You are here: Home Knowledge Base Polity Cybercrime, Cybersecurity and the Future of the Internet Proposals Five concerns and five solutions for cybersecurity
Symposium 2010

Proposal - Five concerns and five solutions for cybersecurity

The Challenge

In the past decade, advances in communications technologies and the “informatization” of society have converged as never before in human history. This has given rise to the industrialization of ...

In the past decade, advances in communications technologies and the “informatization” of society have converged as never before in human history. This has given rise to the industrialization of a type of crime where the commodity—personal information—moves far too quickly for conventional law enforcement methods to keep pace.

Internet security doesn’t just touch on government, big business and law enforcers. It is an increasingly important concern for the average personal technology user, many of whom have little understanding of the issues and even less knowledge of the technical solutions. They just want to know that if they follow a few simple ground rules, they will be safe.

I would highlight five particular areas of concern that require appropriate solutions:

 

Data protection and privacy

On the web, personal information can be as valuable a currency as cash. Citizen’s attitudes towards the privacy of their personal information are evolving and as a result unwittingly making the challenge greater. Increasingly, the definition of privacy is changing. Where once privacy meant not revealing information unless to a trusted third party, in the social media world information is willingly shared, but privacy concerns relate to how that information is used once shared. Sites like Facebook and Google have fallen foul of users who resent their data being used in ways they did not anticipate or agree to – but who don’t mind the fact that those sites know the information itself.

What is the solution?

Without greater openness and collaboration between major online providers, privacy regulation is likely to follow. At the very least, repositories of personal information need to be proactively open about their policies and show greater respect to their users through clear signposting and feedback.

 

Better software

Much cybercrime relies on the fact software is bug-ridden or contains flaws in its design. An entire sector of the IT industry has been created off the back of security holes in Microsoft products, for example. There is a clear need and opportunity for greater industry co-operation, standardisation and testing of software products to reduce the opportunity for hackers. Too much consumer software is already being produced without consideration for security – the emergence of early viruses based around iPhone apps is a perfect example of this.

What is the solution?

Greater industry co-operation is essential. Various groups already exist, and some suppliers are teaming up to collaborate on software security, but it remains a patchwork of possible solutions. While nobody needs greater layers of bureaucracy, standards bodies should take a greater co-ordinating role to ensure a common approach across the IT industry.

 

Cyber peace

There is no Geneva Convention for the internet. We have already seen examples of alleged international cyber attacks, such as that on Estonia, and UK security services warning businesses of rampant cyber espionage originating in the Far East. We all know that, at some level, everybody is prying and spying on everybody else’s cyber presence. Many experts see a future cyber war to be inevitable – so why don’t we try to prevent it before it happens?

What is the solution?

International Telecommunications Union secretary general Hamadoun Toure recently proposed the agreement of an international cyber peace treaty whereby signatories would agree that their infrastructure would not be used, or allow it to be used, for cyber attacks. This proposal requires discussion at the highest forums.

 

Rogue states

On the internet, a rogue state is not defined by its weapons or politics but by its laws and regulations. Without a common base level of data protection and computer misuse legislation, there will always be territories that provide a safe haven for cyber criminals and hackers.

What is the solution?

Rogue states must be identified, targeted politically and persuaded to sign up to international norms on cyber crime. Involvement in key global trade bodies should be dependent on an acceptance of such regulation.

 

Protecting the little guy

Organised cyber criminals have realised that it is easier to steal $1 from a million people, than to steal $1m from one person. But in many cases, the response from law enforcement does not reflect the problem. One person complaining to the police about losing $100 through cyber crime, or the theft of personal identity information, is rarely sufficient to elicit a response. In the UK, for example, police have delegated responsibility for small-scale cyber crime reporting to the banks. How well are co-ordinated attacks spotted? Are trends and patterns sufficiently analysed? If one person loses $1m, the police response would be broad and well co-ordinated. If a cyber crook made a million from a million individuals, would they ever be caught?

What is the solution?

Banks and law enforcers need to co-ordinate better, and reporting of crimes by individuals affected needs to be simpler and better policed. Too many individuals don’t bother because they don’t believe they will be helped. Perhaps social media techniques could be used to “crowdsource” reports of theft or fraud? But in general, there needs to be a better relationship between individual and law enforcement to ensure adequate protection and detection of organised, widespread but individually low-level cyber crime.

    Related Proposals

    Proposal
    Symposium 2010

    Cybercrime, Cybersecurity and the Future of the Internet

    What is international crime? Ten years ago it was smuggling, drug trade and money laundering. But over the last ten years, we've seen an explosion of online crime. And online crime is always internati ...

    What is international crime? Ten years ago it was smuggling, drug trade and money laundering. But over the last ten years, we've seen an explosion of online crime. And online crime is always international because the internet has no borders.Local law enforcement has limited resources and expertise to investigate online crime. The victims, police, prosecutors and judges rarely uncover the full scope of these crimes. Action against online criminals is too slow, the arrests are few and far between, and too often the penalties are very lenient, especially compared to real-world crimes.That’s why I’m calling for the establishment of Internetpol

    Polity
    Proposal
    Symposium 2010

    Dealing with Cyber crime – Challenges and Solutions

    The threat from cyber crime is multi-dimensional, targeting citizens, businesses, and governments at a rapidly growing rate. Cyber criminal tools pose a direct threat to security and play an increasin ...

    The threat from cyber crime is multi-dimensional, targeting citizens, businesses, and governments at a rapidly growing rate. Cyber criminal tools pose a direct threat to security and play an increasingly important role in facilitating most forms of organised crime and terrorism. Challenge 1 There is now a sophisticated and self-sufficient digital underground economy in which data is the illicit commodity. Stolen personal and financial data – used, for example, to gain access to existing bank accounts and credit cards, or to fraudulently establish new lines of credit – has a monetary value. This drives a range of criminal activities, including

    Polity, Academia, Business, Civil Society
    Proposal
    Symposium 2010

    Cybercrime, Cybersecurity and the Future of the Internet

    There are three broad threats to internet security: cyber crime, cyber industrial espionage and cyber warfare. They represent a useful rule of thumb but are not fixed categories - they bleed into one ...

    There are three broad threats to internet security: cyber crime, cyber industrial espionage and cyber warfare. They represent a useful rule of thumb but are not fixed categories - they bleed into one another of necessity. The one common element that straddles the three threats is that at some point they involve a computer user with advanced hacking ability. Already the role of these people may be quite far removed from the action. This is due to the industrialisation of hacking tools which are now easily available: from viruses which buyers may deploy themselves through to operational botnets which can

    Academia