Your SlideShare is downloading. ×
0
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CTO-CybersecurityForum-2010-Richard Simpson

358

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
358
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. A Survey of International Efforts to Combat Cybercrime<br />CTO Cyber-Security Forum<br />London, June 18, 2009<br />Richard Simpson<br />e-Novation Consulting<br />
  • 2. The Global Internet Economy<br />Worldwide E-Commerce Sales<br />Worldwide e-commerce spending projected to grow at CAGR of 23%, exceeding $8.75 trillion in 2009<br />The growth of B2B spending is comparably strong at CAGR of 22%, amounting to $7.6 trillion by 2009<br />Source: IDC, Worldwide Internet Usage and Commerce 2005-2009 Forecast update, April 2007<br />
  • 3. Online threats are growing rapidly<br /><ul><li>Spam volumes remain high
  • 4. 75 to 90% of email traffic is spam
  • 5. represents hundreds of billions of messages
  • 6. New, more sophisticated and dangerous forms of spam continue to appear, and are increasingly the source of network damage and online fraud
  • 7. Now have a myriad of threats that go well beyond spam
  • 8. phishing, botnets, spyware, computer viruses, &amp; malware</li></ul>Sources: Messaging Anti-Abuse Working Group - MAAWG, 2nd Quarter, 2007; using 510 million mailboxes as a base<br />Sophos Security Threat Report, July 25, 2007<br />
  • 9. Increasing costs<br />Growth of spam and related threats now a major drag on productivity and business competitiveness<br />Costs to business and consumers estimated at $100 billion per year globally (Ferris Research, February 2007)<br /><ul><li>Phishing estimated at $850/incident and total damage to US economy is $630 million*
  • 10. Spyware estimated at $100/incident and total damage to US economy is $2.6 billion*</li></ul>* Source: Consumer Reports, State of the Net 2006<br />
  • 11. Eroding trust and confidence <br />Users changing their online practices due to security concerns<br />Consumers losing trust in online banking and other services<br />Business costs and concerns are mounting<br />Slowing down investment and innovation<br />
  • 12. 3-Tier Cyber Defence Strategy<br />A multi-level, integrated set of tools are needed to make the Internet a safer and more secure environment for both business and consumers.<br /><ul><li>Law Enforcement and National Security
  • 13. Ground Rules for the Internet Economy
  • 14. Private Sector Self-Protection</li></li></ul><li>7<br />Law Enforcement &amp; National Security<br />The Council of Europe’s Convention on Cybercrime<br />First international treaty on crimes committed via the Internet<br />Copyright infringement<br />Computer-related fraud<br />Child pornography<br />Violations of network security<br />Seeks to harmonize national laws across signatories to facilitate international cooperation and improve investigative techniques<br />43 signatories including non-European countries such as Canada, Japan, and the United States, 21 countries have ratified (2009)<br />
  • 15. 8<br />Law Enforcement &amp; National Security<br />The G8 High-Tech Crime Subgroup <br />Enhances the abilities of law enforcement and industry to gather information on, prevent, investigate, and prosecute criminal and terrorist acts that make use of computer networks and wireless technologies.<br />Experts drawn from private and public sector<br />Builds upon mutual law enforcement channels (24/7 Contact Network)<br />Shares and expands understanding of investigative techniques<br /> International recommendations include:<br />Principles and Action Plan on High-Tech and Computer-related Crime (1997)<br />Recommendations for Tracing Networked Communications Across National Borders in Terrorist and Criminal Investigations (2002)<br />G8 Statement on Data Protection Regimes (2002)<br />
  • 16. 9<br />Ground Rules for Online Markets<br />Working in concert with the private sector, governments have the primary responsibility to develop and implement a clear and consistent set of legal ground rules for the online marketplace, consisting of civil law remedies and regulatory instruments for:<br />Protecting personal information (privacy)<br />Combating spam and related threats<br /> Mandating data breach notification<br />Supporting industry-wide standards for network protection<br />Curtailing offensive content<br />
  • 17. 10<br />Ground Rules for Online Markets<br />Due to the borderless nature of the online marketplace, domestic laws and policies are heavily dependent on effective arrangements for international cooperation. <br />Current venues for inter-governmental cooperation<br />Organization for Economic Cooperation and Development (OECD)<br />Asia-Pacific Economic Cooperation (APEC)<br />Internet Governance Forum<br />London Action Plan<br />
