much attention has been given to the need to create mechanisms for sharing information with the private sector. The NIPC has built up a track record for doing this over the past 2 years with concrete results. Not only has it provided early warnings and vulnerability threat assessments but it has also developed unique detection tools to help potential victims of DDOS attacks. And contrary to press statements by companies offering security services that private companies won't share information with law enforcement, private companies have reported incidents and threats to the NIPC or FBI. The cooperation we have received from victims in the recent DDOS attacks is only the most recent example of this. InfraGard will increase this capacity by providing a secure two way mechanism for sharing information between the government and the private sector. Developing Forensic and Technical Capabilities As noted above, CART has developed substantial capability to examine computer and network media and storage devices. But the rapid change in technology and the increasing use of computers in criminal activity necessitate the on-going development of better investigative and forensic tools and techniques for examiners. We fully expect that the number of cases requiring CART examinations will increase by over 50% in the next few years. In addition, as storage media hold more information, each individual examination will require more effort. To even attempt to keep pace with these developments, we will need to increase our personnel base in CART. For FY 2001, funding is proposed to add 100 new CART examiners. In addition, in order for our ACES program to remain able to provide comprehensive analysis of computer files, it needs to be continuously updated. After all, how many iterations of Windows¨, Microsoft Office¨, and other software and operating systems have we seen just in the last two years? We need to ensure that ACES can perform its function. The FY 2001 budget includes $2,800,000 for the ACES program. Improving our technical capabilities to access plain text communications is a critical challenge to the FBI. The ultimate objective is to provide field investigators with an integrated suite of automated data collection systems, operating in a low-cost and readily available personal computer environment, which will be capable of identifying, intercepting and collecting targeted data of interest from a broad spectrum of data telecommunications transmissions mediums and networks. Substantial resource enhancements are required to progress development from current ad hoc, tactical data intercept systems to integrated modular systems, providing the field investigators with increased flexibility, simplicity and reliability and to enhance training programs to enable field Technically Trained Agents and Investigators to install and operate this complex equipment. The most technically complex component of electronic surveillance, has been and always will be the deciphering of encrypted signals and data. In the past few years, growth in electronic communications and the public demand for security have increased the number of investigations which encounter encrypted signals and data. With the convergence of digital technologies in the very near future, all electronic communications conducted using computers, the Internet, wireless and other forms of communications, will inherently incorporate and apply data security (i.e. encryption). The ability to gather evidence from FBI electronic surveillance and seized electronic data will significantly depend upon the development of and deployment of signal analysis and decryption capabilities. Funding enhancements are requested to step toward the fulfillment of a strategic plan to ensure that collected signals, data and evidence can be intercepted, interpreted and made usable in the prosecution of crimes and the detection of national security offenses. Failure to strategically prepare for the impending global changes data and voice telecommunications, information security, and the volumes of encrypted information collected by law enforcement pursuant to lawful court orders, will ensure that critical information and evidence will be unintelligible and unusable in future investigations. We are urgently trying to develop our capabilities in this area through the acquisition of hardware and software tools, technologies and systems, and support services to work on a variety of research projects to meet this problem. Last September, the Administration announced a "New Approach to Encryption" which included significant changes to the nation's encryption export policies and recommended public safety enhancement to ensure "that law enforcement has the legal tools, personnel, and equipment necessary to investigate crime in an encrypted world." Specifically, on September 16, 1999, the President, on behalf of law enforcement, transmitted to Congress the "Cyberspace Electronic Security Act of 1999" which would: ensure that law enforcement maintains its ability to access decryption information stored with third parties, while protecting such information from inappropriate release; protect sensitive investigative techniques and industry trade secrets from unnecessary disclosure in litigation or criminal trials involving encryption, consistent with fully protecting defendants' rights to a fair trial; and authorize $80 million over four years for the FBI's Technical Support Center (TSC), which serves as a centralized technical resource for federal, state and local law enforcement in responding to the increased use of encryption in criminal cases. The TSC is an expansion of the FBI's Engineering Research capabilities that will take advantage of existing institutional and technical expertise in this area. As indicated earlier, the FY 2001 budget proposes an increase of $7,000,000 for the FBI's counterencryption program. We urge Congress to support us in these endeavors. The law enforcement community relies on lawfully-authorized electronic surveillance as an essential tool for the investigation, disruption, and prevention of serious and violent offenses. Technological advances have taken a serious toll on law enforcement's ability to protect the public through the use of lawfully-authorized electronic surveillance. The Communications Assistance for Law Enforcement Act (CALEA) was passed so that the telecommunications industry would pro-actively address law enforcement's need and authority to conduct lawfully-authorized electronic surveillance as a basic element in providing service. CALEA clarifies and further defines existing statutory obligations of the telecommunications industry to assist law enforcement in executing lawfully-authorized electronic surveillance. The FBI developed a flexible deployment strategy to minimize the costs and the operational impact of installation of CALEA-compliant software on telecommunications carriers. This strategy supports the carriers' deployment of CALEA-compliant solutions in accordance with their normal business cycles when this deployment will not delay implementation of CALEA solutions in high-priority areas. The carriers will provide projected CALEA-deployment schedules for all switches in their network and information pertaining to recent lawfully authorized electronic surveillance activity. Using this information, the FBI and the carrier will develop a mutually agreeable deployment schedule. The FBI provided the carriers with the Flexible Deployment Assistance Guide to facilitate the carrier's submission of information. The FBI is negotiating with telecommunications carriers and manufacturers of telecommunications equipment for nationwide Right-to-Use (RTU) licenses to facilitate the availability of CALEA-compliant software to carriers. Also, the FBI is establishing a regional, nationwide law enforcement liaison program. This team will facilitate developing consensus law enforcement electronic surveillance requirements for all telecommunications technologies and services required to comply with CALEA; educate and inform Congress and the Federal Communications Commission (FCC) to ensure law enforcement's ability to conduct court-authorized electronic surveillance is not compromised on any telecommunications technology or service required to comply with CALEA; identify, publish, and ensure deployment of capacity requirements in accordance with Section 104 of CALEA; and develop a prioritized plan for the effective deployment and tracking of CALEA solutions. The FBI needs to conduct testing and verification of manufacturer-proposed CALEA technical solutions and to have the subject matter expertise necessary to address new technologies that must comply with CALEA. Without these capabilities, the FBI will be unable to conduct testing and verification of manufacturer-proposed CALEA technical solutions and complete the nationwide RTU license agreements. The FY 2001 budget proposes a total of $240,000,000 for CALEA RTU license agreements, including $120,000,000 under the Telecommunications Carrier Compliance Fund and $120,000,000 under the Department of Defense. Additionally, $2,100,000 is requested to support the FBI's CALEA program management office. Conclusion Computer crime is one of the most dynamic problems the FBI faces today. Just think about how many computers you have owned and how many different software packages you have learned over the past several years and you can only begin to appreciate the scope of the problem we are dealing with in the fast changing area. We need to budget for and train on technology that often has not even been invented when we begin the budget cycle some 18 months prior to the beginning of the fiscal year. I am proud of the progress that we have made in dealing with this problem. What I have tried to do here today is give you a flavor of what we are facing. I am confident that once the scope of the problem is clear, we can work together to develop the capabilities to meet the computer crime problem, in all its facets, head on. Our economy and public safety depend on it. | 2000 Congressional Statement | FBI Home Page |