• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CTO-CybersecurityForum-2010-Richard Simpson

CTO-CybersecurityForum-2010-Richard Simpson






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    CTO-CybersecurityForum-2010-Richard Simpson CTO-CybersecurityForum-2010-Richard Simpson Presentation Transcript

    • A Survey of International Efforts to Combat Cybercrime
      CTO Cyber-Security Forum
      London, June 18, 2009
      Richard Simpson
      e-Novation Consulting
    • The Global Internet Economy
      Worldwide E-Commerce Sales
      Worldwide e-commerce spending projected to grow at CAGR of 23%, exceeding $8.75 trillion in 2009
      The growth of B2B spending is comparably strong at CAGR of 22%, amounting to $7.6 trillion by 2009
      Source: IDC, Worldwide Internet Usage and Commerce 2005-2009 Forecast update, April 2007
    • Online threats are growing rapidly
      • Spam volumes remain high
      • 75 to 90% of email traffic is spam
      • represents hundreds of billions of messages
      • New, more sophisticated and dangerous forms of spam continue to appear, and are increasingly the source of network damage and online fraud
      • Now have a myriad of threats that go well beyond spam
      • phishing, botnets, spyware, computer viruses, & malware
      Sources: Messaging Anti-Abuse Working Group - MAAWG, 2nd Quarter, 2007; using 510 million mailboxes as a base
      Sophos Security Threat Report, July 25, 2007
    • Increasing costs
      Growth of spam and related threats now a major drag on productivity and business competitiveness
      Costs to business and consumers estimated at $100 billion per year globally (Ferris Research, February 2007)
      • Phishing estimated at $850/incident and total damage to US economy is $630 million*
      • Spyware estimated at $100/incident and total damage to US economy is $2.6 billion*
      * Source: Consumer Reports, State of the Net 2006
    • Eroding trust and confidence
      Users changing their online practices due to security concerns
      Consumers losing trust in online banking and other services
      Business costs and concerns are mounting
      Slowing down investment and innovation
    • 3-Tier Cyber Defence Strategy
      A multi-level, integrated set of tools are needed to make the Internet a safer and more secure environment for both business and consumers.
      • Law Enforcement and National Security
      • Ground Rules for the Internet Economy
      • Private Sector Self-Protection
    • 7
      Law Enforcement & National Security
      The Council of Europe’s Convention on Cybercrime
      First international treaty on crimes committed via the Internet
      Copyright infringement
      Computer-related fraud
      Child pornography
      Violations of network security
      Seeks to harmonize national laws across signatories to facilitate international cooperation and improve investigative techniques
      43 signatories including non-European countries such as Canada, Japan, and the United States, 21 countries have ratified (2009)
    • 8
      Law Enforcement & National Security
      The G8 High-Tech Crime Subgroup
      Enhances the abilities of law enforcement and industry to gather information on, prevent, investigate, and prosecute criminal and terrorist acts that make use of computer networks and wireless technologies.
      Experts drawn from private and public sector
      Builds upon mutual law enforcement channels (24/7 Contact Network)
      Shares and expands understanding of investigative techniques
      International recommendations include:
      Principles and Action Plan on High-Tech and Computer-related Crime (1997)
      Recommendations for Tracing Networked Communications Across National Borders in Terrorist and Criminal Investigations (2002)
      G8 Statement on Data Protection Regimes (2002)
    • 9
      Ground Rules for Online Markets
      Working in concert with the private sector, governments have the primary responsibility to develop and implement a clear and consistent set of legal ground rules for the online marketplace, consisting of civil law remedies and regulatory instruments for:
      Protecting personal information (privacy)
      Combating spam and related threats
      Mandating data breach notification
      Supporting industry-wide standards for network protection
      Curtailing offensive content
    • 10
      Ground Rules for Online Markets
      Due to the borderless nature of the online marketplace, domestic laws and policies are heavily dependent on effective arrangements for international cooperation.
      Current venues for inter-governmental cooperation
      Organization for Economic Cooperation and Development (OECD)
      Asia-Pacific Economic Cooperation (APEC)
      Internet Governance Forum
