|
CyberSecurity |
| Navigation Links:
- Agencies - Cryptography Crimes Against Network - Worms, Viruses, Attacks - Hackers - DOS - Wireless Malware - Cyberwar - Network Reliability - Infrastructure Protection Crimes Over Network - CyberStalking - Fraud - - Auctions - - Phishing - Gambling - Hoaxes - ID Theft - Offensive Words Info Gathering - Wiretaps - CALEA - ECPA - FISA - Forensics - Carnivore - Patriot Act - Data Retention - Safe Web Act Emergency - EAS - Assessment - Reliability - Vulnerabilities :: Feedback :: :: Disclaimer :: :: Sitemap :: |
There is no doubt that as individuals, as businesses, and as a nation as a whole, we are increasingly at risk if we choose to do nothing in the face of our growing infrastructure vulnerabilities. These risks are real. We don't need to wait for a catastrophe to occur - indeed we must not allow a catastrophe to occur - in order to recognize that much work needs to be done. - Ronald L. Dick, Director US National Infrastructure Protection Center September 5, 2001
Derived From: Public and Private Entities Face Challenges in Addressing Cyber Threats, GAO-07-705 (June 2007)
"Cybercrime is a threat to U.S. national economic and security interests. Various studies and expert opinion estimate the direct economic impact from cybercrime to be in the billions of dollars annually. The annual loss due to computer crime was estimated to be $67.2 billion for U.S. organizations, according to a 2005 Federal Bureau of Investigation (FBI) survey. The estimated losses associated with particular crimes include $49.3 billion in 2006 for identity theft and $1 billion annually due to phishing. These projected losses are based on direct and indirect costs that may include actual money stolen, estimated cost of intellectual property stolen, and recovery cost of repairing or replacing damaged networks and equipment. In addition, there is concern about threats that nation-states and terrorists pose to our national security through attacks on our computer-reliant critical infrastructures and theft of our sensitive information. For example, according to the U.S.-China Economic and Security Review Commission report, Chinese military strategists write openly about exploiting the vulnerabilities created by the U.S. military's reliance on advanced technologies and the extensive infrastructure used to conduct operations. Also, according to FBI testimony, terrorist organizations have used cybercrime to raise money to fund their activities. Despite the reported loss of money and information and known threats from adversaries, there remains a lack of understanding about the precise magnitude of cybercrime and its impact because cybercrime is not always detected or reported (cybercrime reporting is discussed further in our challenges section).
"Numerous public and private entities (federal agencies, state and local law enforcement, industry, and academia) have individual and collaborative responsibilititelephonetelephonees to protect against, detect, investigate, and prosecute cybercrime. The Departments of Justice (DOJ), Homeland Security (DHS), and Defense (DOD), and the Federal Trade Commission (FTC) have prominent roles in addressing cybercrime within the federal government. DOJ's FBI and DHS's U.S. Secret Service (Secret Service) are key federal organizations with responsibility for investigating cybercrime. State and local law enforcement organizations also have key responsibilities in addressing cybercrime. Private entities-Internet service providers, security vendors, software developers, and computer forensics vendors-focus on developing and implementing technology systems to protect against computer intrusions, Internet fraud, and spam and, if a crime does occur, detecting it and gathering evidence for an investigation. In addition, numerous partnerships have been established between public sector entities, between public and private sector entities, and internationally to address various aspects of cybercrime. For example, the Cyber Initiative and Resource Fusion Unit is a partnership established among federal law enforcement, academia, and industry to analyze cybercrime and determine its origin and how to fight it.
"Federal and state governments and other nations have enacted laws that apply to cybercrime and the legal recourse or remedies available. In addition, there are international agreements to improve the laws across nations and international cooperation on addressing cybercrime. Some federal statutes address specific types of cybercrime, while other federal statutes address both traditional crime and cybercrime."
- Computer Fraud and Abuse Act 18 USC 2030
- ID Documents Fraud 18 USC 1028
- Aggregated Identity Theft 18 USC 1028A
- Fraud in Connection with Access Devices 18 USC 1029
- Wire Fraud 18 USC 1343
- Prosecutorial Remedies and Other Tools to end the Exploitation of Children Today (PROTECT) Act of 2003 18 U.S.C. §§ 1466A, 2251, 2252A, 2423
- Child Pornography 18 U.S.C. § 2252
- Federal Trade Commission Act 15 USC 45
- Can Spam Act 15 U.S.C. § 7701, 18 U.S.C. § 1037
- USA Patriot Act
- The Adam Walsh Child Protection and Safety Act (misleading domain names designed to confuse kids)
| Threats | Agency [REVISE THESE LINKS] |
| Threats Against the Network | |
Whitehouse DHS Lead Agency (Prevention, Alerts, Info Sharing, Recovery) DOJ (enforcement, investigation) DOD DOC NSA CIA NSF (funding for R&D) |
|
| Cyberwar | DoD |
| Telecommunications | FCC |
| Threats Over the Network | |
| Spam | FTC (Prevention, Consumer Info, Info Gathering, Enforcement) FCC (SMS Spam - Prevention, Enforcement) |
| Fraud | FTC (Prevention, Consumer Info, Info Gathering, Enforcement) DOJ (Enforcement) |
| ID Theft | FTC (Prevention, Consumer Info, Info Gathering, Enforcement) DOJ (Enforcement) |
| Offensive Content on the Internet | DOJ (Enforcement) DHS |
| Gambling | DOJ (Enforcement) |
| eMedicine, Drugs | DOJ (Enforcement) |
| Alcohol Tobacco Sales | DOJ (Enforcement) - ATF |
| Hacks to Personal Computers | DOJ (Enforcement) - Computer Crimes and Intellectual Property Section - FBI |
| CyberStalking | DOJ (Enforcement) - FBI |
| Financial, Investing | |
| Illegal Wiretaps | DOJ (Enforcement) - FBI - Computer Crimes and Intellectual Property Section |
Hearings & Reports
- CyberSecurity: Protecting America's Critical Infrastructure, Economy, and Consumers, Subcommittee on Telecom and the Internet, Sept 13, 2006
- “The Economic Impact of Cyber Attacks.” CRS 2004
- “Cybersecurity—Getting It Right: The Importance of Research in Cybersecurity and What More Our Country Needs to Do,” on July 22, 2003. Subcommittee on Cybersecurity, Science, and Research Development of the US House of Representatives Select Committee on Homeland Security
- "Overview of the Cyber Problem: A Nation Dependent and Dealing with Risk,” June 2003 Subcommittee on Cybersecurity, Science, and Research Development of the US House of Representatives Select Committee on Homeland Security
- Critical Infrastructure Protection: Who's in Charge, GSA before Committee on Governmental Affairs (Oct 2001)
Links
- Economics of Information Security (ECONSEC)
- Economics and Security Resource Page Ross Anderson
- CMU Usable Privacy and Security Laboratory
