In mid July the Attorneys-General of the United States, United Kingdom, Canada, New Zealand and Australia met in Sydney to discuss the growing global threat posed by cyber crime. This group of nations, known as the ‘five eyes’ share intelligence on a range of global threats, including cyber crime.
They met to discuss the creation of a set of binding international laws, designed to govern how states behave online as well as the Council of Europe Convention on Cybercrime. The Convention, which Australia is set to accede to in 2011, is the international communities best bet at harmonising global laws allowing for the cross-border investigation and prosecution of multi-jurisdictional cyber crimes. Australia has a number of amendments to make to local laws and has just released the Cybercrime Amendment Bill which seeks to alter existing legislation in relation to mutual assistance, computer offences and telecommunications data. Once this Bill is enacted it will be the last legislative hurdle for Australia to accede to the Convention.
A week before the ‘five eyes’ meeting was the launch of the International Cyber Security Protection Alliance (ICSPA). Speaking at the launch, the United Kingdom Home Office Minister for Crime and Security, James Brokenshire called for a common international legal framework to punish "scammers, fraudsters and hackers" who target victims in multiple jurisdictions. Brokenshire further added there “needs to be an international response including international treaties, bilateral treaties and common agreements between countries."
In June, speaking at a security conference in Singapore, British Defence Secretary Liam Fox and US Defense Secretary Robert Gates said that international cooperation was important to tackle growing threats to cyber security.
A consistent theme seems to be emerging.
The 2001 Convention on Cybercrime is the first international treaty on crimes committed via the Internet and other computer networks and seeks to harmonise the domestic criminal substantive law elements of offences and connected provisions in the area of cyber crime.
The ICSPA seeks to enhance the online safety and security of business communities, by helping to deliver resources and expertise from the private sector to support both domestic and international law enforcement agencies in their task of reducing harm from cyber crime.
The International Telecommunications Union, as the United Nations peak body dealing with cyber crime has developed a Toolkit for Cybercrime Legislation. This Toolkit aims to provide nations with the appropriate legislation against the misuse of ICTs for criminal or other purposes, including activities intended to affect the integrity of national critical information infrastructures.
Law enforcement has not missed out either. Interpol has created four ‘working party’ groups of experts based on continental groupings to develop police capacity to investigate cyber crimes. Added to this is the Virtual Global Taskforce, a group of nine global law enforcement agencies dedicated to protecting children from online child abuse.
All of these measures carry merit. But whilst the bureaucrats work on gaining more frequent flyer points by attending countless meetings some consolidation is needed along with addressing areas oft forgotten. These organisations and international bodies need to consolidate their activities and more importantly their funding. For the investigation of global cyber crimes, only one set of domestic laws, internationally consistent to allow for mutual legal assistance and where required, extradition. And only one set of training standards for law enforcement is required.
And whilst police capacity building is well catered for by the various groups above, not enough effort has gone into prosecutor and judicial training. The greatest police investigation will fall over if the prosecutor can’t lead digital evidence and examine witnesses. Ditto for the judiciary, they can’t make appropriate judgements if they don’t understand the evidence being presented nor create precedence with questions at law.
But the biggest failure is the end user. It is end user compromise which undermines a nation’s cyber security, not to mention the productivity benefits it creates for business. Australia has followed the tradition of our other ‘five eyes’ partners by under investing in developing a sustainable and comprehensive training and education campaign to empower Internet users, ensuring they have a safe and secure online experience interacting with websites they can trust.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.