Print 20 comment(s) - last by Zaphod Beebleb.. on Jun 26 at 2:34 PM

The internet has fostered a new wave of crime, so we must join together to stomp it out

Most of us in the field of information security know the frustration of trying to get businesses and consumers to see the value proposition of security with little or no success.  Businesses typically see security as an unwanted expenditure while consumers for the most part are oblivious to security.  There are many reasons for this lack of interest and to be honest, security ranks right up there with a trip to the dentist or doing taxes.  Security is filled with industry-specific technical jargon and it's usually way too complicated.  More significant is the fact that the full impact of cyber attacks are not just borne by individual businesses and consumers that were attacked, but by society as a whole which can cost our economy billions of dollars a year.  Because people tend to only worry about their own costs, cybersecurity is often given too little priority or neglected altogether.

The commercialization and popularization of the Internet brought all the good and the bad of the physical world to cyberspace, but the bad elements of human civilization seem to be accelerated and amplified by the convenience and anonymity of the Internet.  It is a lot easier to commit crimes in cyberspace because everything on the Internet is literally no more than a tenth of a second away.  That means there is no such thing as a "bad neighborhood" on the Internet because the Internet is all one local neighborhood.  Finding potential victims on the Internet is often as simple as a Google search for specific telltale signs of vulnerability or simply spamming every mailbox on the planet because the cost of message delivery is practically nothing.

The threats on the Internet impact everyone from consumers to businesses to government and they involve everything from nuisances like spam to major attacks that can potentially cripple major portions of the Internet.  The Internet is filled with worms, viruses, and Trojan malware that seek to hijack personal computers, and the damage from hijacked computers goes far more than the victim of the hijacking because compromised computers are used to commit cybercrimes against many other computers.  While consumers have to worry about the theft of their identity and credit cards, the damage goes far beyond the individual whose information was stolen.  Any retailer unfortunate enough to sell their goods to the credit card thief has to eat the cost of the goods and this inevitably raises the price of goods for all consumers.

Businesses face have to defend against hackers in addition to all the threats that consumers face.  Corporate espionage is another major problem for any company with any significant holdings in intellectual property and losing this data reduces that company's competitiveness.  The data being targeted isn't limited to company secrets and intellectual property and it affects customer data as well.  That means customers and other businesses who are conned into accepting stolen credit cards are impacted as well.

Governments face major threats from foreign governments or individuals who hack for profit or ideology.  From website defacement to cyber espionage, governments have their hands full defending themselves in cyberspace.  Worse yet, the threats in cyberspace can potentially spill into the physical world if Supervisory Control And Data Acquisition (SCADA) systems that control critical infrastructure are attacked.  An attack that shuts down the power grid system on a hot day not only costs money, but thousands of people can die from overheating if they lose their air conditioners.  Next month at Blackhat 2009, security researcher Mike Davis will highlight many of the glaring weaknesses in smart grid implementations.  As with most of these security failures, the problem with smart grids stem from sloppy code implementation and weak or nonexistent authentication mechanisms.

President Obama's cybersecurity plan is a great start because it makes cybersecurity a national priority.  It also gives us a centralized place where independent security professionals and industry players can discuss and plan our defenses.  Obama's plan also calls a national breach disclosure law to make businesses more accountable for their insecurities, but excessive breach disclosure requirements which don't involve actual breaches should be avoided so that consumers aren't desensitized.  Government also needs to work beyond the borders of local, state, and national boundaries because the Internet knows no such borders.

Consumers can go a long ways to protect themselves just by avoiding pirated software which can often contain malicious software.  Software makers have a responsibility to stop using sloppy coding techniques and make security a priority from the ground up.  Web application providers have a responsibility to start defaulting to secure protocols so that web accounts aren't hijacked.  Search engine providers already play a role by warning users about unsafe destinations that are known to contain malicious content.  Network operators play a critical role in locating and convicting cyber criminals because they're the only ones that can provide network access logs.  Internet service providers can go a step further with Intrusion Detection Systems and gateway antivirus solutions that stop inbound and outbound malicious attacks before they reach their intended targets.

The lesson here is that everyone has a stake in the cybersecurity of the Internet because everyone pays the price for cyber insecurities.  The challenge is too great to be tackled alone by industry or government.  The Internet is critical to the social and economic welfare of the world and it needs a comprehensive and unified effort to keep it safe.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Treat cybercriminals like drug dealers
By crystal clear on 6/24/2009 10:00:04 AM , Rating: 1
The internet has fostered a new wave of crime, so we must join together to stomp it out

Time for action - set up regional "cybercrime" squads in the police depts ( Computer Crime Units ) just like teams that handle anti-terror operations or anti-drug operations.

We need "e-crime squads" who will detect/track/prosecute these criminals.

Consumers/buyers/users hit by fraud can lodge complaints to this squad.

Treat cyber criminals like drug dealers/sex offenders & in worst cases like terrorist.

Harsh penalties & swift response is the need of the hour.

For this the police depts need additional fundings/additional qualified manpower & training plus new laws that make their operations swift & effective.

We also need international co-operations wherby cybercriminals from Russia & China can be deported to the USA to face trial & be prosecuted.

By mmcdonalataocdotgov on 6/24/2009 11:55:41 AM , Rating: 1
Your post is either missing its [sarcasm][/sarcasm] or [strident naivete][/strident naivete] tags.

By aharris on 6/24/2009 6:22:12 PM , Rating: 2
Voting you up because I was thinking the exact same thing.



RE: Treat cybercriminals like drug dealers
By crystal clear on 6/24/2009 1:22:56 PM , Rating: 2
By mmcdonalataocdotgov on 6/24/2009 2:33:05 PM , Rating: 1
I stand by my post.

"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997

Related Articles

Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki