Information Security Industry or e-Protection Racket?

What other industry would collectively spend over £3 billion a year on protection and less than £30 million a year on tracking, tracing and removing the predators who are milking them? Come to InfoSec (Tuesday to Thursday) and see how and why the security of the on-line world is in such a parlous state.


But also stand back from the sales pitches and consider how the world is changing.


Time spent on-line is still rising (social networking, multi-player gaming etc.) but spend (call charges, subscriptions, transactions, advertising etc.) is falling. Reported losses (fraud, theft, extortion etc.) are rising. The black market in confidential data is burgeoning as websites and databases are “milked” and suppliers lay-off staff (who take files with them) or go down (with their files and equipment sold off to the highest bidder).


Meanwhile the profitability of communications and on-line service providers and retailers has fallen, impacting their ability and willingness to reimburse theft and fraud to retain consumer confidence.


The mantra of firewalls and anti-virus is of limited help to a business whose e-Bay or Google accounts have been hi-jacked to sell stolen cars to their customers or whose chief executive or finance director has been comprehensively impersonated after falling victim to a sophisticated spear-phishing attack.


The time has come to go on the offensive.


On Tuesday I am due to chair the Infosec Keynote session on “Who should Police the Internet?”. My introductory notes should appear in a Guardian supplement on E-Security just before then and I plan to blog again with a link when they do.


Superintendent Charlie McMurdie will hopefully use that session to describe progress with the formation of Police Central E-Crime Unit. Then the Right Hon Alun Michael MP will take a wider perspective. As a co-op MP, Home Office Minister for the legislation to create Crime Reduction Partnerships and then DTI minister presiding over the deal that created the Internet Governance Forum during the UK Presidency of Europe, he is uniquely qualified to understand the issues of creating effective partnerships.  


Meanwhile I draw your attention to the six reports of the EURIM-ippr study into Partnership Policing for the Information Society


The Scale and Nature of Computer Assisted Crime

Protecting the Vulnerable

Supplying the Skills for Justice

Reducing Opportunities for e-Crime

The Reporting of CyberCrime

Building Cyber-communities: Beating Cybercrime


Time has moved on since they were published but most of the material and recommendations are still valid and some are about to be implemented.


The situation is now so bad that even major players have to co-operate to survive. 


The case for joining the e-Crime Reduction Partnership is no longer corporate social responsibility to help customer education.


The case is now driven by the need for operational, professional and political action to:

·         stop the bleeding (cash and data)

·         remove the vulnerabilities (people and processes, not just technology)

·         rebuild business confidence (board and shareholders as well as customers) 

·         deter future predators (by tracing current predators to obtain redress and revenge)

·         disrupt the malware supply chain (by cleansing Internet governance structures)


Main Boards are now asking whether they are getting value from collectively paying only £3 billion a year protection money and under £30 million on policing – or whether they should be changing the balance. The next step, already taken by some, is to ask how they should be working together to change that balance, including what they can share to get better value, what they cannot and how to structure that sharing. 


On Tuesday morning we will discuss the means on offer to help you to change that balancefor your organisations. We will also issue the first public invitation to “come and join us” in creating the necessary structures.


Note that, while the creation of the partnership is being initially driven and resourced via the EURIM E-Crime Working Group, the role of EURIM is that of midwife, or (for those who regard that analogy as too messy and bloody), the first stage rocket in a satellite launch.


By this time next year the partnership should be fully independent – but there is much to do to get there from here. Hence the need for membership fees and sponsorship to resource the organisational effort necessary.