Pros and cons of law enforcement involvement in a cyber security incident

Companies face incidents almost on a regular basis. Some incidents may be small and may not affect the company at all or the incident could be so devastating that costs the company resources, time and/or reputation. If the company feels that it could handle the incident internally with reasonable resources then they generally do not escalate the incident to the law enforcement but if the company feels that the incident is so out of hand that it can cause major damage to the company, financially or otherwise, then the company looks to the law enforcement agencies for help. Company’s decision to escalate or not escalate the incident lies mainly in the pros and cons that are involved with the participation of law enforcement agencies.

We will start with the pros that come by involving law enforcement agencies for handling the incident. The government has set various protocols and laws that help with the investigation of the incident, for example in the United States the Presidential Policy Directive-41[1] divides the major areas in incident handling, and assigns those areas to suitable government agencies that can efficiently handle them. These agencies are:

-The Department of Justice

-The Department of Homeland Security

-The office of the Director of National Intelligence

The United States government also has alliances like the National Cyber Forensics & Training Alliance[2] and alliances with various countries that together share information, intelligence and various ways to tackle various forms of cyber attacks. The government also exercises various legal powers like subpoenas and making warrants to investigate other company’s databases and homes of possible suspects. The government also encourages companies to approach them in times of crisis. The executive Order 13636 [3] was also introduced that promotes safety, security, business confidentiality, privacy and civil liberties. This policy can basically be used to strengthen the company’s critical infrastructure while maintaining confidentiality and privacy. It is also possible that the company may not be as well prepared to handle the incident as the government, for example it may not have the policies, protocols or resources to deal with the incident. In summary the United States government helps companies handle incidents by using policies, using t’s resources like information and intelligence, legal powers, and at the same time maintaining confidentiality about the companies critical infrastructure.

Although the decision to escalate the issue to the law enforcement agencies does have it’s perks, it also has some drawbacks as well. When a company hands over a case to the law agencies the company in context loses any say in the investigation, the agencies do not allow the company to make any decisions regarding the investigation. The agencies also take over any data or resource that may help in their investigations, usually in such cases they are critical infrastructures and valuable data. Due to the agencies acquirement of such resources, the company suffers a huge time delay and indirectly profit loss, that as a whole affects the company’s value. Due to the agency’s involvement the incident may leak to the press that can damage the company’s reputation and reliability.

In my opinion involving the law enforcement agencies has it’s pros and cons which have to be carefully examined and calculated before making any decision to escalate the incident. The company has to make a decision that is most profitable to them.

References

[1] retrieved from https://www.fbi.gov/news/stories/new-us-cyber-security-policy-codifies-agency-role

[2] retrieved from https://www.fbi.gov/investigate/cyber

[3] retrieved from http://itlaw.wikia.com/wiki/Executive_Order_13636:_Improving_Critical_Infrastructure_Cybersecurity_Incentives_Study_Analytic_Report