July 15th, 2005
Is A War on Cybercrime winnable?
I remember attending a dinner hosted at the Forbes Gallery in California and sponsored by ISS. Steve Forbes delivered what sounded like a stump speech even though it had been years since he ran for office.(Picture of me and George Gilder listening to Steve Forbes). What stuck with me was a reference to America’s battle against the “Pirates of the Barbary Coast�. Forbes was trying to make a point that it is possible to use American force to end terror activity and open up commerce. A great column was written on the same subject for Forbes magazine by Kevin Baker. I just tracked that column down looking for some insight on how cybercrime can be countered.
I have not made much of a study of criminal activities and how they are countered. I look around me and see that three things seem to be of importance in fighting crime in the streets.
1. Protections. Bars on windows, gun ownership, good lighting all make crime more expensive and risky for the criminals.
2. Enforcement. Police capturing and locking up criminals reduces the number of criminals on the streets.
3. Prosperity. It seems like increasing the opportunity cost of crime is the biggest deterrent. (Defining opportunity cost in terms of economics: the cost of *not* doing something else. Ie. If you are a bank robber you have to weigh your potential gains against the money you are losing by *not* working at McDonalds).
So, how do we solve the cybercrime problem that is now looming over us? A problem that is threatening ecommerce and starting to spill out of cyberspace into our banking systems and could start to impact online trading, forex, and monetary stability?
The entire IT security market is focused on protections. This is great as more and more protections by default are deployed. But I believe that enforcement actions must be taken as well. There is some sign that cooperation between enforcement agencies in the UK, Israel, and Russia have been effective. The most important was the breaking up of a ring of cyber-extortionists in 2003 that dramatically slowed the number of DDOS incidents.
As it will be a while before prosperity finds its way to every corner of the globe it is imperative that law enforcement agencies start working together to track down and jail cyber criminals now. Perhaps the Barbary Pirate analogy is not a good one to use here. It took 30 years for the nascent America to open up commerce in the Mediterranean. We do not have 30 years to put an end to cyber crime.
Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.
