Developing a Common Vocabulary to Fight Cybercrime
November 20, 2013
Internet security and stability depend increasingly on cooperation between all parties involved, and such cooperation can be crucial to successfully fight against the growing number of information security incidents on the Internet.
“The sum of each and every individual action will make problems easier to tackle. We must develop a common vocabulary.” With this statement, Cristine Hoepers, senior security analyst and general manager at CERT.br, called on LACNIC 20 attendees to double their efforts towards achieving significant improvements in Internet security and stability.
While participating in LACNIC 20, Hoepers delivered a keynote presentation titled “Cybersecurity, Cybercrime, Cyberwar, Cyberespionage… can the Internet make the situation better?” during which she asked everyone to “put aside their preconceived ideas” in order to address the difficulties that are appearing throughout the region.
Speaking to LACNIC News, Hoepers admitted that the key lies in that every player must adopt the same security practices.
(Free access, no subscription required)
– What are the most common or frequent computer security incidents at regional level? Has the number of incidents increased lately? Is it possible to quantify the losses caused by computer security incidents in Latin America?
– There is no formal, statistically based study available that can show us what the scenario looks like for the region. Available indicators are based on voluntary reporting or online surveys. As we know, however, none of this data reflects the actual costs or the true extent of the problem, largely because affected organizations are not always motivated to make public the information regarding the costs and impacts of an incident on their operations.
Nevertheless, many public sources of information on malicious activities exist around the world and these show that, in our region, many problems involve large numbers of home computers infected by Botnets that are used to attack other networks or to send spam. This type of activity has landed many of the region’s networks on blocking lists, and has, for everyone involved, an impact that is hard to measure, which is the bad reputation of our networks and being considered by many as a “bad neighborhood.” If the region’s operators do not take the necessary steps to implement best practices as well as to recover botnets and antispoofing (BCP 38), the problems may worsen and become increasingly difficult to mitigate.
– What are the most common or frequent computer security incidents at regional level? Has the number of incidents increased lately? Is it possible to quantify the losses caused by computer security incidents in Latin America?
– There is no formal, statistically based study available that can show us what the scenario looks like for the region. Available indicators are based on voluntary reporting or online surveys. As we know, however, none of this data reflects the actual costs or the true extent of the problem, largely because affected organizations are not always motivated to make public the information regarding the costs and impacts of an incident on their operations.
Nevertheless, many public sources of information on malicious activities exist around the world and these show that, in our region, many problems involve large numbers of home computers infected by Botnets that are used to attack other networks or to send spam. This type of activity has landed many of the region’s networks on blocking lists, and has, for everyone involved, an impact that is hard to measure, which is the bad reputation of our networks and being considered by many as a “bad neighborhood.” If the region’s operators do not take the necessary steps to implement best practices as well as to recover botnets and antispoofing (BCP 38), the problems may worsen and become increasingly difficult to mitigate.
– How important is collaboration between public and private, national and international stakeholders having different scopes and responsibilities in order to strengthen the practices and strategies implemented to mitigate computer security incidents in Latin America and the Caribbean?
– Cooperation between the various stakeholders is a key element. It can even be the factor that determines either the success or the failure of security and incident mitigation strategies. Internet security and stability increasingly depend on every stakeholder implementing best network operation and security practices.
The Internet is a distributed and multi-connected system, so each interconnected point should implement security and incident mitigation measures. CSIRTs or CERTs, as they are also known, are teams specializing in incident detection and mitigation who work in close cooperation, which allows exchanging technical information on new types of attacks and the most efficient mitigation techniques. This cooperation also allows reducing the impact of most attacks.
Another important aspect of increased cooperation between the various sectors is a clearer understanding of the true causes behind each problem, which can result in policies that effectively reduce the number of incidents or their severity. This dialogue should be encouraged even further at regional level and also within each individual country, so that legislators and governments will have appropriate data on the impact of public policies and new laws. Likewise, ISPs and the private sector need to see the implementation of best practices as an investment and a competitive advantage, as this will allow them to offer a more stable network and expose their users to lower levels of Internet risk.
– The Internet’s impact on people’s lives will continue to grow. What are the challenges for improving Internet security while, at the same time, improving the exercise of individual rights online?
– The first step in preventing the risks associated with the use of the Internet is to be aware that nothing is “virtual.” Everything that happens online, every transaction that is conducted over the Internet is real: the data are real and the companies and people with whom the user interacts are the same as those who are off-line. Thus, the risks that a person or company faces online are the same as they would face in their everyday lives, as online attacks resemble those that could occur on the street or over the phone.
This is why we must take the same precautions when using the Internet as we would during the rest of our daily activities. Examples of this include only visiting stores we trust; not disclosing personal data; when “going to the bank ” or “shopping center,” taking care not to volunteer information to strangers; not leaving the front door open; and so on.
Safe online behavior involves both applying technical solutions as well as adopting preventative measures.
Everyone should work to raise awareness among Internet users so that they will take the risks into account and know how to protect themselves. An example of how we are trying to contribute to the expansion of this awareness creating movement is the work that ISOC is carrying out in collaboration with CERT.br for the translation into Spanish of CERT.br’s “Cartilha de Segurança para Internet.” The goal of this initiative is to increase the reach of this educational material on Internet security. As the translation of the different chapters is completed, they are being made available at:
Cartilla de Seguridad para Internet http://cartilla.cert.br/
