Governments struggle with cyber crime
International organisations mobilise to clamp down on the scourge of cyber crime, but the approach is piecemeal.
Many nations are struggling with where to start when it comes to clamping down on cyber crimes through legislation.
Doug DePeppe, co-founder of i2IS and a cyber security attorney, says the criminal element in cyberspace has simply exploded, well before governments had come to fully understand the cyber domain.
The Internet has been changing global society for a few decades, with the advent of e-commerce, open government, ready communications, mobile devices, and business efficiencies, says DePeppe. "Few, however, anticipated the connectivity provisioned by the Internet to be so effectively and pervasively used by organised crime to attack at will, and upset the trust in the Internet."
DePeppe adds that dealing with this threat is not easy, nor simple. "In many instances, the criminals have more resources than the organisations seeking to counter the problem."
The war against cyber crime is similar to global efforts to counter the drugs trade as the narco-traffickers and terrorists have more resources, adds DePeppe. "However, efforts are mobilising to address cyber crime."
DePeppe says the United Nations is keen to get involved, as is the International Telecommunication Union (ITU), and the Office on Drugs and Crime (UNODC). The ITU has responsibility for cyber security, while UNODC covers cyber crime, he explains.
Globally, capacity-building is under way, and the ITU and UNODC are engaged in training globally in the areas of cyber security and cyber crime, says DePeppe. He adds that several countries are taking steps and a vast number of nations are forming cyber security agencies, cyber intelligence and cyber law enforcement entities, and even cyber warfare capabilities.
In SA, the Department of Communications (DOC) is set to soon establish a unit to deal with cyber crime, which will have its own inspectors. However, the plan will need a coordinated approach by the Department of Trade and Industry, the DOC, the police and Department of Finance.
DePeppe says, in many instances, countries do not have expertise in cyber crime investigation and so do not have offices to adequately enable law enforcement coordination.
"In an ever-connected world, via the Internet, in which cyberspace recognises no borders, the inability to quickly coordinate efforts globally is a major problem in the cyber crime challenge. So, while many countries are now passing criminal laws that address hacking and cyber crime, global integration of laws and enforcement mechanisms is lacking."
DePeppe says governments around the world have been responding to cyber security, cyber crime, and cyber war concerns at different levels of urgency. He says this seems to be based on the perceived exposure to risk and different levels of general awareness of the risks.
"As a result, the global response is piecemeal and lacks uniformity or interoperability," says DePeppe. He adds that investigating and prosecuting cyber crime, for example, requires international cooperation, so mutual legal assistance treaties are needed so that countries have procedures in place to take in requests and facilitate law enforcement cooperation.
However, DePeppe notes that training governments in the components of cyber crime enforcement, laws, and interoperability mechanisms is happening.
DePeppe says there has been a mixed bag in terms of success. "Investigating cyber crime requires law enforcement coordination across jurisdiction."
Effectiveness depends on capability and competence, and agreements, between nations, which is slow and plodding, while cyber transactions occur with speed, says DePeppe. He adds that treating the cyber threat only through law enforcement is widely considered to be too narrow.
"The broader domain of cyberspace, with functions related to defending, information-sharing, and other legal recourse beside criminal prosecution, must be considered, and programmes more expansive than just cyber crime must be fashioned."
DePeppe adds that technical know-how must be improved, including forensics of all sorts to cover mobile devices, computers and evidence-handling in the digital realm and chain of custody. Education, training, and systems must also be improved in the prosecution side.