Lock, stock and smoking keyboards: IGF-USA panel discusses cybercrime in a global perspective
The blame goes to all parties involved. Every time a phishing scam succeeds, an account is broken into or money stolen right from a bank account, while it’s ultimately the fault of the perpetrator of the crime, those who created the security software, the regulators who are supposed to be on watch and the individual user who gives out their private information are all complicit in cybercrime. That was the viewpoint of participants in a cybercrime panel at IGF-USA Oct. 2, 2009, in Washington, D.C.
President Barack Obama has, both during the campaign and in the initial stages of his presidency, said that he is looking to make cybersecurity a major focus of his administration, and part of this effort has led to this month serving as cybersecurity awareness month, but where should that awareness be cultivated?
“Whatever the U.S. policy is, it’s inextricably intertwined with the global policy,” said Christopher Painter, acting senior director for cybersecurity at the National Security Council.
But how can that policy be enforced? Threats to the integrity of the world’s online networks can emerge from anywhere at any time, and are nearly impossible to both prevent and punish.
“There is no static cyber threat, there is no one place to focus,”said Jennifer Warren, vice president of technology policy and regulation and government and regulatory affairs at Lockheed Martin Global Telecommunications.
Don Blumenthal, the senior principal with Global Cyber Risk, stood firm by the need for landmark cases to serve as a disincentive for criminals who look at the history of online law enforcement and see that there are few punitive dangers waiting before them.
But if everyone on the panel can agree that there’s a need for more punitive measures, an acknowledgment that everyone, both individual, corporate, governmental and internationally needs to work together in preventing cybercrime and the critical need for more education in regard to teaching the public about the steps that they can take to try and staunch the flood of online security threats; why hasn’t anything been done yet?
Security professionals are good at making sure that nothing happens. – Ken Silva, chief technology officer at VeriSign.
At every step of the way, people on every rung of the online ladder point the finger at a group either beneath or above them. Teachers, saying they have too much on their plate, encourage students to engage with the Internet without teaching them any safety precautions, thinking that the technology will take care of it. The techies create their software, knowing full well, as Silva sternly said, that the static password system that serves as the predominant backbone of most citizens’ security measures, has been out of date since its inception years ago. And the government, who the techies look toward with hopes of enforcement, have their hands tied due to lacks of funds, manpower and the shifty international waters that impede progress in quickly catching and apprehending criminals.
Several ideas were floated during the panel’s discussion, including a newfound emphasis on the K-12 education on cybersecurity, a nationwide campaign to build up a public consciousness of the need for more active individual activism in maintaining cybersecurity similar to that of Smokey the Bear and putting together a universal set of standards as to what cybercrimes are so that some progress could be made in instituting some international laws to assist in tracking and apprehending international security threats (which comprise a majority of security breaches in the U.S.).
But all of the panelists involved in this discussion knew full well that to implement even one of these measures would require a degree of consensus and effort that, so far, has been remarkably difficult to come by.
-Morgan Little, http://www.imaginingtheinternet.org