this might as well read “The Internet is infected and WORLD citizens are paying a steep price …”. But, I agree. There is a hesitancy for the Congress to mandate measures to state and local that will provide better protection and better tracking/prosecution of these computer criminals(note, hackers are not necessarily criminals and skateboarding is not a crime). The US is designed around “local” governance, not Federal mandates. The state rights fight, and protecting the little guy from big brother. On top of this who do we ask? Currently every faction of the fed is fighting for this turf. FBI, NSA, DHS, DOJ, Secret service, USAF and now the Whitehouse wants to directly manage it. We pay for this with a slow national government …and foreign governments are just slow.
So, knowing this, asking the US gov. to manage a unified front against a worldwide problem is a difficult proposition. Once over that hurtle, The next is to what end. We find these attackers and maybe have heavy fines and prison sentences. At this point we are looking at creating a new set of laws maybe suspend posse comitatus, maybe rendition or mitigation with extreme prejudice?

Its not an easy answer like.. the government should fix it. OBTW the same government that runs the TSA. But the fix is in the slow change that comes with time, volunteering, participation and sacrifice.

While I agree that the government needs to be more proactive. I believe the solution will need to come from a concerted effort between the private sector and government. We act like the government is an all powerful being, when, in fact, government agencies are the whole reason why we are behind the power curve on this issue. Certain agencies who had the capability to have systems in place and increase manpower and training as the Internet grew from the ground up did not do so. Hackers were around since the very beginning of small computer networks. The whole Internet Security idea has been talked about for the last 10 years as a “new concept” and the government side is much further behind than the commercial sector on protecting themselves. Goverment has been playing defense and catchup for a very long time and I have worked in these areas and discussed these things with people on the inside of the problem.

There are no easy answers but one of the biggest problem is simply a lack of manpower. Lack of manpower is followed by a lack of educated or experienced individuals who will work in government. Next we have the fact that most cyber security jobs related to government that makes the biggest difference are those requiring a security clearance. This security clearance issue further compounds the manpower problem. Therefore, manpower, government bureaucracy, and training or education and experience remain the biggest hinderance for being proactive.

Commercial sector defenders have much more experience in the realm of seccurity itself while government can supply intelligence (law enforcement and otherwise) as well as some special technology. Moving forward government should work closer with the commercial sector and radically change the cyber missions of agencies command and control or organizational structures and policies to become *real* centers of excellence. Otherwise, the battle is being lost – as some have commented…the bad guys are always one step ahead.

there are multiple ways to control C.C. theft. All very high in cost and this is why they are not applied.

A simple example is to verify charge via a call or SMS to the card owner. This will insure that no charge will be made without proper authorization.

Another thing someone can do it, is to use a token , similar to the one we use for web banking. It can also generate a proper authorization code, even on the spot while buying something. Still something that costs extra , not to mention that Banks would have to upgrade both hardware and software.

Now when it comes to Identification theft, lets focus on the human factor. Which is always the most vulnerable one. People tend to put personal details on Facebook, MySpace, or even give them willingly over the phone to a supposed researcher who is asking questions over the speaker for his “survey”. People need to train. There should be an equally balanced effort from both govt and public. Otherwise nothing will work.

Hackers are no idiots. They do not aim at highly protected hardware infrastructure. They target the individual. The weakest link. The simple guy who does not update software, does not know how to use a firewall or how even to close down the phone to someone who is being “pushy” as to get info from him/her.

No matter what a company or state will do , if the person who is in charge of his own property does not know train on how to do it, then i do not see a way on how to protect ID, C.C. or even access to my place of work via an infected laptop with a trojan.

“With the recent reports that the US Energy grid/Infastructure has been compromised, the US Government is facing multiple issues regarding cyber attacks that could be potentially devastating. Spying from countries from China & Russia are no surprise, and I am sure that the US has been conducting cyber snooping of their own over the last 20-30 years, however there does not appear to be a unified stance coming out of Washington on what the IT security priorities are specifically. A Washington insider recently confessed to me that the battle was being fought between agencies within to determine who is responsible for certain segments, but there must be a convergence of multiple groups to truly make the programs effective, in my opinion.”

