Cyber Security Industry Alliance Newsletter •  Volume 3, Number 12  • November 2007

President's Message

  Tim Bennett

While much has been written in recent years about the growing cybercrime problem, the best job at capturing the nature and extent of the problem and what is being done about it is the recent "Ghosts in the Browser" three-part investigative series prepared by Ryan Blitstein of the San Jose Mercury News. His investigation began with the goal of answering the question of whether in fact there really is a data security threat. Blitstein's series concludes that the threat is real, growing rapidly by the minute, increasingly professionalized, costing consumers and businesses lots of money, and that corporate leaders, government and average citizens have failed to comprehend the mounting threat and fight back. We couldn't have said it better.

The information security problem is global in nature and bigger than what any individual government or law enforcement agency can address alone. However, it is the very enormity of the challenge that should make it clear to all that there is no so-called "silver bullet" solution to this growing problem. Instead, it requires multiple actions in several layers: some legislative, some in management attitudes, some in employee cultures, some in public awareness and education, and continous technological innovation.

Everyone using the Internet — from business entities to consumers to educational institutions to governments — must assist in this effort by taking steps to improve the protection of personally identifiable information and government classified data. Steps include a combination of expanded use of preventative and monitoring software and hardware technology; legislation requiring security programs be in place; increased civil and criminal penalties under U.S. law; increased funding for federal enforcement agencies; a new, coordinated federal program for training and sustaining local cyber law enforcement teams; increased international cooperation beyond the Council of Europe's Convention on Cybercrime, such as the promising International Telecommunications Union Working Group on cybercrime; and expanded public education efforts.

  

With the recent report that the war in Iraq has now cost at least $1.2 trillion (which unfortunately includes some significant amounts of waste and fraud), it's time for U.S. policymakers to consider directing adequate resources to also fighting the very real, growing, and costly threat posed by cyber crime.

Action is needed now. That's why the rapid consideration over the past month and unanimous approval on November 15 by the U.S. Senate of the Leahy-Specter Identity Theft and Restitution Act is encouraging. It demonstrates that more members of Congress are seized with the the dangers of the growing cybercrime menace and are now acting on that awareness. CSIA hopes the U.S. House will take rapid action when it returns in December on this important legislation which gives federal prosecutors critical new tools to fight identity theft and cyber crime.

At some point, Congress must also ensure that strengthening of the criminal and civil penalties is accompanied by appropriate funding. Another investigative report, also conducted by the San Jose Mercury News and released on November 18, found that "in nearly three of four cases, federal prosecutors are choosing not to pursue the computer fraud allegations that investigators bring them." There are multiple reasons for this stunning finding, but inadequate resources is the primary cause. With the recent report that the war in Iraq has now cost at least $1.2 trillion (which unfortunately includes some significant amounts of waste and fraud), it's time for U.S. policymakers to consider directing adequate resources to also fighting the very real, growing, and costly threat posed by cyber crime. The cyber crime challenge is a war too.

I want to end this letter on a positive note and do so by applauding the recent formation of an independent commission to examine the cyber vulnerabilities faced by the U.S. The commission is sponsored by the Center for Strategic and International Studies, made up of 32 leading experts, and focused on preparing a non-partisan set of recommendations for the next U.S. President on how to organize and prioritize efforts to secure America's computer networks and critical infrastructure. While CSIA strongly hopes to see the 110th Congress complete the cybercrime legislation and also pass a federal data security and breach notification bill well before next November's election, the work of this new Commission (which has already begun) is a very welcome action and should help jump start the next Administration in addressing these critical issues.

 

Tim Bennett
President