Dr. James Lewis of the Center for Strategic and International Studies (CSIS) is one of the four testifying witnesses. The other witness hail from RAND, McAfee, and Carnegie Mellon University. Dr. Lewis answers a question from Chairman Pearce regarding the countries best at handling cybercrime (minute 45):
Thank you Mr. Chairman. There's a good correlation between countries that have strong law enforcement systems and punishment for cybercrime. So if you're a cybercriminal and you live in the US or the UK or France or Germany your life expectancy is probably only about three years before you're caught and go to jail. In places that have weak cybersecurity laws like Brazil or countries other developing countries um you see a growth in criminal activity. So the effort here is to have strong cyber security laws -- the U.S. leads in that with the Budapest Convention -- and to develop new ways to cooperate on the exchange of evidence and on efforts to take down networks. So currently there is no central place that does this. The UN has a committee on crime that is trying to develop a more common approach but the differences among nation make it hard to get... cooperation. Thank you.The hopeful optimism of millennials at the birth of the internet may have been mistaken, according to Dr. Lewis. The internet has a dark underside, and is unduly vulnerable to cybercrime and cyber espionage. With the costs of engaging in cybercrime low, it has become ‘irresistible’ to criminals.
Various sources have ball-parked the impact of cybercrime as “the greatest transfer of wealth in human history” to a “rounding error in a fourteen trillion-dollar economy.” The exact costs can be difficult to determine as many losses aren’t reported or are difficult to quantify. In a 2018 CSIS and McAfee study called “Economic Impact of Cybercrime” it was estimated that cybercrime costs the global economy $600 billion a year, and will increase with the number of people on the internet, the number of transactions, a criminal's ability to monetize data, etc. Dr. Lewis offers that a healthy society can manage a certain amount of crime, around 0.5% to 1.5% of national income, without being dramatically burdened. It may be important for government to intervene to help set the standards for calculating costs.
Additionally, not all crime can be easily monetized, such as IP theft that may be hard to turn into money quickly. However, criminals are getting better at their craft and at selecting targets. Some factors that aid cybercrime are the use of cryptocurrencies with their ability to evade banking regulations and money laundering controls. The dark web and encryption also create safe havens for cybercrime. Criminals are becoming more sophisticated at choosing value rich targets including law firms, accountants, and investment companies where stolen data can lead to market advantage.
Some states harbor a larger volume of advanced cybercrime groups, such Russia and North Korea, and are less willing to work with western law enforcement. Russia, according to Dr. Lewis, views its cybercriminals as a strategic asset.
Dr. Lewis suggests several mechanisms to get a handle on cybercrime, including punishing states that support cybercrime, banning cryptocurrencies and related “mixing services” designed to evade money laundering requirements, and the widespread adoption of cybercrime laws with the best vehicle currently being the Budapest Convention. He suggests increased resources and technology for law enforcement agencies, increased international cooperation, and the modernization of tools like Mutual Legal Assistance Treaties (MLAs). Companies should ensure their cyber defenses are adequate where they are voluntary, or comply where they are regulated. International requirements in important sectors like finance could be harmonized to reduce the compliance burden on multinational companies. He also suggests developing common definitions and measurements for cybercrime and its costs.
HFS Terrorism and Illicit Money Subcommittee hearings held after the above:
- March 20, 2018 “Exploring the Financial Nexus of Terrorism, Drug Trafficking, and Organized Crime”
- May 16, 2018 “Implementation of FinCEN’s Customer Due Diligence Rule”
- June 20, 2018 “Illicit Use of Virtual Currency and the Law Enforcement Response”
- July 12, 2018 “Countering the Financial Networks of Weapons Proliferation”
- September 7, 2018 “Survey of Terrorist Groups and Their Means of Financing”
No comments:
Post a Comment