US calls for international co-operation

Paul Kurtz, senior director for national security for the President's Critical Infrastructure Protection Board, said that the...

Paul Kurtz, senior director for national security for the President's Critical Infrastructure Protection Board, said that the world must do more to co-ordinate its anti-cybercrime efforts.

Speaking at the Global InfoSec 2002, Kurtz said: "We need to expand sharing of information on watch and warning of imminent threats".

Kurtz called the recent increase in the prevalence and sophistication of cyberattacks a "case for action", adding that statistics indicate that as many as 110,000 serious security incidents will occur by the end of this year.

"The world's economy is increasingly dependent on IT," said Kurtz. "This is more than e-commerce and more than e-mail, and it's more than buying a book online." He added that the "worst-case scenario can happen", with infrastructure attacks leading to devastating economic consequences.

While Kurtz underscored the need for a public/private partnership to provide for the common defence of cyberspace, he also urged the world community to take action on global legal co-operation.

"We would like to see countries accede to the Council of Europe treaty or adopt laws that are similar," Kurtz said. The Council of Europe Convention on Cybercrime is aimed at developing a common criminal policy for international crimes committed online. However, the treaty is non-binding until individual nations ratify it.

"International co-ordination is insufficient", particularly in the realm of tracking down those responsible for global IT security events, such as the I Love You virus, said Thomas Longstaff, manager of survivable network technology at the Software Engineering Institute at Carnegie Mellon University.

But Kurtz praised the "culture of security" created by the Organisation for Economic Co-operation and Development, a group of 30 nations that has drawn up new guidelines for information and network security co-operation in the wake of last year's terrorist attacks in the US.

International co-operation could be enhanced with a single point of contact if other nations were to appoint cybersecurity tsars, said Kurtz.

A senior Bush administration official involved in setting technology policy said that from a legal perspective, it is critical that other countries adopt laws that are compatible with the Council of Europe treaty because existing agreements have too many loopholes.

"Even if we have a law enforcement co-operation agreement with them, the agreements might not apply unless there is a violation of their domestic law," he said.

Read more on IT risk management