Wednesday, April 02, 2008

NATO Summit and EU Conference address the global reaches of illict cyber activity

On the Internet -- crime, espionage and some say, terrorism can cross a border with the click of a mouse. Because of this, it probably shouldn't be surprising that this is a hot topic at the NATO summit, as well as, a seperate conference conducted by the EU.

The AP is reporting:

At a two-day conference starting Tuesday in Strasbourg, France, the Council of Europe will to review implementation of the international Convention on Cybercrime and discuss ways to improve international cooperation.

Cyber defense also will be on the agenda when heads of state from NATO's 26 member nations gather in Bucharest Wednesday for three days. The leaders are expected to debate new guidelines for coordinating cyber defense.
Cyber defense is increasingly becoming a concern. For instance, there is increasing evidence that the Chinese have been hacking into other government's systems and have a cyber war doctrine being developed.

Last year, there was the much written about attack on the government of Estonia, also.

The EU conference will also address more financially motivated criminal activity on the Internet, also.

The AP article quotes a German University Professor, Marco Gercke, who specializes in computer law as saying:

Compared to regular terror attacks, it is much easier for the offenders to hide their identity. There are at least 10 unique challenges that make it very difficult to fight computer-related crime," said Gercke, one of the conference participants. "The success rate of cybercrime is very high."
While it is unknown, whether or not, these meetings of the minds will yield any results -- the fact is that unless there is greater cooperation and collusion between the good guys -- the problems of undesirable activity being spread with the click of a mouse is likely to continue growing at an alarming rate.

A little more teamwork and forward thinking might go a long way towards solving the problem. Of course, taking some of the players out from the opposition (bad guys) would go a long way, also!

To close this brief post, I would like to point to matters a little closer at home. An American computer law expert recently wrote a forward thinking article on the Hannaford data breach, where hackers stole 4.2 million payment (credit/debit) card numbers and the recent settlement between TJX and the FTC.

In his well thought out article, Ben Wright of SANS writes:

The FTC is well-meaning here, but it is misdirected. By singling out TJX and chastising it with the “unfairness” “bad guy” rhetoric, the FTC distracts the necessary public conversation. It implies that if we can just punish these lazy merchants enough (and force them to comply with the PCI and similar controls), then credit cards will be safe. That’s wrong.

The criminal warfare directed at the credit card system is more powerful than the theory behind PCI. The whole credit card system needs to change. As a society we need to focus on beating the criminals, and stop flogging victims like TJX as unfair privacy infringers.

To me, this means that instead of spending all our resources on inadequate security and filing litigation against the "unlucky targets" of organized cyber crime, we need to start addressing the root of the problem. I'll give anyone reading this one guess, who that might be?

1 comment:

Anonymous said...

Still great site you got here Ed.
This is Daniel formerly of navytownusa...I'll be stopping in again from time to time.

Take care!

PD