Cybersecurity: whose responbility is it to thwart Cyber Crime

The internet is actually the biggest technological network in existence. Connecting a sum of millions of super computers, computers, wireless gadgets and so on and so forth. With the internet, conference meetings can take place amongst different individuals at different points in the world. With the touch of a button a single message can be sent to thousands of recipients but this is just the internet revolution and as with all revolutions there are positive and negative effects.

For the internet it is cyber crime. The US Governments Department of Homeland Security (DHS), Secretary Janet Napolitano declared this October a National Cybersecurity Awareness month. This is an event that has been taking place for the past six years and has been an effort to combat Cyber Crime.

Cyber Crime involves everyone that uses the information superhighway and to effectively combat it, this years theme focus on including everybody is in good practice. Previously focus was on just industry and government but cyber security needs everyone involved to practice what the US Department of Homeland Security calls “cyber hygiene.” The DHS Secretary further elaborated:

“Americans can follow a few simple steps to keep themselves safe online. By doing so, you will not only keep your personal assets and information secure but you will also help to improve the overall security of cyberspace.”

In my view, all world wide web users are involved and should therefore share in the responsibility to ensure that our cyber world is safe. However not everyone knows about cybersecurity. The purpose of this post is to indulge everyone or statistically those who access this blog. The theme, “Our Shared Responsibility” was a great approach to involving everyone in the awareness.

In the DHS’s effort to involve a global audience a number of 1,000 cybersecurity experts are to be hired world wide. Secretary Napolitano said in her speech:

“This new hiring authority will enable DHS to recruit the best cyber analysts, developers, and engineers in the world to serve their country by leading the nation’s defenses against cyber threats.”

and further mentioned that:

“The department will look to fill critical cybersecurity roles, including cyber risk and strategic analysis, cyber incident response, vulnerability detection and assessment, intelligence and investigation, and network and systems engineering.”

Involving everyone would increase the chances to reach the number of professionals to be hired. In the article “The Cybersecurity Myth” by IT pro Bob Cringley he questions the availability of the 1,000 cybersec professionals.

“The number of CCIE’s with security as a certification is 2,300 for the entire world. Subtract the 50 percent who work for Cisco, then 50 percent again for those not working in the field any longer, and you get 500 Cisco CCIE Security Experts worldwide. The only way to get another thousand in three years is by training them. But, in the last four months with 800 available seats to sit for the Cisco CCIE Security exam only one person has passed!”

In disagreement a consultant Bob interviewed for his article mentioned that there are 1,000 cybersecurity experts, but the problem is that they already work as hackers, either grey hat or just evil black hat.

“Sure there are 1,000 (cybersecurity experts), but they are already employed… as hackers.” says the interviewee

I was quite skeptical at President Obama’s role in cybersecurity, but then I watched the President’s affirmation in this video link in a post by Cammie Croft at The White House blog and the following propositions by President Obama really go along way in thwarting cyber crime:

* Networks are to be considered strategic national assets and will be protected as such.

* A public-private partnership is needed to protect the privately-held infrastructure.

* Each of us who use the Internet must take responsibility for our actions and equipment.

In my opinion these are good first steps and should be implemented on a global platform by all governments as international Internet Security Policies.

In the video President Obama also mentioned appointment of a cybersecurity coordinator, however there is speculation on how soon this will happen and several people who might have been interested in the job will lose patience and withdraw their applications.

The Cybesecurity Act of 2009 is already making its way through Congress and this bill when enacted will give President Obama unprecedented authority over private-sector Internet services and applications. Several groups including the Electronic Frontier Foundation have concerns that this bill would give the federal government too much power to the point the American critical infrastructure would be Federal.

Amongst the concerns is loss of individual privacy, in example is the following bill provision:

“The Secretary of Commerce shall have access to all relevant data concerning (critical infrastructure) networks without regard to any provision of law, regulation, rule, or policy restricting such access.”

We all know that the cyber crime posses several risks in the security of critical cyber based infrastructures that is growing exponentially in different economies of the world. Cybersecurity is also complicated and there is a very thin line between security and privacy, here again we find ourselves in a quagmire.