Published 02/03/2004
Cybercrime and cyberterrorism continue to pose serious threats to the social, commercial and economic infrastructure of our country. But before we can begin to assess the extent of the problem and reduce the threat, we need accurate data on the prevalence of cybercrime. The San Diego Supercomputer Center (SDSC) hosted a workshop January 13, 2004 to explore this problem and to identify possible solutions. The National Institute of Justice, a component of the US Department of Justice, is supporting nationwide efforts to better understand and deal with the serious problem of cybercrime in consultation with select groups of industry, government and research professionals. As part of this ongoing effort, the first Cyberincident Reporting Workshop was designed provide insight and thought leadership into the issues and solutions involving the reporting of cyber crime.
Traditional crimes against persons and property are routinely reported to law enforcement, but cybercrime victims, like blackmail victims, have strong incentives to not report occurrences to law enforcement - for example, fear of lawsuits by customers whose information is stolen, or loss of prestige in the marketplace and loss of revenue to competitors. Despite indications that damages are proliferating, cybercrimes remain grossly under-reported; incidents often are handled within an affected enterprise by the organization's internal security support, network administrators, and legal staff. Failure to report cybercrimes cripples our ability to measure their aggregate effect on society, to know where individual organizations are at economic risk, and to justify spending resources on enforcing the law and preventing future crimes.
The SDSC conference was organized and led by SDSC's acknowledged authority in the new field of cyberlaw, Erin Kenneally, M.F.S., J.D., and by Wadad Brooke Dubbelday, Ph.D., of the Border Research & Technology Center, SPAWARSYSCEN, U.S. Navy. The event drew approximately 30 participants from across the nation. Attendees included Bill Gore, former Special Agent in Charge of the FBI's San Diego Office, and 28 other respected experts from such organizations as the National Institute of Justice, , the FBI Regional Computer Forensics Laboratory, the California Attorney General's Office, the San Diego District Attorney's Office, CATCH (the Southern California High Tech Task Force), the Joint Council on Information Age Crime, and several corporations active in security, banking, and financial services.
Patricipants were enthusiastic and agreed on the usefulness of the discussions, and preliminary recommendations resulting from the workshop are being drawn up. The impact of a new California law that requires organizations to report compromise of confidential data about individuals was a topic of much discussion. Similarities of the cybercrime problem to the automobile industry's legal requirements and procedures for reporting accidents and product defects were noted, as were the lack of generally accepted metrics and standards for how to collect data and what to measure.
The workshop will result in a report to the National Institute of Justice with practical, specific suggestions on means to address under-reporting of cybercrime incidents. It also will result in revisions to a handbook published by the High Technology Crime Investigation Association (HTCIA) titled Working With Law Enforcement to Abate Cyber Crime. SDSC expects to host additional workshops on this and similar themes in the near future.