Cyber Security

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the relevant US laws relating to cybersecurity, and the methods they allow for monitoring, apprehending, and prosecuting cybercriminals. The discussion also discusses the problems exist in apprehending and prosecuting a cyber criminal who resides in another country, and what can be done to improve international cooperation in cybercrime.

Cybercrime

Cybercrime is described by (McAfee, 2017) as relentless, undiminished, and unlikely to stop.  It is just too easy and too rewarding, and the chance of being caught and punished are perceived as being too low. Cybercriminals at the high end are as technologically sophisticated as the most advanced IT companies and have moved quickly to adopt the cloud computing technology, artificial intelligence, Software-as-a-Service (SaaS), and encryption.  Table 1 summarizes the estimated daily cybercrime activity to illustrate the magnitude of cybercrime activities (McAfee, 2017).

• 

Table 1.  Estimated Cybercrime Daily Activity (McAfee, 2017).

The Cybercrime remains too easy since many technology users fail to take the most basic protective measures, and many technology products lack adequate defenses and security measures, while cybercriminals use both simple and advanced technology to identify targets, automate software creation and delivery, and monetization of what they steal.  The Monetization of stolen data, which has been a problem for cybercriminals, seems to have become less complicated because of the improvements in cybercrime black markets and the use of digital currencies.  Example of the series of cyber attacks is the WannaCry ransomware in May 2017, a type of virus that encrypts the user’ data and only releases it when a ransom has been paid.  This incident affected hundreds of thousands of computers across the globe.  The total cost of the WannaCry attacks, which is the United States, United Kingdom, and another attribute to the North Korean government, was estimated to exceed $1 billion.  WannaCry was soon followed by a destructive wiper-malware attack that wipes computers outright, destroying records from targeted systems without collecting a ransom known as NotPetya/Petya.  These examples exemplify the serious impact of cybercrime globally (Chernenko, Demidov, & Lukyanov, 2018). 

The Impact of Cybercrime

The current estimated cost of the cybercrime for the world has reached almost $600 billion, or 0.8% of the global GDP, according to a new report by the Center for Strategic and International Studies (CSIS) and McAfee.  Concerning the cost of cybercrime about the worldwide internet economy, $4.2 trillion in 2016, which can be viewed as a 14% tax on growth (McAfee, 2017).  The cybercrime technologies become much sophisticated. The governments need to implement new and more powerful technologies to fight this new breed of criminals (Janczewski, 2007).  There is a severe need to improve the current laws and regulations and the international cooperation against cybercrime (Chernenko et al., 2018). 

Laws and Legal Actions

The US has no single federal law which regulates information security/cybersecurity and privacy throughout the country, unlike the European Union.  Several states have their cybersecurity laws in addition to their data breach notification laws.  These areas are currently regulated by a patchwork of industry-specific federal laws and state legislation whose scope and jurisdiction vary.  The challenge of compliance for organizations which conduct business across all fifty states and potentially across the world is considerable. A summary of applicability, penalties and compliance requirements are discussed in (itgovernanceusa.com, 2018).

The International Organization for Standardization (ISO) often referred to as International Standards Organizations, joined with the International Electrotechnical Commission (IEC) to standardize the British Standard 7799 (BS7799) to a new global standard which is now referred to as ISO/IEC 27000 Series.  The ISO 27000 is a security program development standard on how to develop and maintain an information security management system (ISMS).  It involves a series of standards each of which addresses a particular aspect of ISMS.  The ISO 27032is a published cybersecurity guideline (Abernathy & McMillan, 2016).  Moreover, many enacted statutes address various aspects of cybersecurity, some of the notable provisions are addressed in (Fischer, 2014).

Moreover, recent legislation such as the European Parliament’s 2016 directive on the security of network and information system has taken the cybercrime into account. This legislation focused on threats to critical infrastructure and aimed to improve the cybersecurity measures to safeguard so-called essential services such as online marketplaces, search engines, and cloud computing services vital to business, governments, and individuals (Harris, 2018).

In the computer world, the evidence of cybercrime can be difficult to properly obtain and preserve so that it will be allowed as evidence in a court of law.  Due to the nature of the cybercrimes, most computer crime evidence is electronic, which can quickly be erased, modified, and tampered with.  After a computer crime such as a server attack is committed, an initial investigation by the network admin can quickly ruin evidence the attacker left behind.  Thus, some special procedures are required when acquiring and preserving evidence of a computer crime.  These procedures include preserving the incident environment, collecting evidence, data volatility, and retaining chain of custody of the evidence.  The evidence collection is a very critical aspect of the incident response. There could be physical evidence, logs, system images, screen captures, and camera video depending on the type of cybercrime. Each evidence needs to be carefully collected and preserved and protected from tampering (Harris, 2018). 

When the evidence is collected and required for the investigation and litigation, the legal hold is typically initiated.  The legal holds halt the backup and disposition processes and immediately places the personnel of the organization into data protection mode. Organisations must follow this procedure otherwise they can be at risk of losing required data for the protection of the legal situation.  Organizations are responsible for acting as soon as possible to protect data which might become evidence. Thus, organizations should work with legal counsel to better understand legal holds and how to act appropriately to avoid any fines or sanctions (Harris, 2018).

International Cooperation against Cybercrime

Urgent measures which are needed to preserve data at the national level are also required within the framework of international cooperation.  Chapter III of the Convention on Cybercrime provides a legal framework for international cooperation with general and specific measures, including the obligation of countries to cooperate to the widest extent possible, urgent measures to preserve data and effective mutual legal assistance (Council-of-Europe, 2018).

There are principles for international cooperation as provided for in Chapter III of the Convention on Cybercrime.  The international cooperation is to be provided among parties to the broadest extent possible. This principle requires parties to provide extensive cooperation to each other and to minimize impediments to the smooth and rapid flow of information and evidence internationally.  The second principle involves the extension of the cooperation to all criminal offenses related to computer systems and data as well as to the collection of evidence in electronic form related to any criminal offense.  The third principle states that the cooperation is to be carried out both by the provision of Chapter III and through the application of relevant international agreements on international cooperation in criminal matters, arrangements agreed to by uniform or reciprocal legislation, and domestic laws (Council-of-Europe, 2018).

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Chernenko, E., Demidov, O., & Lukyanov, F. (2018). Increasing International Cooperation in Cybersecurity and Adapting Cyber Norms. Retrieved from https://www.cfr.org/report/increasing-international-cooperation-cybersecurity-and-adapting-cyber-norms, Council on Foreign Relations.

Council-of-Europe. (2018). International Cooperation Against Cybercrime. Retrieved from https://www.coe.int/en/web/cybercrime/international-cooperation, Council of Europe.

Fischer, E. A. (2014). Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation.

Harris, S. (2018). Mike Meyers’ CISSP Certification Passport.

itgovernanceusa.com. (2018). Federal Cybersecurity and Privacy Laws Directory. Retrieved from https://www.itgovernanceusa.com/federal-cybersecurity-and-privacy-laws.

Janczewski, L. (2007). Cyber warfare and cyber terrorism: IGI Global.

McAfee. (2017). The Economic Impact of Cybercrime – No Slowing Down. Retrieved from https://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime-summary.pdf.