Your SlideShare is downloading. ×
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES  IN CYBERSPACE
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

INTERNATIONAL SECURITY MEASURES IN CYBERSPACE

1,023

Published on

Presented by Prof. Dr. Marco Gercke in The Indonesia Information Security Forum 10.10.2012, Bandung, Indonesia

Presented by Prof. Dr. Marco Gercke in The Indonesia Information Security Forum 10.10.2012, Bandung, Indonesia

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,023
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
88
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. INTERNATIONAL SECURITY MEASURES IN CYBERSPACE Indonesia Information Security Forum 10.10.2012, Bandung, Indonesia Prof. Dr. Marco GerckeCybercrime Page: 1
  • 2. WHAT ARE CYBER SECURITY MEASURES BRINGING CYBER SECURITY AND CYBERCRIME INTO CONTEXTCybercrime Page: 2
  • 3. CYBERCRIME / CYBERSECURITY •  Cybersecurity is broader than just Components of Cybersecurity Cybercrime Strategy (based on ITU GCA) •  If a government employee accidentally drops an external storage device with important data that were not included in backup-plans it is a serious Cybersecurity incident – but not a crime •  Based on the ITU Global Cybersecurity Agenda (GCA) it is possible to divide between 5 different pillars related to Cybersecurity (legal measures, technical Measures Legal Measures Techn. / Proced. Structures Organizational Building Capacity Cooperation International and procedural measures, organizational structures, capacity building and international cooperationCybercrime Page: 3
  • 4. CYBERCRIME / CYBERSECURITY •  Within all pillars Cybercrime needs to be Components of Cybersecurity addressed Strategy (based on ITU GCA) •  In some pillars (such as international cooperation) Cybercrime may even be the dominant part (international cooperation in Cybercrime investigations) •  The same is relevant with regard to legal measures. Cybercrime legislation is in many country the most complex part of a Cybersecurity legal framework Measures Legal Measures Techn. / Proced. Structures Organizational Building Capacity Cooperation International •  But it is important to always keep in mind that in each pillar other issues will need to be addressed.Cybercrime Page: 4
  • 5. CYBERCRIME / CYBERSECURITY •  And it is important to see that some Components of Cybersecurity components are not solely related to Strategy (based on ITU GCA) Cybercrime •  Example: CERT •  Preventing Cybercrime, analysing trends related to Cybercrime, development of tools in the fight against Cybercrime, capacity building and support of law CERT enforcement agencies in fighting Cybercrime can be important tasks for a cert Measures Legal Measures Techn. / Proced. Structures Organizational Building Capacity Cooperation International •  But not all work of a CERT will be related to CybercrimeCybercrime Page: 5
  • 6. GLOBAL STANDARDSCybercrime page: 6
  • 7. TCP/IP •  The Internet uses globally applicable technical standards •  Whoever does not apply the global standards is in most cases excluded from using the network Picture removed in print version Bild zur Druckoptimierung entfernt •  With regard to Cybersecurity there is a IOL News 2011 lack in applying global standardsCybercrime Page: 7
  • 8. WHAT IS COMPUTER CRIME AND CYBERCRIMECybercrime page: 8
  • 9. 198oth •  Increasing use of personal computers •  Lead to an increase in the potential number of targets •  First cases of software piracy •  In addition malicious software was more frequently produced and distributed Picture removed in print version Bild zur Druckoptimierung entfernt Source: Wikipedia with ref to B. BertramCybercrime page: 9
  • 10. 198oth - HISTORY OF VIRUSES •  1982 the “Elk Cloner” virus was created (by Rich Skrenta). Designed for Apple OS •  1986 “Brain Virus” was identified. Virus was designed for MS-DOS Picture removed in print version Bild zur Druckoptimierung entfernt Example •  1986 the the file virus “Virdem” followed •  1990 the first polymorph virus attack “Tequila” was startedCybercrime Seite: 10
  • 11. 198oth- MATH VIRUS •  „Math virus“ stopped the computer after 30 steps and displays a simple addition or subtraction questions •  Execution of the program is denied unless the correct answer is given by the user Picture removed in print version Bild zur Druckoptimierung entfernt Math VirusCybercrime Seite: 11
  • 12. 198oth – WALKER VIRUS •  Relatively harmless virus •  Walker virus: Displays occasionally an animation Picture removed in print version Bild zur Druckoptimierung entfernt Walker VirusCybercrime Seite: 12
  • 13. 199oth •  Introduction of the graphical user interface WWW (World Wide Web) in the 1990th lead to an increasing popularity of the network •  It became easier to use the services offered •  In addition it enabled the spreading of Picture removed in print version pictures, audio and video Bild zur Druckoptimierung entfernt Source: Wikipedia with ref. to Cailliau •  In addition the Internet eased transnational communication •  Went along with several challenges for law enforcementCybercrime page: 13
  • 14. 1990th - VIRUS •  While in the 1980th the speed of the distribution was limited due to the distribution by physical data storage media exchange it was less limited with the intensive use of the Internet Picture removed in print version Bild zur Druckoptimierung entfernt ExampleCybercrime Seite: 14
