The Department of Justice, FBI, and U.S. Secret Service organizations listed below investigate violations of the federal laws described in Chapter 25. The various response teams that comprise the Forum of Incident and Response Security Teams (FIRST) do not investigate computer crimes per se, but provide assistance when security incidents occur; they also provide research, information, and support that can often keep those incidents from occurring or spreading.
Note that federal agencies often have field (local) offices where you can get more personal contact, although not all field offices are staffed by personnel with the same level of training as those at headquarters offices. You can check your phone directory for local numbers: look under "U.S. Government."
In addition to the NIPC, the FBI also runs the Infraguard?a set of regional cooperative efforts uniting the FBI and local businesses to protect against computer crime. The Infraguard links may be found on the NIPC web pages.
The Forum of Incident and Response Security Teams (FIRST) was established in March 1993. FIRST is a coalition that brings together a variety of computer security incident-response teams from the public and private sectors, as well as from universities. FIRST's constituents comprise many response teams throughout the world. FIRST's goals are to:
Boost cooperation among information technology users in the effective prevention of, detection of, and recovery from computer security incidents
Provide a means to alert and advise clients on potential threats and emerging incident situations
Support and promote the actions and activities of participating incident response teams, including research and operational activities
Simplify and encourage the sharing of security-related information, tools, and techniques
FIRST sponsors an annual workshop on incident response that includes tutorials and presentations by members of response teams and law enforcement.
FIRST was incorporated in mid 1995 as a nonprofit entity, and migrated FIRST Secretariat duties away from NIST. The Secretariat can be reached at:
FIRST consists of a large number of member organizations. Check online for the most up-to-date list of members. If you have a security problem or need assistance, first attempt to determine which of these organizations most clearly covers your operations and needs. If you are unable to determine which (if any) FIRST group to approach, call any of them for a referral to the most appropriate team.
Most of these response teams have a PGP key with which they sign their advisories or enable constituents to report problems in confidence:
Most teams monitor their phones 24 hours a day, 7 days a week.
One particularly notable FIRST team is the CERT® Coordination Center, which serves all Internet sites. CERT grew from the computer emergency response team formed by the Advanced Research Projects Agency (ARPA) in November 1988 (in the wake of the Internet Worm and similar incidents). The CERT/CC charter says that the organization will work with the Internet community to facilitate its response to computer security events involving Internet hosts, take proactive steps to raise the community's awareness of computer security issues, and conduct research into improving the security of existing systems. Their archive (http://www.cert.org) contains an extensive collection of alerts about past (and current) security problems.
You can contact CERT/CC at: