|
|||
January 15, 2003 |
U.S. Department of Justice
Criminal Division Office of the Deputy Assistant Attorney General Washington, DC 20530 |
||
|
|||
Deputy Assistant Attorney General Malcolm's |
|||
I want to thank you for including me in this important discussion about the significant challenges of cybersecurity and cybercrime that face all of us. I. Globalization of crime These advancements, however, come with significant risks and responsibilities. From a law enforcement perspective, it is clear to me that our ability to successfully secure our networks will depend entirely on our ability to develop and implement a coordinated response to illegal activities that occur over those networks. This will require at least four tiers of action.
The need for technically-capable investigators who are dedicated to combatting high-tech crime is critical. Such experts must be available 24 hours a day 7, days a week, and must be supported with the best equipment available and be kept abreast of all changes in technology that might affect how cybercriminals do what they do. We are clearly no longer in an age where law enforcement agents can defeat criminals with a badge, a flashlight, and a gun. When it comes to cybercrime, this new breed of villains requires new skills and tools for law enforcement. It is a new world, and law enforcement must be prepared to face the challenges posed by that new world. Along that same vein, governments must improve their abilities to locate and identify criminals. Because of the speed and sophistication of cyberattacks and the ephemeral nature of the evidence left behind, law enforcment officials must get timely access to information and to traffic data without alerting the customer that such access is being provided. Procedural mechanisms must also be in place to preserve that data, in appropriate cases, for use in ongoing investigations and eventual prosecutions. B. Coordination among components of government As we work to amend government policies, rules, and regulations on a range of communications, technology and e-commerce issues to achieve better coordination and to advance the goals of effective law enforcment and enhanced publi safety, we must guard against unintended consequences, such as stifling the growth of the Internet or chilling open communication. We must do everything we can to ensure that, in our zeal to combat network crime, we do not needlessly sacrifice cherished civil liberties enjoyed by the citizens of our respective countries. This is a delicate balance that each of us will need to face. C. Cooperation among governments Because Internet access is available in over 200 countries and criminals can route their communications through any of these countries, the law enforcement challenges that we all face must be addressed on as broad a basis as possible. It is critical that each of these countries enact sufficient laws to
criminalize computer abuses and unauthorized access to computer systems.
Where Country A criminalizes certain conduct and Country B does not, a
bridge for cooperation may not exist. You will recall, for example, the
I Love You virus that was released in 2000. In that case,
the individual who released the virus was a Philippine citizen, a country
which at that time did not criminalize unauthorized access to computers.
While we must obviously respect the sovereignty of each others countries, we must learn to work together to investigate cybercriminals who take advantage of the borderless nature of the Internet to commit and conceal their crimes. When it comes to combatting cybercrime that crosses borders, like a chain, we are only as strong as our weakest link. Happily, such efforts are already underway and are deserving of our attention in this ever-changing environment. For example, the Council of Europe Cybercrime Convention provides a significant roadmap to ensuring that governments have well-developed and comprehensive legal and policy regimes for dealing with network crime. Similarly, the OECD Network Security Guidelines provide sound principles and guidance for online protection. There is also a growing network of high-tech points of contact in 30 nations (so far) that are available 24 hours a day, 7 days a week to provide assistance to other countries on matters involving electronic evidence even in physical world crimes such as murder or kidnapping. This network was begun, and is administered, by the countries of the G8, but all countries with the necessary capacities have been urged to join. D. Partnering with Industry In the United States, for example, it has been estimated that roughly
85% of our critical infrastructure is controlled by the private sector.
Clearly the private sector must play a leading role in assuring security
and confidence in our shared networks, and governments must be prepared
to work closely with industry at a variety of levels to respond to the
problems associated with network security. In addition to developing a partnership based on trust and experience between government and the private sector when it comes to network security and law enforcement, we should also form a partnership to educate the public about computer security and to raise the level of awareness about computer responsibility an area of so-called cyberethics. We must do a better job of educating the public about the risks of identity theft, theft of other personal and private infomation, and malicious worms and viruses from failing to take certain precautions. We must also do a better job of teaching people that hacking and copyright theft is not good sport, but rather its wrong and causes real economic, and possibly physical, harm to others. In this regard, the Department of Justice has supported President Bushs National Strategy to Secure Cyberspace and is actively reaching out to organizations and companies to focus national attention on cybersecurity and on advancing proper cyber-social behavior. In conclusion, I note that many of the distinguished industry experts and government leaders who must play a role in meeting the challenges of cyber crime and in creating a culture of security are in this room. Although we often serve different societal interests, we meet here today with one common goal: to keep our countries' computer networks safe, secure and reliable for our citizens and businesses. I look forward to listening to your views and to working with each of you to make that goal a reality. Thank you.
|
|||
|
|||
Go to . . . CCIPS Home Page || Justice Department Home Page Last updated February 12, 2003 usdoj-crm/mis/krr |