The best weapon against the online thieves, spies and vandals who threaten global business and security would be international regulation of cyberspace. Luckily for them, such cooperation does not yet exist. Better still, from a hacker's perspective, such a goal is not a top priority for the international community, despite an outcry over hacking and censorship and disputes over cyberspace pitting China and Iran against US firm Google. Nations are thinking too parochially about their online security to collaborate on crafting global cyber regulation, an EastWest Institute security conference heard last week. Policy statements from governments around the world are dominated by the need to heighten national cyber defenses. As a result, too many cyber criminals are getting a free ride. “Nations are in denial,” Indian cyber law expert Pavan Duggal told Reuters, saying national legislation was of limited use in protecting users of a borderless communications tool. “It may take a big shock of an event to wake people out of their complacency, something equal to a 9/11 in cyberspace,” he said referring to the 2001 coordinated attacks on US cities. With a quarter of humanity connected to the Internet, cyber crime poses a growing danger to the global economy. Target the perpetrator The FBI tallied $264 million in losses from Internet crime reported by individuals in the United States in 2008 compared to $18 million of losses from 2001: These were probably a fraction of the losses caused to companies and government departments. The menace extends to many sectors including control systems for manufacturing, utilities and oil refining, since many are now tied to the Internet for convenience and productivity. A priority for regulators is to find ways of tracking down criminals across borders and ensuring they are punished, a tough task when criminals can use proxy servers to remain anonymous. “We cannot postpone the debate until we are in the midst of a catastrophic cyber attack,” former US Homeland Security Secretary Michael Chertoff told the conference. “We must formulate an international strategy and response to cyber attacks that parallels the traditional laws governing the land, sea, and air.” Security experts say the ability to conduct disastrous mass cyber attacks is the preserve of some governments, well beyond the capacity of militant guerrilla groups. But it cannot be assumed that international organized criminal networks, long practiced at mass online fraud and theft, are not developing an interest in gaining this ability. Datuk Mohammed Noor Amin, chairman of the UN-affiliated International Multilateral Partnership Against Cyber Threats, said failure to regulate could perpetuate cyber “failed states.” He cited impoverished countries where customers can purchase unregistered SIM cards with mobile Internet capability, giving them the ability to commit online crime such as identify theft against people in rich nations without fear of being traced. He said it was in the interest of rich nations to help poorer countries develop the capacity to crack down on this kind of abuse, because their own citizens were being targeted. Altabef said the growing rate and scale of international cyber attacks threatened to undermine the trust between nations, businesses and individuals that was necessary for economies and societies to act on the basis of the common good. Complacency was also a problem, delegates said. “Nations take for granted the Internet is going to be ‘on' for the rest of our lives. It may not necessarily be so,” said Duggal. “Imagine the Internet being down for two to four weeks,” he said. This would “rain disaster” on online businesses as well as transport, industry and governmental surveillance systems. “Not to focus on cybersecurity is playing with fire.”
