Below is the text of my article published in ‘Virus Bulletin’ of May 2011. The copyright of the article lies with Virus Bulletin.

Discussing the fight against spam, malware and cybercrime has become almost a national pastime. The vulnerabilities of the Internet and networks are such that some believe that our existence as we know it could be threatened by a single keystroke. Whether or not that is
the case, the level of intelligence relating to cybercrime needs to be improved in order to prioritize defence. In the following I will make some suggestions to achieve just that.

I propose the introduction of a ‘defence triangle’. At its corners are: CERTs and anti-abuse desks, anti-spam enforcement and anti-cybercrime enforcement. The intelligence position of each corner can be strengthened.

It’s a fact that most countries (if not all) have no central record of anything relating to cybercrime. For convincing figures about cybercrime we need to look to AV vendors and organizations like Spamhaus, but their statistics do not necessarily cover the whole range of incidents. In order to be able to prioritize correctly, one
needs reliable data.

It is safe to assume that the CERTs have reliable data on security breaches, botnets and such (if they catch the threat). That leaves the other two corners of the triangle. I propose the building of two central databases to which members of the public can report incidents online. One for spam, phishing, any suspicious looking emails and malware, and one for other types of cybercrime.

Analysis of this data would give the law enforcement community a tremendous boost in intelligence and threat assessment and avoid the need to use vendor-supplied (thus commercially driven) data.

So we have central databases, but we still need industry and institutions to commit to the fight against cybercrime by reporting cybersecurity incidents to the proper authorities. Are incidents actually being reported? How can cyber priorities be set if intelligence breaches, phishing and extortion are not being reported? The reporting of these crimes might help to prevent panic when/if a serious breach occurs. Everyone concerned – including politicians and policy makers – would already be aware of and prepared for
such incidents.

To raise the level of intelligence relating to cybercrime the three partners of the triangle must cooperate. Exchange of reliable data must be the first step. Through interaction and coordination, each of the partners can focus on direct and verifiable threats. Of course, none of this will happen magically.

Governments must provide the conditions in which the often conflicting interests of industry, security and privacy are brought together and turned into a positive force. At a minimum this will be a facilitating role, but would most likely also need to be a financial, and potentially steering role.

I foresee three initial steps:
1. Countries set up national online incident report databases, which feed into an analysis and coordination centre.
2. Industry and other institutions report cyber incidents to the proper authorities.
3. Governments provide the conditions for coordination and cooperation between criminal and so-called ‘softer’ law enforcers, CERTS and industry.

Through these steps reliable data will become available and all involved will be able to prioritize towards dealing with the most acute cases, whether in national security or cybercrime (related) issues. The ensuing coordinated actions will drive back crime on the Internet, enable more criminals to be caught, and make the Internet
environment safer. I even believe that with the facts laid bare, the cross-border cyber enforcement issues between nations will be discussed differently. In theory, it doesn’t seem that hard, but who will be willing to pick up these challenges?

Wout de Natris, De Natris Consult

Leiderdorp, May 2011


About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber crime, Cyber crime data or the absence of it, Cyber crime reporting, International cooperation: cross border aspects, Malware enforcement, spam, Spam enforcement and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s