BreachExchange mailing list archives
Greater urgency needed in fight against cybercrime
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 12 Nov 2013 00:07:28 -0700
http://www.irishtimes.com/news/crime-and-law/greater-urgency-needed-in-fight-against-cybercrime-1.1588522 The Edward Snowden affair has drawn worldwide attention to information security and protection of personal data online. While the information and communication technology of the digital age has transformed our lives for the better and remains vital to economic growth and our future prosperity, the security of that technology is of fundamental importance to the individual, to businesses and to the State. Intellectual property theft, data breaches and other kinds of cybercrime are becoming increasingly commonplace and now pose a very real threat to all sections of society. Only this week, it was reported that the credit and debit card details of up to 43,000 people may have been compromised by a large-scale cyber attack on an Irish company processing holiday bookings. The Snowden revelations have highlighted that data is the new gold, and that urgent action is required to ensure it is adequately protected. There is increasing awareness of the enormous cost of failing to protect ICT systems from attack and misuse for either terrorist or criminal purposes. Ireland’s position as a hub in the global digital economy and dependence on foreign direct investment in the ICT, pharmaceutical and financial sectors, mean that it needs to be at the forefront in ensuring its critical infrastructure is secure. Both Ireland and the European Union face the challenge of keeping legislation apace with rapidly-evolving threats. The European Commission put forward a major new package of reform during Ireland’s EU Presidency. The new EU Cybersecurity Strategy, published in February 2013, underlines that cybercriminals are using ever more sophisticated methods for intruding into information systems, stealing critical data and holding companies to ransom. It calls for a more united approach to ensuring an open, safe and secure cyberspace in Europe. The Commission has also put forward a new directive on measures to ensure a high common level of network and information security across the EU. The new legislation aims to address disparities between individual member states’ readiness to combat cyber attacks and to encourage better sharing of information between businesses, operators of critical infrastructure and governments on security incidents. The current lack of information-sharing, the Commission claims, is aiding criminals, compromising vital services and generating substantial financial losses for the EU economy. New obligations The directive would mean that Ireland and other EU members would have to put in place structures to deal with the protection of network and information systems, and that businesses would face new obligations to report security breaches to those national authorities. It also sets out the respective roles for the new European Cybercrime Centre, set up in January 2013, and the European Network and Information Security Agency (ENISA). The EU’s proposed legislation faces intensive debate in the coming months, but there is little question that urgent action is required at European level. The Snowden revelations and unauthorised surveillance and collection of European citizens’ data have given fresh impetus to moves to better protect individuals and their personal information in the online world. Closer to home, Ireland also faces the challenge of keeping up with new kinds of cybercrime in its domestic legislation. Ireland has signed but not ratified the 2001 Council of Europe Convention on cyber-crime, (known as the Budapest Convention), which provides a model for cooperation in combating cybercrime. While Section 5 of the Criminal Damage Act 1991 and Section 9 of the Criminal Justice (Theft and Fraud Offences) Act 2001 prohibits unauthorised use of a computer with intent to access data or for personal gain respectively, these Acts require constant updating if they are to capture the ever-evolving range of cybercrimes. The Data Protection Acts 1988 and 2003 are designed to regulate access, collection and use of personal data and require appropriate security measures be taken to prevent unauthorised use of such data. Given the rapid development of social media, mobile technology and digital communications in the last decade, the challenge of meeting new security and privacy demands is clear. These challenges will be explored in a major Cybersecurity Conference organised by the Institute of International and European Affairs (IIEA), which will take place this Friday at Dublin’s Mansion House. Speakers include President Obama’s Cybersecurity Coordinator, representatives from the European Cybercrime Centre and other EU agencies, security officers from major financial institutions, and the NATO Assistant Secretary General for Emerging Security Challenges. A key focus of the Conference will be the need for greater cooperation between the private sector and state bodies in addressing cybersecurity challenges.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Greater urgency needed in fight against cybercrime Audrey McNeil (Nov 13)