One of the hottest topics at the Blouin Creative Leadership Summit this week was the issue of cyber security, due notably to the implications for multiple verticals of business and research. Cyber crime, as the last couple of years have shown, has no boundaries when it comes to exploiting private information. Government, financial, medical, retail, personal, and entertainment sectors have all been hit with digital criminal hacks over the last year alone. Some of them big profile.
One of the most important points in the BCLS panel was made by Shuman Ghosemajumder, vice president of Shape Security, and former Google employee. He emphasized that technology is constantly ahead of the law. “We are trying to impose a physical mode of thinking on something that doesn’t fundamentally work that way,” he said. We cannot physically go after cyber criminals, and our legal system currently takes months or years to prosecute criminals. Ghosemajumder pointed out: “If you’ve got a legal system that can take years to reach resolution in criminal action, that is far too slow to protect people in a real-time frame that works for them.”
Michael Kaiser, executive director of the National Cyber Security Alliance underscored that point as he said: “We’re still nascent here. We are a digital world but it wasn’t by design, it’s just happened… When you have that kind of rapid change, all the rules have to be rewritten…We move slower than the rate at which we are adopting the technology.”
Dr. Jean Camp, professor at the Indiana School of Informatics and Computing, noted a potential silver lining: the U.N. has been moving away from considering physical action in response to cyber attacks. Indeed, it’s important to understand the danger of labeling an attack that comes from China, for example, as a Chinese attack. Dr. David Thaw, assistant professor of Law and Information Sciences, University of Pittsburgh said that it is a lack of an agreement on norms, and added that oftentimes, hacks come from individuals who are not associated with government activity; therefore it is dangerous to use language blaming a whole country for the action of an independent cyber criminal. Because governments are historically the slowest entities to adapt to new technologies, this has been the pattern thus far.
Jody Westby, CEO of Global Cyber Risk LLP, said that cyber criminals are advanced in their investigation of cyber crime laws in every country; they are internationally savvy. Yet, this fact has received limited attention, alongside a lack of movement on how to govern the internet. Westby stated that countries should agree to cooperate and assist in combating and persecuting cyber crime. (See Westby’s interview with Blouin News here.)
The bottom line is: despite successes on both sides (criminal and law enforcement), there is still much work to be done to catch up with how quickly cyber criminals are evolving.