HANOVER, NH -- Corporations need to reliably report cybercrime incidents to federal law enforcement to help the government more effectively combat online attackers, representatives of the U.S. Department of Justice told attendees on Friday at the Workshop on the Economics of Information Security.

Without better disclosure, government agencies will more likely misallocate funds to fight the wrong crimes and other companies will never be warned about a specific type of attack, said James Burrell, a special agent in the FBI's Boston cybercrime office, which handles investigations for Maine, Massachusetts, New Hampshire and Vermont.

"If I'm not getting the reports in, then I may not be putting adequate resources into this issue," Burrell said.

While fighting the online exploitation of children has been a high priority for the department, the increasing incident of network intrusions into companies and government systems has become the top priority, he said. Currently, about 80 percent of the Boston office's cases are network intrusion, according to Burrell.

A recent report found that two-thirds of all attacks target confidential information. The FBI and the U.S. Department of Justice have created a 24/7 response group with 48 other countries to handle responses to cybercrime, he said.

Companies should also consider that by making information available to law enforcement and industry-specific information sharing groups, they are protecting their peers, Arnold Huftalen, an assistant U.S. Attorney for the New Hampshire District told WEIS 08 attendees.

"If a company doesn't make a referral ... then they may be safe, but the next company won't be," Huftalen said. "If a referral doesn't happen, then we don't have a chance."

NH State Police detective William Cantwell and Assistant Attorney General Lucy Carrillo joined the two federal officials for the presentation at Dartmouth College.

If you have tips or insights on this topic, please contact SecurityFocus.