Greetings to all my fellow techies. This week CNN reported that with the year not yet half over, 47 percent of all Americans have had their personal information stolen online. These thefts come from many of the high-profile attacks, like what happened with Target, Adobe, Snapchat, Neiman Marcus, Michaels, AOL and eBay, but not any of the smaller, likely unreported breaches that happen every day.
Last week, I wrote about how I talked with FedRamp firms and got advice on how to craft a password that is difficult to hack. But doing that will only slow down determined hackers and does nothing at all if the core database your password protects has its information stolen. In that case, the best course of action is to have different passwords for every site so that your online protection doesn’t collapse like a line of dominoes.
The federal government has recognized the cyber threats, but so far has only made major moves to protect itself, not its citizens. For example, the United States Cyber Command was established in 2009 with the mission of protecting military installations and computer systems from intrusion. It is staffed with highly-trained cybersecurity professionals who are able to act when necessary to stop attacks and track down those responsible.
On the civilian side, the National Cyber Security Division, under the Department of Homeland Security, is supposed to protect citizens from cyberattacks. But its mission statement puts it in an advisory and cooperative role to help private firms secure their networks, and it also specifically mentions protecting “.gov” domains on its homepage, which again, does very little to help the average citizen.
The FBI is at least making an effort to fight cybercrime through its Cyber Crime center. It recently made a big splash in the news by posting several high-ranking Chinese government officials to the Cyber Crime’s Most Wanted list. I bet many people probably didn’t even know that a Cyber Most Wanted list existed, which is different from the more widely known Most Wanted List we sometimes see on the news or at post offices.
But even the FBI’s cybercrime fighting efforts only focus on the biggest offenders. It might investigate the Target breach, where 70 million people got hacked in one swoop. But try getting them to act when your personal laptop has its information stolen; in fact, try getting any law enforcement organization at any level to help out and investigate a small cybercrime.
Local law enforcement personnel are almost never trained to investigate computer crimes. And even if somehow an investigation takes place and a perpetrator is found — a very unlikely occurrence — there are jurisdictional issues that almost always crop up. Cyberspace has no real borders, while real-world law enforcement has to deal with criminals residing in other jurisdictions, states or even countries.
What is needed is a national organization trained to investigate, arrest and prosecute cybercriminals wherever they reside regardless of where the attacks are taking place or on what scale. In fact, we probably should have had this in place years ago when cybercrime was just getting started. Now that it’s essentially an industry worth billions of dollars, equal to the revenue of many Fortune 500 companies, there is a lot of catch-up needed.
Such an agency would need both cybersecurity experts and field agents. And it could get ahead of crime by training officers at local and state police departments in the skills of cybercrime investigation, so when someone calls to report such a crime, they could respond. Local police would only need to involve the new cybercrime fighting agency when more expert help is needed or when the suspected criminals are found to be residing in another jurisdiction.
I realize such an agency would cost money, and it would take a lot of effort to get it up to speed. But for a country full of people who have come to rely on technology, embracing it in almost every aspect of our lives, the cost of doing nothing or relying on the private sector to act as its own police force is far higher. America is a soft target for cyber criminals, and only the power of the federal government can start to organize efforts and change that for the better. It’s something we should all demand.