Call in the Cybercops

At the same time as law enforcement agencies were tracking down the Love Bug creator, government and business leaders from the G8 industrialized nations were meeting in Paris to discuss how they could join together to face the mounting threat of cybercrime.

It was the first time that thought leaders from both the public and private sectors had got together to work through the issues on an international basis. Because private industry has such a high stake in its own security, many in government believe business ought to assume more responsibility for the protection of information systems.

Routine cyberattacks cannot become the subject of serious police investigations just because companies do not secure their Web sites properly. Commercial software developers and vendors should also be held to account because, in order to rush their products to market, they too often place a low priority on security features.

The IT industry should be conducting the cutting-edge research that’s needed to shield systems, including government systems, from future attacks. In response, some businesses suspect law enforcement agencies are simply expecting industry to do its work for them, pointing out that if the defenses of Microsoft, the world’s largest software company, can be breached by a lowly worm, then there isn’t much hope for lower-tech organizations to ensure their sites are fail-safe.

While some fear over-regulation of the Internet will stifle innovation, there is greater consensus, between public and private sectors and between different countries, that e-business and consumer trust in e-commerce will be undermined if cybercrime isn’t stemmed.

“Like the Wild West of the last century, our new frontier of information is exciting and we must retain the freedom to roam and grow. But if the bad guys shoot up the town every weekend and drunken cowboys ride their horses into the saloon, don’t be surprised when the public calls for law and order,” says former U.S. Senator Sam Nunn.

However there is little agreement on who should get the sheriff’s badge. Existing bodies such as Interpol, the Organization for Economic Co-operation and Development (OECD), the World Intellectual Property Organization or the World Trade Organization could play international coordinating roles. The OECD has offered to oversee national government policies on digital certificates but will not rule on security disputes between nations.

Within their own countries, many governments have set up dedicated cyber police forces, such the FBI’s National Infrastructure Protection Center, which receives visitors from foreign law enforcement agencies every week and which regularly sends agents to train cybercops at international police academies. Some officials, especially in North America, have called for the establishment of a similar supranational organization to crack down quickly on cybercrime, claiming that traditional agencies are too slow and bureaucratic to respond to the phenomenon of viruses and hackers. “We don’t need Interpol, we need Cyberpol,” says Gaylen Duncan, who attended the G8 meeting in Paris in his capacity as president of the Information Technology Association of Canada. “What we need is an international network of cyber geeks who happen to have powers to investigate and arrest, not police who took some computer training.”

*Article extracted from ‘eGov: e-Business Strategies for Government’ by Douglas Holmes, published by Nicholas Brealey Publishing, ISBN: 1-85788-278-4. US $29.95. To order,