Symposium on Cyber Security

13 May 2011. Is it possible for the global community maintain an open and freely accessible cyberspace while still protecting against the ever growing threat of cyber attacks? This is one of the issues examined in depth during the 41st St. Gallen Symposium which took place 12-13 May, at the University of St.Gallen.

Guest speakers, Mr. Rafal Rohozinski, CEO of The SecDev Group and Dr. Rex Hughes, Cambridge University discussed the issue in a keynote address and a separate round table discussion.

How prevalent is cybercrime?
As cyberspace has become more prevalent in diverse societies throughout the world it has begun to be seen as a commonly held resource of the global community. However, for all of the positive impacts of cyberspace, there is also a growing threat of cyber attacks on both the personal and governmental levels.

"According to reliable statistics the threat of malicious software - that is software deliberately written to attack or exploit your systems - has been growing at a rate of approximately 100 per cent a year, every year since 2003," said Mr. Rohozinski who went on to refer to a study his company did with the Canadian government to measure the level of cybercrime.

The study found that of the out of forty-five billion emails sent per month, forty-four billion were spam or contain malicious software, and that of the one hundred and seventy-four billion dollars in online transaction a month, one-hundred billion could be considered money at risk.

While up to 65 per cent of internet users have at one time or another fallen victim to cyber crime, most perpetrators go unpunished. Though sometimes a cybercrime can be traced back to its source, law enforcement often cannot establish jurisdiction and in some cases, the technology and technique of the cybercrime is so new that - while it is clearly dishonest or fraudulent - it isn't technically criminal.

"On the personal level, if you are a savvy user you can probably provide a certain amount of personal security for yourself, but it doesn't mean you won't be the victim of someone else's stupidity as the Sony users just found out," said Dr. Hughes, referring to the recent cyber attack of Sony's gaming system in which a number of client's personal information was compromised.

Why is cybercrime rising so fast?

Cyberspace development isn't strictly technology based, but is largely influenced by the needs and demands imposed by its users. One place to look for to examine the rise of cybercrime is the shifting demographics of internet users and the needs of these new users.

America currently totals just over thirteen per cent of internet users, and America and the EU combined still constitute less than forty per cent. Currently, poor developing countries as well as failed and fragile states are the fastest growing countries for internet users.

The median age of within these countries is eighteen, and these new digital natives are using cyberspace, in both positive and negative ways. Some are - through online resources - accessing their rights and the global market in a way that simply doesn't exist for them otherwise. While for others the minimal risk and low financial investment of cyber crimes makes an almost irresistible temptation in poverty stricken nations.

"Cybercrime is a way for these people to enter into the global market place and earn money that is otherwise not available," said Mr. Rohozinski. "In many cases these crimes are imposable to prosecute, and it requires very little investment. So naturally there is a huge draw."

How can this be governed without being destroyed?

Obviously countries cannot go backwards and become less dependent on cyberspace, but how to move forward securely is presently an open question. A global approach similar to the United Nations seems unlikely as many governments don't agree on what cyber access should look like. Over half of all internet users worldwide are currently using the internet in a country where access restrictions are imposed.

National approaches can also be difficult because over regulating cyberspace can stifle innovation, development, and the openness of the cyber commons.

The way forward is still unclear, but what seems to be a possible path is on the national level to allow providers to be innovative in creating access, while being regulated reasonably. Then on a global level the regulation can be coordinated.

"Regulation is fundamental to getting it right," said Dr. Hughes, "and to put a positive note on this national regulators do currently talk to each other across borders and harmonize their actions."

Additionally, service providers in different countries already talk to each other and coordinate access more efficiently than most of their governments.

"Over securitizing cyberspace or overemphasizing the need to put rules and security into the system risks thwarting what cyberspace has become," Mr. Rohozinski concluded. "On the other hand letting it go and develop without any regulations risks the opposite as the criminal negative aspects will overtake the system. It's kind of damned if you do, damned if you don’t. We've got a recognize that the constitutive moment is here."