Cooperation the key to battling cyber crime
A report by the World Economic Forum advises private and public sector organisations to share more information to tackle the growing problem of cyber crime.
Cyber crime is of increasing global importance, it has no boundaries and targets governments companies and individuals. Thanks to recent high profile attacks on multinational organisations the World Economic Forum (WEF) has called for increased efforts in finding further ways of tackling the problem and its recently published report on tackling cyber crime aims to ensure both the private and public sectors are doing all they can.
The WEF defines cyber crime as a set of illicit activities that has two forms. The first of these forms is traditional crime that exists irrespective of the cyber world and internet but has been propagated and aggravated by the internet e.g. credit card fraud, extortion and other types of crime related to terrorism. The second form is the type of crime that directly relates to the cyber world and internet and which cannot be executed outside the cyber sphere e.g. hacking.
The report acknowledges that certain tools already exist in the form of laws, conventions, private-sector industry initiatives and information-sharing platforms to tackle these crimes but states that ultimately cyber crime cannot be combated by acting unilaterally. The only way to effectively combat cyber crime is for the public and private sectors to combine forces in mutually convenient ways.
Objectives
The WEF’s cyber crime project aims to evaluate existing laws and conventions, private-sector industry standards and, most importantly, encourage dialogue and cooperation on practical ways of dealing with cyber crime that are suitable to all. As a first step in achieving mutual agreement on the fundamental actions that need to be taken to make significant global progress in the battle against cyber crime, the report recommends the following:
• Public and private sectors should share more information related to cyber threats, vulnerability and consequences;
• Public and private sectors should work to create new platforms strengthen existing platforms and coordinate these platforms to increase information-sharing and improve investigations and prosecutions;
• Public and private sectors should cooperate to encourage and advance wider adoption of the Budapest Convention on cyber crime, or, of the principles it promotes;
• Public and private sectors should work to build trust and discuss contentious topics related to cyber crime, such as encryption, cloud servers, data access and protection of privacy, to find appropriate solutions;
• Public and private sectors can engage in other initiatives aimed at reducing cyber crime.
The ultimate goal of this report is to ensure that both public and private sector leaders support these recommendations and their subsequent implementation. These recommendations will be the first step to achieving better and global implementation of rules and practices enabling businesses and states to reduce the damaging consequences of cyber crime.
Cooperation is crucial to every strand of this reports actions, but it is also important to have secure channels in place in which this sharing of information can occur. Similarly, the report recognises the importance of real time dissemination of data with both government agencies and law enforcement as sharing the information after the fact focuses only on damage mitigation.
The sharing of such information and best practice will require the public and private sector to engage actively. Real time dissemination will not stop cyber crime but it will cost cyber criminals more. Naturally legal restraints may prohibit the sharing of some information however in cases like these the WEF urge the sharing of results of prosecutions.
Combined efforts often yield stronger results as various actors possess different skills, knowledge and expertise. While these may be extensive, no actor is omniscient, and the sharing of knowledge will help parties learn from one and other so as to better detect, protect, respond to and recover from cyber crime activities.
The report recognises that there are an abundance of information-sharing platforms across many countries and industries. As these tend to be industry or region specific the WEF wants to see the establishment of global information-sharing platform that is based on the concept of having a truly centralised depository and exchange of knowledge that can enable business as well as law enforcement to improve their common defence against cybercrime
At regional and national levels several joint cooperation models already exist. At the European Cybercrime Centre, Europol’s Joint Cybercrime Action Taskforce is one such example as it provides a multi-stakeholder solution to intelligence-gathering and investigation into cybercrime activities.
Legislation
At present there is no international law dedicated to cyber crime. The closest item to an international cyber crime law is the Council of Europe’s Convention on cyber crime which offers a standardised legal framework in line with international standards that governs criminal acts executed on computer networks. It also provides law enforcement with the ability to procure any crime related evidence from computer networks.
The WEF wants to see an international law passed and states that such legislation would have substantial benefits for both the public and private sector as it would instil greater legal certainty, increased security and confidence in the governance of the cyber issues. However, in the absence of such a global law, efforts should be made nationally so that states can implement the necessary cyber crime laws.
The often debated issues of data access, data localisation, data privacy and encryption can cause a dilemma in the cooperation of public and private sectors in tackling cyber crime. To encourage this cooperation, the WEF calls for innovative forms of financial incentives to be developed and promoted to anchor and support companies who voluntarily engage in the implementation of these recommendations. Information-sharing raises a number of concerns for corporations who in doing so risk exposing themselves to reputational damage but also to criminal or civil liability. To combat this the WEF argues for legislation to protect against this type of liability providing it does not exempt clear wrongdoing. It highlights the United State’s Cybersecurity Information Sharing Act as an exemplar in encouraging corporations to come forward with information on cyber threats.
Collective action between the public and private sector is also encouraged by the WEF as it reports that such action could complement or temporarily substitute weak local laws and governance and that it could act as a facilitator of such collective enterprise.
Ultimately it is clear that the international fight against cyber crime can only be won if the right tools and techniques are in place to do so. This includes ensuring that those charged with combating cyber crime possess the right to expertise in cyber related issues. Capacity-building which, for example, includes targeted training for law-enforcement, prosecutors and judges, is necessary to keep abreast of technological developments and ensure that those charged with administering the law have the requisite knowledge and skills to deal with the constantly evolving cyber landscape.
With the report now public, the WEF will be hoping both nations and organisations put the actions it recommends into practice.