Cyber Crime: How Are Governments Protecting Businesses Worldwide?
In my previous post on cyber crime, I laid out the state of cyber crime, and how businesses today are constantly under threat of attack. In today’s post, we explore what governments and industry bodies worldwide are doing to counter the threats posed by cyber crime.
Driven by the increased frequency and severity of cyber crimes, the realization is dawning within government and industry that urgent and coordinated responses are required unless cyber crime is allowed to cause major disruption to individuals, businesses, and even the global economy.
A number of government and industry initiatives are now underway to try and stem the tide.
The USA has been at the forefront of addressing the threat. There are no fewer than 12 federal laws with provisions designed to combat various aspects of cyber crime. These range from the Computer Fraud and Abuse Act of 1986, the most comprehensive anti-cyber crime statute which has been amended and updated a number of times, to the Gramm-Leach-Bliley Act of 1999 that requires financial institutions to ensure the security of systems that hold customer information.
In 2008, the US government set up the National Cyber Investigative Task Force, comprising more than 20 partnering agencies from across law enforcement, the intelligence community and the Department of Defense. And both the Secret Service and the FBI maintain cyber crime task forces.
But cyber crime bears little respect for national borders. It is a truly global phenomenon with criminals in one domain able to launch attacks on victims in another.
In November of last year, speaking from the premises of GCHQ (UK Government Communications Headquarters), the UK’s equivalent of the US National Security Agency, the country’s finance minister, George Osborne, announced that his government was to double its spending on protecting the country from cyber attacks. The new budget is to be £1.9 billion (US$2.75 billion) to be spent on cyber security by 2020, among other things engaging 1,900 extra staff across its three intelligence agencies (MI5, MI6 and GCHQ) to ensure faster and more effective responses to major attacks.
There are also a number of cross-border initiatives:
In the European Union, the Network and Information Security Directive, the EU’s first piece of legislation on cyber security, was implemented into law at the end of last year. Its goal is to get its member states to step up and better coordinate their counter-cyber crime efforts. One requirement will be that operators of key infrastructure such as power grids, health-care or transport systems, are obliged to report incidents to national authorities.
The EU also maintains the European Cybercrime Centre (EC3), launched in January 2013 as as part of Europol, the pan-European law enforcement agency that handles criminal intelligence. Its task is to strengthen the law enforcement response to cyber crime in the EU with three main areas of focus: cyber crimes committed by organised groups; cyber crimes that cause serious harm to individuals; and cyber crimes affecting critical infrastructure.
The United Nations through its information and communication technologies arm, the International Telecommunication Union, is also taking an active role in countering cyber crime. In December 2008 it launched a policy to urge the adoption of regionally and internationally harmonised legislation, and has set up a unit to offer its 200 or so member countries advice on tackling the issues relating to cyber security. To date, more than 80 countries from all continents have benefited from such support. And in January 2011, the ITU signed a memorandum of understanding with the United Nations Office on Drugs and Crime to work together to counter the threat of cyber crime.
But as important as all these initiatives are, the truth is that individuals and organisations bear the ultimate responsibility for protecting themselves from cyber crime, just as they do from other forms of criminal activity.
In the final post in this series, we offer some practical advice on what organisations can do to better protect themselves.
All posts in this series: