Apr 26, 2010
The Internet is the ultimate vehicle for information retrieval and transmission in modern times, providing us with an information superhighway that links individuals from around the world in real time, connecting families, businesses and governments. Yet amid this vast expanse of digital data flooding that has become known as the “cyberspace”, attempts to decipher and exploit this information for personal or national gain have become increasingly pervasive. Criminal activity is now commonplace and increasing steadily with the growing number of Internet users and online traffic. Indeed, the figures below – taken from the Internet Crime Complaint Center – highlight that the number of identity theft, stolen credit card fraud and online scams has escalated to new heights over the past decade.
(Source: Internet Crime Complaint Center, 2009 Internet Crime Report)
Evidently, there are tremendous financial and social burdens linked with cybercrime. Perhaps even more seriously, on an international level, targeted cyber-terrorism has infiltrated the governmental infrastructure of multiple nations. For example, the Pentagon database was hacked and information on the new F-35 Joint Strike Fighter was divulged1, while Google’s web site in China was targeted and disabled by hackers shortly before it exited the market there2. In the August 2008 Georgia-Russia conflict over South Ossetia, Russian military activities commenced in tandem with cyber attacks that limited Georgia’s ability to quickly disseminate information through government websites3. In this respect, the responsibility to combat cybercrime and cyber-terrorism is representative of a classic collective action problem: states and individuals both have incentives to free-ride on each other’s efforts in order to defeat a common problem. What is clear, however, is that potential solutions to cybercrime must encompass three interlinked areas: political, scientific and entrepreneurial.
On the political front, for all the recognition of the problems of cybercrime and cyberterrorism, little has been done on the international and national levels to address the problem. To date, the 2004 European Convention on Cybercrime represents the only international treaty on this subject.4 Yet it has only been ratified by 29 countries, with the notable absences of larger nation-states including China and Russia. Given its limited reach, the Convention can hardly be expected to serve as an international standard to combat cybercrime and cyberterrorism. Moreover, protests have been raised over the potential infringement of sovereign rights by the Convention. Indeed, Russian negotiators have argued that the treaty requires that foreign law-enforcement agents be granted unfettered access to domestic Internet transmissions and data monitors. Ultimately, self-interest, priorities and suspicions will make any international agreement on how to combat cyberterrorism difficult and time-consuming.
With the current impasse on the political scene, the link between science and entrepreneurship takes on critical importance in countering cybercrime. Innovation is needed in two key areas: attempting to stay one step ahead of cybercriminals in blocking malicious software installation, and correcting the damage quickly if intrusion is ever detected. At MIT, Professor Martin Rinard at the Computer Science and Artificial Intelligence Laboratory (CSAIL) has been developing software that can automatically patch programs when malicious software or information-gathering bots appear. Tentatively named ClearView, the software monitors other programs currently running on the user’s computer and sounds an alert when any program starts operating beyond a normal range of activity. ClearView then connects to a central server and attempts to use a variety of patches to eliminate unusual behavior, while still allowing the user to continue working.5
So what can entrepreneurs do in this respect? Ultimately, entrepreneurship can lead to widespread adoption of these scientific innovations. While internet security might not seem to be the most glamorous project in starting up a business, there remains a void in the market for nimble firms that can respond quickly to new and increasingly exotic cyber threats. Entrepreneurs also have a role to play in terms of building partnerships between public and private institutions in order to overcome inertia on the international level. Here, the Security Innovation Network (SINET) provides a good example. SINET’s vision is to “bridge the gaps between technology innovators, policy-makers, venture capitalists, researchers, academics and private industry.”6 Founded by Robert D. Rodriguez, a retired Secret Service Agent who served on several presidential details and oversaw the development of one of the first electronic crimes taskforces in the nation, SINET attempts to link entrepreneurs in cybersecurity to one another and create synergy between differing areas of the Internet security architecture.
What is clear is that there is no one-sided coin – with ever-increasing usage of the Internet as we come to depend on it for basic functions and applications in life, cybercrime and cyberterrorism will continue to become increasingly prevalent and important areas to tackle. Given stagnant transnational efforts to combat what is rapidly becoming a growing concern, the private industry ought to step up to combat criminal activity in cyberspace.
- “Hackers stole data on Pentagon’s newest fighter jet” http://www.cnn.com/2009/US/04/21/pentagon.hacked/index.html
- “Google hackers duped system administrators to penetrate networks, experts say.” http://www.washingtonpost.com/wp-dyn/content/article/2010/04/20/AR2010042005300.html
- “Sovereignty in Cyberspace: Can It Exist?” PW Franzese, AFL Rev., 2009
- “Cybercrime: The Council of Europe Convention” K Archick , Congressional Research Service Report for Congress, 2006
- “Software That Fixes Itself”, Erica Naone. http://www.technologyreview.com/computing/23821/
- Security innovation Website http://www.security-innovation.org/