To believe the data, the trends, the analysts and the other interested observers, lawlessness is the status quo in computer security.
I’m just talking here. And as a colleague of mine used to grumble, I know nothing…
But what happened to the implied social contract of the internet?
In society, the theory goes, people go about living without fear because of protection afforded by the policing function of government. In fact, the need for effective protection arose from an inability of ordinary individuals to curb lawlessness.
And where does lawlessness stem from? Criminal minds, of course. That is the purview of criminologists, right? Criminology theoretically draws on the study of multiple disciplines from biology to anthropology. Crime relates to a multiplicity of conflicting and convergent influences, so any understanding of causality remains hard to pin down.
In general, however, security implies prevention – preventative measures and investigation of incidents after the fact (in theory to prevent future incidents and discourage wrongdoers). Most organizations are on their own in terms of prevention; and investigating is the last measure one would engage in if it involves outside help and notoriety.
Even if outside help were relied on, the nature of computer offenses is not something that lends itself to everyday recourses. In this country, there is a very disjointed system of governmental administration, including thousands of disparate municipal and county law-enforcement agencies and even more federal, state, and local agencies with specialized jurisdictions.
Whether or not you agree that computer security is a law-enforcement problem, the enforcers cannot be expected to create order from whole cloth; we’re talking about a criminal behavior quite different from the usual street crime.
That is, though crimes are considered injurious to society, the onus of cybercrime is addressed mainly by commercial products aimed at prevention of overt acts in private organizations.
People engaged in business should be able to go about being productive without concern that assets they create and work with will be drained and sold in cyberspace. This freedom of action has to be protected, and it is now only through a strange amalgam of government and private efforts.
Where does one begin and the other end?