Obama outlined his Cybersecurity Strategy on Day 2

The Washington Post has summarised the Cybersecurity elements in the policy document on homeland security posted on the Whitehouse website last Wednesday. I do recommend you read this and then consider the state of play regarding the “vision” or otherwise of the UK and European Governments. 

On 28 January those who attend the SASIG event (fully booked with a waiting list) should hear Superintendent Charlie McMurdie describe the current state of play with the Police Central E-Crime Unit, (PCEU). Rt Hon Alun Michael MP (a former Deputy Home Secretary) is expected to then describe progress with regard to the Internet Crime Reduction Partnership (ICRP) and James Brokenshire MP will probably talk of plans to update the current opposition plans for Cybercrime

At first sight the US approach appears to be very much more impressive. It will certainly have far more resource behind it. It is also clear that Obama understands the importance of attacking link between cybercrime and cybersecurity in a way that most other world leaders do not. Taking down the distribution systems of Walmart and Tesco, let alone the rest of the internal communications of the members of Nato, would be a most effective way of winning World War 3 before it was declared. And meanwhile the botnet armies can earn their keep distributing spam.

But might it not be rather more cost-effective effective to remove the systemic weaknesses that allow Fast Flux : the technique that enables the botnet armies to migrate across borders ahead of law enforcement.

I hear all the problems, but why not put a fraction of the effort spent on anti-virus sticking plasters and other forms of e-immodium into implementing the solution proposed by Banbenek or looking at alternatives?

Why do reputable registars not charge all name issues, with a refund, less “administrative expenses” if the name is not used?

Of course there are difficulties and it is unlikely to offer a fool-proof (or rather clever criminal proof) answer – but it tilts the balance against malpractice (making black and white lists easier and cheaper to operate) and even give Tuvalu (and other similar states) revenue streams that reduce dependency on those who give them a bad name.    

In the mean time, “where Obama leads others follow”. It is interesting that his policy contains nothing new. What is new is that he has picked up work that has been painstakingly and boringly put together over several years and given it new impetus.

I very much hope that the UK will respond in kind for when he comes to London for the G20. There has been much work in the UK on imaginative solutions to achieve more by bringing government, law enforcement and industry together. The time has come to knit them together with a vision that also treats cybercrime and cybersecurity as two sides of the same coin.

I would thefore like to suggest relaunching the Internet Crime Forum to provide a UK umbrella for operational task forces (akin to the National Cyberforensics Training Alliance ) to not only complement the PCEU and ICRP but also the relevant parts of SOCA and CPNI.

The struggles to preserve confidence in the Internet as safe and reliable will not be won unless we also improve cybersecurity by addressing long-standing vulnerabilities: from the domain name system to the single points of failure in the overcentralised and standardised communications and distribution networks over which we acess the Internet or on which we depend for food, power and fuel.    

P.S. a.m. on the 26th – I have just been sent a geat link  to a CarnalOwnage blog entry entitled “Fast Flux makes for some cool graphs”. I am not sure what is means – other than to reinforce my view of the potential benefits from enhanced co-operation between those tracking and tracing the patterns of malpraictice.   




Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Philip - I am not sure the DNS has much to do with cybercrime. Why wouldn't malware authors just use IP addresses with x levels of indirection to direct traffic if they lost their ability to move domain names around quickly?

Answer - that raises another set of questions. I am told that it is not "just" and that the slowing of movement could have a major impact. I am, however, also concerned over how to protect anonymity for those who value it, while enabling others to refuse to accept anonymised traffic. I missed you in Oxford last week when I was asking questions over the dinner table. I'd have been able to ask more, and more awkward, questions