Cybercrime more than just a pesky computer virus
When we think of cybercrime, we tend to think of the latest pesky computer virus or some socially undeveloped individual trying to hack into a government Web site.
The truth is that cybercrime is serious stuff, and a real threat to any business with a presence on the Internet.
Therefore, my plea to President Bush is to enforce law and order on the Web.
Cybercriminals know that a corporation's information about its customers, as well as a company's intellectual capital, can be sold on the open market.
Customer data can be used to misappropriate funds, and intellectual capital can be auctioned to the highest bidder.
In a recent case in California, for example, a team of cybercriminals fraudulently billed more than 3 million legitimate credit card holders for supposedly purchasing pornography from a Web site owned by the criminals. The bad guys, in this case, collected about $30 million from their victims.
On a larger scale, it's conceivable that cybercriminals could take down telecommunications networks, our nationwide airline reservation systems, or our utility grids.
Despite these threats, as is the case with most "white-collar" crime, indifference toward cybercrime seems to be widespread.
My colleagues at Gartner believe that cybercrime is a serious threat that is largely being ignored. They predict that, due to inadequacies in cyber law enforcement, cybercrime will increase by two or three orders of magnitude by 2004.
Indeed, the indications are that cybercrime is already a serious problem that is getting worse. Case in point: Incidences of identity theft alone increased in 1999 by 47 percent.
Although Internet usage has taken off like a rocket, our national efforts to enforce law and order on the Web have been miniscule.
U.S. federal government spending on computer crime-related law enforcement is about $10 million annually.
That's not much when you consider that the United States has more than 16,000 law enforcement agencies. In fact, that comes out to roughly $625 per agency spent to fight cybercrime.
And the bulk of the money spent fighting cybercrime pays for about 300 agents who work for the FBI and Secret Service.
A Gartner colleague of mine estimates that it takes about $12,000 and two weeks of training to familiarize a law enforcement agent with the basics of cybercrime. So to bring us up to speed (train one officer in each law enforcement agency), we're talking about $192 million, Mr. President.
Also at issue is the fact that computer crime cases are hard to prove.
Prosecutors below the federal level are reluctant to touch them because these prosecutors are elected to their posts, and their constituents would rather see them prosecuting murderers and rapists.
I'm not trying to be inflammatory about the threat of cybercrime. The fact is that the Web offers criminals a vast range of opportunity for mischief. In this column, I'm talking about companies' exposure to cybercrime, but that is obviously not the only criminal threat on the Web.
The to-do list
The cadre of law enforcement agents who have become savvy about cybercrime have done a great job, but we need more of these trained experts.
Prosecuting attorneys also need training so they can pursue cybercrooks and better understand the ramifications of Internet crimes.
Clearly, we also need some kind of national response capability against military, criminal, or teerrorist threats to U.S. infrastructure.
We also need new, international institutions to enforce laws that have no geographic or political boundaries (because they happen on the Web).
And, finally, American companies need some guidance on how to protect themselves from cybercrime.