Identity Improving Technical Security Privacy

Of Cybercrime and Cybersecurity

Viruses, malware, identify theft and online fraud are buzzwords that delineate the nefarious risks and activities which are common place in todays Internet. Both sober and engaging, workshop 115 on cybercrime strategies, the Commonwealth IGF cyber crime initiative and the main session on Openness, Security and Privacy addressed some of the concerns regarding the security of the current Internet infrastructure.

Workshop 115 and the cyber crime initiative by the Commonwealth IGF addressed offences committed via the Internet. I was amazed at the zeal of the panelists in articulating a multifaceted approach in confronting online crime. Their approach falls under three classifications; Technical, Capacity Building and Co-operation.

The technical aspect regards the formation of national and regional early warning systems; Computer Emergency Response Teams (CERTS) which are in the forefront of monitoring and detection of security vulnerabilities and intrusion attempts.

Capacity building involves the training of investigators, forensics and generally law enforcement in acquiring technical, legal and policy making skills and acumen in dealing with cyber crime. Panelists really stressed on this point as the scarcity or lack thereof of a hi-tech ‘SWAT team’, considerably hampered law enforcement from pursuing and acting on individuals or organisations which conducted criminal activities online. Insufficient capacity and delays in tracking criminals, leads to a cold trail which will in all likelihood increase the probability of future successful but also sophisticated attacks. Hence the call for greater co-operation among many stakeholders who value online security. Which leads me to my next point. What form of collaboration should be envisaged?

The Budapest convention on cyber crime alludes to international co-operation between states and states, state and the private sector vis a vis between the private sector and law enforcement. Panelists touted the convention as a template that most countries particularly members of the OECD and the Commonwealth can use to develop cybercrime laws. Mr Markko Künnapu – Criminal Policy Department, Ministry of Justice Estonia, citing the 2007 DDOS attacks to his homeland’s Internet infrastructure encouraged more member states to adopt the convention. He also championed the use of CERTS, building capacity and other concerted efforts in dealing with cyber crime.

A peculiarity of these workshops was the hazy distinctions between cybercrime and cyber-security strategies. Although one speaker after another stated that each strategy complements one another, cyber crime strategies went beyond mitigation of cyber attacks and included the investigation, prosecution and penalising of offenders. It was also interesting to note that despite many nation states having some form of a cyber-security strategy, a dismal number have engendered comprehensive cybercrime laws. Whether a catastrophic and crippling attack on a nation’s cyber assets would compel states to draft cybercrime laws and initiatives like in the case of Estonia remains to be seen. Furthermore, the implications of these cyber laws on user privacy and freedom of expression and the opportunities and threats these type of laws present remains indeterminate for now.