The report, titled "Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Needs Assessment," details the technology hurdles faced by cyber crime investigators and outlines a wish list of tools and technologies required to do this job better. The report is available on the Internet at
Cyber attacks can take many forms: computer intrusions to steal or destroy information; denial-of-service attacks, which can shut down computer networks; or destructive viruses or worms, which propagate automatically and can damage computer networks around the world.
"This report is the first step toward establishing a national research and development agenda on combating cyber attacks," says Michael Vatis, Director of ISTS. "Cyber attacks pose a threat to our national security and our economy, and they are increasing in number, sophistication and severity.
Law enforcement personnel need to be better prepared to prevent and respond to cyber attacks at the federal, state and local levels. The R&D community can play a critical role by developing new technologies that assist investigators in their responsibilities. This report provides useful guidance to researchers in industry, academia and government."
The report outlines areas where focused R&D attention would have the greatest impact in helping address this increasing threat.
"We found that one of the greatest challenges facing cyber investigators is in the area of log analysis," says Andrew Macpherson, Acting Assistant Director of Law Enforcement Programs at ISTS and one of the report's writers. "This makes sense. After all, when an attack is detected, gathering data from a network's activity logs is the logical source to find out what happened. Having better tools to examine those logs is essential."
The ISTS report features seven areas of concern:
ISTS researchers gathered data from a web-based survey of select law enforcement personnel, from site visits to law enforcement agencies, and from a two-day workshop, which convened an expert group of current and former cyber attack investigators and prosecutors. The data revealed numerous technological obstacles to investigating computer network attacks. ISTS personnel are already working on the next step, to evaluate the existing tools and technology in order to find the gaps where the needed technology does not exist so that R&D initiatives can be prioritized accordingly.
Background on ISTS: Dartmouth's Institute for Security Technology Studies (ISTS) serves as a national center for counter-terrorism and cyber security technology research, development and assessment. It is funded in part through the U.S. Justice Department's National Institute of Justice, Office of Science and Technology, and the U.S. Commerce Department's National Institute of Standards and Technology.
News Release
Dartmouth Institute examines cyber attack investigation preparedness
Peer-Reviewed Publication
HANOVER, N.H. – A report released this week by researchers at Dartmouth's Institute for Security Technology Studies (ISTS) examines the state of investigative tools needed by law enforcement officials who fight cyber crime, committed not only by terrorists but also by organized crime groups, individual "hackers" or nation-states.
###