CTO-CybersecurityForum-2010-Richard Simpson


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CTO-CybersecurityForum-2010-Richard Simpson

  1. 1. A Survey of International Efforts to Combat Cybercrime<br />CTO Cyber-Security Forum<br />London, June 18, 2009<br />Richard Simpson<br />e-Novation Consulting<br />
  2. 2. The Global Internet Economy<br />Worldwide E-Commerce Sales<br />Worldwide e-commerce spending projected to grow at CAGR of 23%, exceeding $8.75 trillion in 2009<br />The growth of B2B spending is comparably strong at CAGR of 22%, amounting to $7.6 trillion by 2009<br />Source: IDC, Worldwide Internet Usage and Commerce 2005-2009 Forecast update, April 2007<br />
  3. 3. Online threats are growing rapidly<br /><ul><li>Spam volumes remain high
  4. 4. 75 to 90% of email traffic is spam
  5. 5. represents hundreds of billions of messages
  6. 6. New, more sophisticated and dangerous forms of spam continue to appear, and are increasingly the source of network damage and online fraud
  7. 7. Now have a myriad of threats that go well beyond spam
  8. 8. phishing, botnets, spyware, computer viruses, & malware</li></ul>Sources: Messaging Anti-Abuse Working Group - MAAWG, 2nd Quarter, 2007; using 510 million mailboxes as a base<br />Sophos Security Threat Report, July 25, 2007<br />
  9. 9. Increasing costs<br />Growth of spam and related threats now a major drag on productivity and business competitiveness<br />Costs to business and consumers estimated at $100 billion per year globally (Ferris Research, February 2007)<br /><ul><li>Phishing estimated at $850/incident and total damage to US economy is $630 million*
  10. 10. Spyware estimated at $100/incident and total damage to US economy is $2.6 billion*</li></ul>* Source: Consumer Reports, State of the Net 2006<br />
  11. 11. Eroding trust and confidence <br />Users changing their online practices due to security concerns<br />Consumers losing trust in online banking and other services<br />Business costs and concerns are mounting<br />Slowing down investment and innovation<br />
  12. 12. 3-Tier Cyber Defence Strategy<br />A multi-level, integrated set of tools are needed to make the Internet a safer and more secure environment for both business and consumers.<br /><ul><li>Law Enforcement and National Security
  13. 13. Ground Rules for the Internet Economy
  14. 14. Private Sector Self-Protection</li></li></ul><li>7<br />Law Enforcement & National Security<br />The Council of Europe’s Convention on Cybercrime<br />First international treaty on crimes committed via the Internet<br />Copyright infringement<br />Computer-related fraud<br />Child pornography<br />Violations of network security<br />Seeks to harmonize national laws across signatories to facilitate international cooperation and improve investigative techniques<br />43 signatories including non-European countries such as Canada, Japan, and the United States, 21 countries have ratified (2009)<br />
  15. 15. 8<br />Law Enforcement & National Security<br />The G8 High-Tech Crime Subgroup <br />Enhances the abilities of law enforcement and industry to gather information on, prevent, investigate, and prosecute criminal and terrorist acts that make use of computer networks and wireless technologies.<br />Experts drawn from private and public sector<br />Builds upon mutual law enforcement channels (24/7 Contact Network)<br />Shares and expands understanding of investigative techniques<br /> International recommendations include:<br />Principles and Action Plan on High-Tech and Computer-related Crime (1997)<br />Recommendations for Tracing Networked Communications Across National Borders in Terrorist and Criminal Investigations (2002)<br />G8 Statement on Data Protection Regimes (2002)<br />
  16. 16. 9<br />Ground Rules for Online Markets<br />Working in concert with the private sector, governments have the primary responsibility to develop and implement a clear and consistent set of legal ground rules for the online marketplace, consisting of civil law remedies and regulatory instruments for:<br />Protecting personal information (privacy)<br />Combating spam and related threats<br /> Mandating data breach notification<br />Supporting industry-wide standards for network protection<br />Curtailing offensive content<br />
  17. 17. 10<br />Ground Rules for Online Markets<br />Due to the borderless nature of the online marketplace, domestic laws and policies are heavily dependent on effective arrangements for international cooperation. <br />Current venues for inter-governmental cooperation<br />Organization for Economic Cooperation and Development (OECD)<br />Asia-Pacific Economic Cooperation (APEC)<br />Internet Governance Forum<br />London Action Plan<br />
