Erez Liebermann

To improve cyberthreat and cybercrime information sharing, law enforcement officials and business leaders need to develop better working relationships, says federal prosecutor Erez Liebermann.

His advice to business leaders in all sectors is: "Before an incident occurs, start sharing and meeting the investigators and the prosecutors in your area. Then, when something occurs, that relationship will already be there."

Federal prosecutors have changed their approach in the past few years when collaborating with the private sector on cybercrime investigations, says Liebermann, deputy chief of the criminal division in the New Jersey district of the U.S. Attorney's office. They're willing to assure businesses that law enforcement will limit the scope of discovery in gathering evidence and withhold victims' names, he notes.

"It used to be we wouldn't do that; we gave the back of the hand to those issues," he says in an interview with Information Security Media Group (transcript below). "More and more today, we are giving very restrictive protective orders. ... Judges understand the importance of not 're-victimizing' a victim, including large corporations."

In the interview, he discusses:

Factors that impede collaboration between government and business on combatting cyber-attacks; Ways government can build trust to get businesses to share cyberthreat and cyber-attack information; and How the National Security Cyber Specialists program is combatting cyberthreats to national security.

Liebermann recently gave a presentation at ISMG's Fraud Summit on the need for public/private collaboration. A video of his session is now available.

He supervises the cyber, white collar and national security units in the Newark, N.J., office of the U.S. Attorney. He also serves as the national security cyber-specialist for the office. His investigations and prosecutions include cases involving large-scale data breaches, botnets, distributed-denial-of-service attacks and insider threats.

Among those prosecutions is one against five individuals tied to Heartland Payment Systems hacker Albert Gonzalez, in which authorities allege the defendants compromised more than 160 million credit and debit cards in a massive fraud scheme (see Fraud Indictment: 160 Million Cards).

Inhibitors to Sharing Information

ERIC CHABROW: Where are the inhibitors of getting the government, including law enforcement, and business to share information about cyberthreats and cybercrime?

EREZ LIEBERMANN: On the business side, there are some fears of what we're going to do with that information and how it could harm the businesses. On the government side, there are some historic limitations in the way in which information sharing went. Today, I think we're making large strides. Businesses are aware that they can share with us and trust that it doesn't go to the wrong people and doesn't go to the competitors, whereas the government is learning that if we don't share back, it's really going to hamper the investigations, both by the government and by the businesses.

Improving Cooperation

CHABROW: What can the government and law enforcement do better in getting businesses to cooperate?

LIEBERMANN: The first thing for both sides is to know each other. If we have more outreach, like I do when I give presentations and interviews, and more outreach when companies come to us, then we can develop these trust relationships which will be much stronger should an incident occur. That's happening more and more, and I would encourage companies to do it even more today. Before an incident occurs, start sharing and meeting the investigators and the prosecutors in your area. Then, when something occurs, that relationship will already be there.

CHABROW: Who are the people in the corporations who should be contacting you? In your presentation, you made it sound like sometimes the lawyers, which would be the logical people who may be in contact with law enforcements, are sometimes the inhibitors?