While there is certainly a skills gap in the nascent cyber security field, the U.S. is taking strides at training those capable of fighting cyber-crime. And these are officers already in the trenches.
Late last week, President Donald Trump signed a bill that will provide law enforcement practitioners new resources to fight cyber-crime, in an environment where these illicit activities are both growing in potency and complexity.
The bill will provide funding for the National Computer Forensics Institute in Hoover, Ala. through 2022. To date, the facility has trained more than 7,000 officers from more than 2,000 agencies, according to the Herald Democrat.
House Resolution 1616, aka “Strengthening State and Local Cyber Crime Fighting Act of 2017,” was first introduced in March by Rep. John Ratcliffe (R-Texas), whose office said that $13 million will be earmarked annually for the operation of the institute.
In an issued statement, Ratcliffe said the measure will help “ensure our state and local law enforcement officials are properly equipped to address and prosecute crimes in the 21st century – because we’re now in an era where almost every case involves some sort of digital evidence.”
He continued, “At the end of the day, getting the upper hand against cyber criminals will make our nation safer, and I’m glad that this critical piece of legislation has been signed into law to do just that.”
See related: State Of The Union: Trends In Cyber Security Law, Policies
As part of its mission, the institute will train officers on criminal investigations as it pertains to technology and computer forensics. The institute has been in existence since 2007, when it was a part of the Secret Service.
The bill passed through the House in an amended version in May and got the seal of approval from the Senate in October. It was presented to the president late last month.
Upon its introduction in March, Ratcliffe said, “We’ve all seen crime shows on TV where pieces of DNA evidence – a strand of hair or a drop of blood – solve the case. But in today’s world, we also have to consider digital evidence. This could be an email that was sent, an online purchase, or geolocation technology that places an individual at the scene of a crime.”
Despite the skills gap across sectors, it appears lawmakers are attempting to set the precedent for threat defense, network security and forensics.
Further, forensics capabilities are also on the up and up, even in enterprises ranging from global corporations to small and midsize businesses (SMB).
Elsewhere
Other initiatives also trace back to the public sector: for example, in commissioned research taken on by the Georgia Institute of Technology.
According to recent findings posted to Science Daily, huge advances are being made in the field of cyber forensics, thanks in part to an emerging technology dubbed “RAIN,” or Refinable Attack INvestigation.
The program will reportedly change forensic response time, dramatically, allowing enterprises of all sizes and functions to glimpse more of a paper trail in case they are hacked.
See related: Cyber Security Skills Gap Becoming Increasingly Worrisome
RAIN will allow investigators to quickly and accurately pinpoint how trespassers entered a network, what was lifted and which systems were affected.
The research has been supported by the Defense Advanced Research Projects Agency (DARPA), along with the National Science Foundation and the Office of Naval Research.
RAIN can continuously monitor systems and selectively log events it has deemed suspicious.
Taesoo Kim, assistant professor in Georgia Tech’s School of Computer Science, said that in revisiting events, binary instrumentation tools are used to extract relevant data. It is then filtered through automated analysis in a “hierarchal” format.
Thanks to the emergence of affordable data storage options, RAIN’s data can be logged and revisited.
Wenke Lee, co-director of Georgia Tech’s Institute for Information Security and Privacy, said RAIN can help operators of military-grade or commercial computer networks. He called it a move to complete “visibility.”
RAIN would likely be an independent system that does logging and interface for other security systems – in the push for automated forensics.