  18. 18. 11<br />OECD Policy Instruments<br />Guidelines<br /> Guidelines on the Protection of Privacy and Transborder Flows of Data and Personal Information (1980)<br /> Guidelines for the Security of Information Systems and Networks (2002)<br /> Guidelines for Electronic Authentication (forthcoming)<br />Recommendations<br /> Recommendation on Cross-Border Co-operation in the Enforcement of Laws against Spam (2006)<br /> Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy (forthcoming)<br />Toolkits<br /> Anti-Spam Toolkit (2006)<br /> Cross-border Privacy Law Enforcement (forthcoming)<br />OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea):<br />The Future of the Internet Economy<br />
  19. 19. 12<br />OECD Forward Work Plan<br />Management of digital identities<br />Guidance for the protection of critical information infrastructures<br />Malware – analytical report and policy guidance<br />Review of Guidelines for the Security of Information Systems and Networks (2002) with a view toward improving international cooperation<br />OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea):<br />The Future of the Internet Economy<br />
  20. 20. 13<br />APEC Initiatives<br />Telecommunications and Information Working Group (TEL)<br />Frameworks and policy guidance for telecommunications and information technologies<br />Capacity building initiatives (e.g. legislative frameworks for cybercrime)<br />Areas of focus include communications infrastructure and cybersecurity<br />The APEC Cybersecurity Strategy aims to:<br />Harmonize legal systems in member states<br />Improve information sharing and cooperation<br />The APEC Strategy to Ensure Trusted, Secure and Sustainable Online Environment aims to:<br />Encourage close information security collaboration between public and private sector entities<br />Identifies key areas that require increased attention and stronger cooperation<br />
  21. 21. New forum (est. 2006) for multi stakeholder policy dialogue<br />Supports the United Nations Secretary-General in carrying out the mandate from the World Summit on the Information Society (WSIS)<br />Information and Network security a key focus area<br />Raises awareness across levels<br />Legislative<br />Regulatory<br />Law Enforcement<br />Technological advances<br />14<br />Internet Governance Forum (IGF)<br />
  22. 22. 15<br />Private Sector Self--Protection<br />Messaging Anti-Abuse Working Group (MAAWG)<br />
  23. 23. Challenge and Response<br />A safe and secure Internet is essential in order to:<br />Maximize the social and economic benefits of the Information society<br />Assure proper functioning of critical information infrastructures<br />Build trust and confidence in e-business and e-government<br />Given the global and interconnected nature of the Internet: <br />International cybercrime policy and law enforcement remains a significant challenge<br />International cooperation is multi-layered: legal, policy, and technological<br />Governments, civil society, public and private stakeholders are working together under the auspices of international fora such as OECD, G8, APEC, and the Internet Governance Forum (IGF) to build a safer and more secure Internet.<br />
  24. 24. 17<br />A Tool Kit Approach<br />Public Policy<br /><ul><li> Unilateral
  25. 25. Bilateral
  26. 26. Multilateral</li></ul>Technology<br /><ul><li> Countermeasures
  27. 27. Security by design</li></ul>Law Enforcement<br /><ul><li> Investigative techniques</li></ul>Private Sector Codes<br /><ul><li> MAAWG Code of Conduct</li></ul>Public/Private Partnerships<br /><ul><li>Mulit-Stakeholder</li></ul>Legal Frameworks<br /><ul><li> Domestic & International</li></li></ul><li>18<br />Conclusions<br />Strong criminal law and effective law enforcement, including inter-jurisdictional cooperation, are critically important BUT<br />Robust domestic and international frameworks outside of the criminal law sphere are critical to enhance the power of the Internet as a medium and driver for economic growth<br />Multi-stakeholder involvement is essential for developing private sector, voluntary measures aimed at protecting the Internet economy (i.e. standards and codes of conduct)<br />
  28. 28. 19<br />Information Sources<br />OECD: Committee for Information, Computer and Communications Policy (ICCP)www.oecd.org/sti/security-privacy<br />OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea): The Future of the Internet Economyhttp://www.oecd.org/site/0,3407,en_21571361_38415463_1_1_1_1_1,00.html<br />The G8: High-tech Crime Subgrouphttp://www.g7.utoronto.ca/crime<br />APEC: Telecommunications and Information Working Group (TEL)http://www.apec.org/apec/apec_groups/working_groups/telecommunications_and_information.html<br />Internet Governance Forum (IGF) http://www.intgovforum.org<br />Council of Europe: Convention on Cybercrimehttp://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=6/4/2007&CL=ENG<br />Industry Canada: Electronic Commerce Branchhttp://e-ecom.ic.gc.ca<br />