Cyber Hearings 2010 - Part 1

Proposed Cyber Hearings on Malicious Cyber Activity and Cyber Crime

I believe that the problem of malicious cyber activity should be explored in a series of globally televised hearings conducted by coalition of representatives of private sector and, hopefully, governmental organizations. This series of posts is designed to facilitate brainstorming and discussion with Cybercrime.TV members, and between you and your colleagues about the issues and focus that might be of greatest interest.

The proposed hearings could work to highlight the need for national and international assessments of the magnitude and components of the problem, and enhanced collaboration and information sharing nationally and internationally to:

• identify the most significant malicious actors and those who enable their conduct;
• engage key government and private sector stakeholders to work together to reduce the number, frequency, impact, and risk of malicious activity;
• inform policy, best practices, and research and development efforts in meeting this challenge; and
• promote transparency and accountability to drive progress.

Among the possible outcomes, might be (1) to seek funding to create a public-private, federated information collection, processing, and sharing capability regarding malicious actor and enabler information; and (2) to create a public-private advisory or steering committee that can recommend how to organize, develop, and implement a strategic approach to address the problem of malicious cyber activity.

I recommend that the first hearing focus on a current cyber crime problem -- funds transfer fraud/theft -- affecting customers of financial institutions that illustrates both the harm and challenges involved in addressing the problem of malicious cyber activity in a strategic, holistic manner.

A second hearing (or the second part of the first) could include testimony from international and U.S. witnesses (e.g., U.S.: DHS, USSS, FBI, Internet Crimes Complaint Center, Defense Cyber Crimes Complaint Center, National Cyber Forensics and Training Alliance; security companies based in the U.S.: Symantec, McAfee, IBM; International: Interpol, G-8 High Tech Crime Group, UK government (Cyber lead: Steve Marsh and/or CPNI), Australian government, Canadian government, European Commission; and major national CERTS, including AusCERT, Japan CERT, and ENISA) to explore:

• how malicious cyber activity impacts national security and economic well-being;
• the quality of information on the nature, magnitude, and trending of the problem;
• how well key government and private sector entities are working together and sharing information to not only identify and punish wrongdoers, but actually reduce the problem.

In my next post I will provide some background before establishing a point-of-view.