Infosec 2010: Nations Must Coordinate On Cybercrime
The UK is doing better than some countries, but real international cooperation is non-existent, warns the head of the Ponemon Institute
The head of an influential US think-tank has warned that the failure of countries to cooperate on cybercrime is harming efforts to combat the problem.
Speaking to eWEEK Europe UK at the Infosecurity Europe 2010 conference, Dr. Larry Ponemon, chairman and founder of the IT think-tank the Ponemon Institute, warned that the fight against cybercrime requires international cooperation, but that the process was failing currently.
Specifically, Ponemon said that most countries were failing to even bridge the divide between business and government on cybercrime issues – let alone talk to one another about the problem.
“Basically what we are finding is that the business government cooperartion is nearly non-existent,” he said. “It does vary from country to country but it is nearly non-existent.”
Cooperation Non-Existent
According to Ponemon – also professor for ethics and privacy at Carnegie Mellon University’s CIO Institute – while no country had a good record on sharing cybercrime information between the public and private sector, the UK faired better than some.
“In the UK for example you will find that at least the various commercial organisations will let businesses know when they have evidence of a threat but that doesn’t happen in the US,” he said. “What we find in the US is government handling their problems and business handling their problems. We have models of collaboration such as CERT but that only deals with a certain type of issue.”
Ponemon’s comments follow criticism of the UN Congress on Crime Prevention and Criminal Justice in Brazil earlier this month to agree measures to improve international cooperation on cybercrime. In particular, it has been reported that countries such as Russia have opposed measures to allow foreign law enforcement agencies to hunt down cybercriminals within their territories, laid out in the Budapest Convention of 2001.
But according to Ponemon, even within the US there are deep divisions both between government departments and between the public and private sectors on the sharing of information about cyberthreats and crime.
“If you can’t get public-private cooperation within a country then getting countries to work together becomes nearly impossible. I think we have to do that – we have to figure out a model to get there and we better get there fast as the bad guys are getting smarter and stealthier but the evidence suggests that it really is a very big problem and governments generally hestiate to talk about negatives,” he said. “They don’t want to share the fact that they are the target of nation sponsored cyber-attacks, or the source, say like a country in Asia starting with the letter C.”
UN Not The Right Agency
Ponemon also questioned whether the UN was the right organistion to try and coordinate the fight against cybercrime. “My lowly opinion on the issue is that organisations such as the UN or the IMF or World Bank that attempt to bring countries together to solve issues haven’t historically been that effective at solving issues quickly,” he said.
Political negotiations are currently hindering international cooperation on cybercrime, argues Ponemon, and what is needed is a more efficient format for such talks.
“[The UN studies] issues very well and they have long-term views on issues but as far as what we need, which is a fast moving response plan, that doesn’t work well in any environment where you have so many political barriers,” he said. “Here we have to strip all the politics away from the issue so we can be more surgical in fighting the problem.”
Law enforcement agencies in Russia have been accused of being complicit in protecting known cybercriminals. Speaking at the RSA Europe security conference last year, Andy Auld, head of intelligence for the Serious and Organised Crime (SOCA) agency’s e-crime department said police in St.Petersburg appeared to have agreed to protect criminal gangs.