First off, I work for my agency’s IT Security Officer, so I am in line with the whole “security first” thought path. I just see the frantic building of “better” security as the answer to these threats as cartoonish. Ever watch a cartoon as a kid where the protagonist, a guy, a duck, whatever tries to make his home mouseproof, or rabbitproof, or chipmunk proof? It becomes an arms race and finally ends up with the protagonist standing proudly in the smoking ruins of his home proclaiming victory while the little furry pest peeks out from the rubble and laughs. It is far easier to break something than build it, thus the advantage will always be with the black hats. You were right when you said there were deep cultural issues to be addressed. I’m not sure government subcommittees with all their meetings and reports are going be effective here. The black hats do not fear our consequences. And mostly our weapons are talking men in suits. Perhaps we need different ordnance. A hacker squad of our own going after them… Hmm. Now I see it all in a movie with Bruce Willis emoting away as he types furiously on a keyboard… Well, obviously I don’t have any answers!

“ They could, great firewall of china style… but should they… as a country that prides its self on the concept (even if not totally true) that we are open, It would, I feel, damage/erode free commerce as it exists. Instead the Government should do more to build out networks separate from the commercial infrastructure for data and communications and only allow minimal entry and exit points for traffic, all military and government contractors would then be required to be attached to this new system with out the need to mess with the rest of the commercial networks and systems. Companies should be required to handle there own issues, security is not a area large business’ can ignore any longer.”

Matt International crime is not solely a US problem. The biggest issue we have in tackling international hacker rings is getting better cooperation between law enforcement agencies throughout the world. This is also compounded by different legal systems in each jurisdiction. What may be illegal to do in one country may not be illegal in the next. For police to tackle online criminals takes a lot of time and effort to ensure correct legal due process is followed in each of the jurisdictions. The criminals on the other hand do not have these restrictions. I would also say that the problem is not just one for governments to tackle, US or otherwise, but preventing crime is everyone responsibilities. Too many companies, organisations and individuals do not take information security seriously. This people then end up either as victims of these criminals or their networks and computers used as part of botnets for the criminals to attack others. So tackle online crime we need better awareness amongst businesses and individuals on how to protect themselves when online and also encourage each of our own governments to provide law enforcement with the necessary resources and legal support to deal with online crime properly”

“I agree, as I read on the news the US shutdown of mccolo (*) is, in my opinion a good example of coordination between government and industry but had limitation in being been mostly reactive. From proactive security stand point, industry and government can benefit coordinating the efforts to target high risk threats for identity theft and internet fraud such as malware delivered botnet controlled phishing. Preventing measures for internet systemic risks such as DDoS (Distributed denial of service) from my opinion could benefit the most from coordination between US and other countries. (*) [http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html|leo://plh/http%3A*3*3voices%2Ewashingtonpost%2Ecom*3securityfix*32008*311*3the_badness_that_was_mccolo%2Ehtml/U9Cd?_t=tracking_disc]“

“In short, yes I agree, we need to do more. However, we face a more immediate threat of greater magnitude from the even more organized cyber espionage and intrutions by nation states and non-state actors against our national security related entities. Yes crime costs money, but the backdoors and “sleeper programs” implanted by intell agencies will cost lives in the event of an attack. What I consider a lesser threat, but more a likely one is the confluence of cyber crime with terrorists. A well financed terrorist organization can “hire” the very powerful capabilities of cyber criminals and gain the ability to effectively attack us. They cannot match the potential power of a nation state, and therefore could attack us as a nation, but they could focus on a region, or an industry sector, or a corporation / Gov’t Agency, and effectively bring then down. Clearly, the National Gov’t needs to do more, but the rub is not killing commerce, and privacy/civil liberties in the process. Of less concern, but equal difficulty is that to do this right, we need to break a good bit of structural “china”, and change some time honored Washington sacred cows over money and authorities. Right thing to do? Absolutley! Easy it will not be.”