      London Action Plan
    • 11
      OECD Policy Instruments
      Guidelines on the Protection of Privacy and Transborder Flows of Data and Personal Information (1980)
      Guidelines for the Security of Information Systems and Networks (2002)
      Guidelines for Electronic Authentication (forthcoming)
      Recommendation on Cross-Border Co-operation in the Enforcement of Laws against Spam (2006)
      Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy (forthcoming)
      Anti-Spam Toolkit (2006)
      Cross-border Privacy Law Enforcement (forthcoming)
      OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea):
      The Future of the Internet Economy
    • 12
      OECD Forward Work Plan
      Management of digital identities
      Guidance for the protection of critical information infrastructures
      Malware – analytical report and policy guidance
      Review of Guidelines for the Security of Information Systems and Networks (2002) with a view toward improving international cooperation
      OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea):
      The Future of the Internet Economy
    • 13
      APEC Initiatives
      Telecommunications and Information Working Group (TEL)
      Frameworks and policy guidance for telecommunications and information technologies
      Capacity building initiatives (e.g. legislative frameworks for cybercrime)
      Areas of focus include communications infrastructure and cybersecurity
      The APEC Cybersecurity Strategy aims to:
      Harmonize legal systems in member states
      Improve information sharing and cooperation
      The APEC Strategy to Ensure Trusted, Secure and Sustainable Online Environment aims to:
      Encourage close information security collaboration between public and private sector entities
      Identifies key areas that require increased attention and stronger cooperation
    • New forum (est. 2006) for multi stakeholder policy dialogue
      Supports the United Nations Secretary-General in carrying out the mandate from the World Summit on the Information Society (WSIS)
      Information and Network security a key focus area
      Raises awareness across levels
      Law Enforcement
      Technological advances
      Internet Governance Forum (IGF)
    • 15
      Private Sector Self--Protection
      Messaging Anti-Abuse Working Group (MAAWG)
    • Challenge and Response
      A safe and secure Internet is essential in order to:
      Maximize the social and economic benefits of the Information society
      Assure proper functioning of critical information infrastructures
      Build trust and confidence in e-business and e-government
      Given the global and interconnected nature of the Internet:
      International cybercrime policy and law enforcement remains a significant challenge
      International cooperation is multi-layered: legal, policy, and technological
      Governments, civil society, public and private stakeholders are working together under the auspices of international fora such as OECD, G8, APEC, and the Internet Governance Forum (IGF) to build a safer and more secure Internet.
    • 17
      A Tool Kit Approach
      Public Policy
      • Unilateral
      • Bilateral
      • Multilateral
      • Countermeasures
      • Security by design
      Law Enforcement
      • Investigative techniques
      Private Sector Codes
      • MAAWG Code of Conduct
      Public/Private Partnerships
      • Mulit-Stakeholder
      Legal Frameworks
      • Domestic & International
    • 18
      Strong criminal law and effective law enforcement, including inter-jurisdictional cooperation, are critically important BUT
      Robust domestic and international frameworks outside of the criminal law sphere are critical to enhance the power of the Internet as a medium and driver for economic growth
      Multi-stakeholder involvement is essential for developing private sector, voluntary measures aimed at protecting the Internet economy (i.e. standards and codes of conduct)
    • 19
      Information Sources
      OECD: Committee for Information, Computer and Communications Policy (ICCP)www.oecd.org/sti/security-privacy
      OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea): The Future of the Internet Economyhttp://www.oecd.org/site/0,3407,en_21571361_38415463_1_1_1_1_1,00.html
      The G8: High-tech Crime Subgrouphttp://www.g7.utoronto.ca/crime
      APEC: Telecommunications and Information Working Group (TEL)http://www.apec.org/apec/apec_groups/working_groups/telecommunications_and_information.html
      Internet Governance Forum (IGF) http://www.intgovforum.org
      Council of Europe: Convention on Cybercrimehttp://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=6/4/2007&CL=ENG
      Industry Canada: Electronic Commerce Branchhttp://e-ecom.ic.gc.ca