  • 15. ACTIVITIES OF REG. AND INT. ORGANIZATIONS RELATED TO CYBERCRIMECybercrime page: 15
  • 16. COMMONWEALTH OF NATIONS •  The Commonwealth of Nations is a voluntary association of sovereign states •  Currently 53 associated states •  In 2002 the Commonwealth presented Picture removed in print version Bild zur Druckoptimierung entfernt a model law on Cybercrime that COMMONWEALTH MEMBER STATES provides a legal framework to address Cybercrime •  The model law was intentionally drafted in accordance with the Convention on CybercrimeGercke, Cybercrime Page: 16
  • 17. ECONOMIC COMMUNITY OF WEST AFR. •  The Economic Community of West African States is a regional group of west African Countries •  Founded in 1975 it has currently fifteen member states Picture removed in print version Bild zur Druckoptimierung entfernt •  In 2009 ECOWAS adopted the Directive ECOWAS MEMBER STATES on Fighting Cybercrime in ECOWAS that provides a legal framework for the member states •  Directive includes substantive criminal law as well as procedural lawGercke, Cybercrime Page: 17
  • 18. EAST AFRICAN COMMUNITY •  5 Member states (Kenya, Uganda, Tanzania, Burundi, Rwanda) •  Within the framework of an update of ICT legislation (EAC Legal Framework for Cyberlaws) EAS also addressed the issues of Cybercrime Picture removed in print version Bild zur Druckoptimierung entfernt EAC MEMBER STATES •  Provisions dealing with the criminalisation of certain conduct became part of the draft legislationGercke, Cybercrime Page: 18
  • 19. EUROPEAN UNION •  The European Union is a political Union of 27 member states •  One of the mandate of the EU is to harmonise legislation in selected areas •  It has adopted several Framework Decision and Directives to harmonise Picture removed in print version the legislation with regard to Cybercrime Bild zur Druckoptimierung entfernt •  The 27 member states are obliged to EUROPEAN UNION implement the legislation within the given time periodGercke, Cybercrime Page: 19
  • 20. EUROPEAN COMMUNITY / UNION FD Attacks Information Systems FD Child Pornography Dir. Data Retention FD Combating Fraud Amendment FD TerrorismCounc. D. Child Pornography Draft Directive Child Pornography Draft Directive Attacks Information Systems 97 98 99 00 01 02 03 04 05 06 07 08 09 10 10 11 Safer Information Society General Policy Cybercrime eEurope Action Plan Action plan harmful content Communication harmful content Cybercrime Page: 20
  • 21. COUNCIL OF EUROPE •  Council of Europe is an international organisation focusing on the European integration •  47 member states •  Convention on Cybercrime (2001) Picture removed in print version Bild zur Druckoptimierung entfernt COUNCIL OF EUROPE •  First addition protocol to the Convention on Cybercrime (2003) •  Convention on the protection of children against sexual exploitation and sexual abuse (2007)Gercke, Cybercrime Page: 21
  • 22. UNITED NATIONS •  United Nations Organisation is an international organisation (192 member states) •  In 1990 the UN GA adopted a resolution dealing with computer crime legislation •  In 2000 the UN GA adopted a resolution Picture removed in print version on combating the criminal misuse of Bild zur Druckoptimierung entfernt information technology UNITED NATIONS ORGANISATION •  In 2002 the UN GA adopted a second resolution on the criminal misuse of information technologyGercke, Cybercrime Page: 22
  • 23. Cybercrime Law Criminal EU DI Child Pornography (2011) EU FD Child Pornography (2003) EU FD Non-Cash Payment (2001) Commonwealth Model Law (2002) CoE Cybercrime Convention (2001) Substantive Draft African Union Convention (2011) HIPCAR Cybercrime Model Law (2010) EU Draft DI Attacks Information S. (2011) CoE Convention Protection Children (2007) EU FD Attacks Information Systems (2005) Illegal Access to a Computer ✔ ✔ ✔ ✔ Illegal Remaining in a Computer System Interference ✔ Illegal Interception ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Illegal Access to Computer Data Illegal Data Input ✔ Illegal Aquisition of Comp. Data Illegal Data Interference ✔ ✔ ✔ ✔ ✔ ✔ Illegal Use of Data Violation of Data Protection Regul. Illegal Devices / Misuse of Devices ✔ ✔ Computer-related Fraud ✔ ✔ Computer-related Forgery ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Indecent Material Pornography Child Pornography ✔ ✔ ✔ ✔ ✔ Solicitation of Children ✔ ✔ ✔ ✔ ✔ Dissemination of Racistic Material ✔ Identity-related Crime SPAM Threat and Harassment ✔ ✔ ✔ Disclosure of an Investigation ✔ Copyright Violation ✔ Violation of Secrecy ✔page: 23
  • 24. UN MEMBER STATESCybercrime Page: 24
  • 25. UN MEMBER STATESCybercrime Page: 25
  • 26. COE MEMBER STATESCybercrime Page: 26
  • 27. COE MEMBER STATES WHO WAS INVITED TO DRAFT ?Cybercrime Page: 27
  • 28. COE MEMBER STATES IMPLEMENTATION 10 YEARSCybercrime Page: 28
  • 29. BRINGING LEGISLATION INTO CONTEXTCybercrime page: 29
  • 30. COMPONENTS Substantive Criminal Law Procedural Law International Cooperation Convention on CybercrimeCybercrime Page: 30
  • 31. National Cybersecurity StrategyCybercrime Cybercrime Technology, Policy CERT, .... COMPONENTS Criminal Crime Prevention, Law Technology Liability of ISPs Procedural Law Electronic Evidence Substantive Criminal Law International Cooperation Trained Investigators Equiptment TrainingPage: 31
  • 32. Prof. Dr. Marco Gercke Niehler Str. 35 D-50733 Cologne, Germany gercke@cybercrime.de www.cybercrime-institute.comCybercrime Page: 32

×