  • 18. 11<br />OECD Policy Instruments<br />Guidelines<br /> Guidelines on the Protection of Privacy and Transborder Flows of Data and Personal Information (1980)<br /> Guidelines for the Security of Information Systems and Networks (2002)<br /> Guidelines for Electronic Authentication (forthcoming)<br />Recommendations<br /> Recommendation on Cross-Border Co-operation in the Enforcement of Laws against Spam (2006)<br /> Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy (forthcoming)<br />Toolkits<br /> Anti-Spam Toolkit (2006)<br /> Cross-border Privacy Law Enforcement (forthcoming)<br />OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea):<br />The Future of the Internet Economy<br />
  • 19. 12<br />OECD Forward Work Plan<br />Management of digital identities<br />Guidance for the protection of critical information infrastructures<br />Malware – analytical report and policy guidance<br />Review of Guidelines for the Security of Information Systems and Networks (2002) with a view toward improving international cooperation<br />OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea):<br />The Future of the Internet Economy<br />
  • 20. 13<br />APEC Initiatives<br />Telecommunications and Information Working Group (TEL)<br />Frameworks and policy guidance for telecommunications and information technologies<br />Capacity building initiatives (e.g. legislative frameworks for cybercrime)<br />Areas of focus include communications infrastructure and cybersecurity<br />The APEC Cybersecurity Strategy aims to:<br />Harmonize legal systems in member states<br />Improve information sharing and cooperation<br />The APEC Strategy to Ensure Trusted, Secure and Sustainable Online Environment aims to:<br />Encourage close information security collaboration between public and private sector entities<br />Identifies key areas that require increased attention and stronger cooperation<br />
  • 21. New forum (est. 2006) for multi stakeholder policy dialogue<br />Supports the United Nations Secretary-General in carrying out the mandate from the World Summit on the Information Society (WSIS)<br />Information and Network security a key focus area<br />Raises awareness across levels<br />Legislative<br />Regulatory<br />Law Enforcement<br />Technological advances<br />14<br />Internet Governance Forum (IGF)<br />
  • 22. 15<br />Private Sector Self--Protection<br />Messaging Anti-Abuse Working Group (MAAWG)<br />
  • 23. Challenge and Response<br />A safe and secure Internet is essential in order to:<br />Maximize the social and economic benefits of the Information society<br />Assure proper functioning of critical information infrastructures<br />Build trust and confidence in e-business and e-government<br />Given the global and interconnected nature of the Internet: <br />International cybercrime policy and law enforcement remains a significant challenge<br />International cooperation is multi-layered: legal, policy, and technological<br />Governments, civil society, public and private stakeholders are working together under the auspices of international fora such as OECD, G8, APEC, and the Internet Governance Forum (IGF) to build a safer and more secure Internet.<br />
  • 24. 17<br />A Tool Kit Approach<br />Public Policy<br /><ul><li> Unilateral
  • 25. Bilateral
  • 26. Multilateral</li></ul>Technology<br /><ul><li> Countermeasures
  • 27. Security by design</li></ul>Law Enforcement<br /><ul><li> Investigative techniques</li></ul>Private Sector Codes<br /><ul><li> MAAWG Code of Conduct</li></ul>Public/Private Partnerships<br /><ul><li>Mulit-Stakeholder</li></ul>Legal Frameworks<br /><ul><li> Domestic &amp; International</li></li></ul><li>18<br />Conclusions<br />Strong criminal law and effective law enforcement, including inter-jurisdictional cooperation, are critically important BUT<br />Robust domestic and international frameworks outside of the criminal law sphere are critical to enhance the power of the Internet as a medium and driver for economic growth<br />Multi-stakeholder involvement is essential for developing private sector, voluntary measures aimed at protecting the Internet economy (i.e. standards and codes of conduct)<br />
  • 28. 19<br />Information Sources<br />OECD: Committee for Information, Computer and Communications Policy (ICCP)www.oecd.org/sti/security-privacy<br />OECD Ministerial Meeting (17-18 June 2008 Seoul, Korea): The Future of the Internet Economyhttp://www.oecd.org/site/0,3407,en_21571361_38415463_1_1_1_1_1,00.html<br />The G8: High-tech Crime Subgrouphttp://www.g7.utoronto.ca/crime<br />APEC: Telecommunications and Information Working Group (TEL)http://www.apec.org/apec/apec_groups/working_groups/telecommunications_and_information.html<br />Internet Governance Forum (IGF) http://www.intgovforum.org<br />Council of Europe: Convention on Cybercrimehttp://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&amp;CM=8&amp;DF=6/4/2007&amp;CL=ENG<br />Industry Canada: Electronic Commerce Branchhttp://e-ecom.ic.gc.ca<br />

×