Cybercrime vs Cybersecurity@bact

APC Meeting, Manila, 28 Mar 2015

Relationship

• Cybercrime - [Undesired] ACTIVITY

• Cybersecurity- [Desired] STATE

• Cybersecurity threats: criminals, terrorists, spies, malicious cyber actors

Different “Cybercrime”• Narrow sense: Computer crime

• “any illegal behaviour directed by means of electronic operations that target the security of computer systems and the data processed by them”

• Broader sense: Computer-related crime

• “any illegal behaviour committed by means of, or in relation to, a computer system ornetwork, including such crimes as illegal possession and offering or distributing information by means of acomputer system or network”

Different “Cybercrime”

• Narrow sense: Computer crime

• Computer as TARGET

• Broader sense: Computer-related crime

• Computer as TOOL

Strengthen “Cybersecurity”• Strategies/action plans aimed to strengthen

cybersecurity

• Government security

• Protection of critical information infrastructures

• Fight against cybercrime

• Awareness raising, Education

• Response (incident response team - CSIRT / CERT)

CII - Link to National Security• Critical information infrastructures (CII)

• “interconnected information systems and networks, the disruption or destruction of which would have a serious impact on the health, safety, security, or economic well being of citizens, or on the effective functioning of government or the economy” (OECD)

• National CII: Information components supporting critical infrastructures; Information infrastructures supporting essential components of government business; Information infrastructures essential to the national economy

• Critical infrastructure

• “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters” (US)

Resources• [ITU] Understanding Cybercrime: Phenomena, Challenges and Legal Response http://

www.itu.int/ITU-D/cyb/cybersecurity/

• [OECD] Cybersecurity Policy Making at a Turning Point: Analysing a New Generation of National Cybersecurity Strategies for the Internet Economy http://oe.cd/security

• [EU] Digital Agenda for Europe: Cybersecurity http://ec.europa.eu/digital-agenda/en/cybersecurity

• [EU] EU International Cyberspace Policy http://eeas.europa.eu/policies/eu-cyber-security/

• [EU] Directive 2013/40/EU on attacks against information systems http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32013L0040

• [Council of Europe] Convention on Crime http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG

• [NATO] Cyber Security Strategy Documents https://ccdcoe.org/strategies-policies.html

Resources (2)• [US] US cybercrime: Rising risks, reduced readiness Key findings from the 2014 US

State of Cybercrime Survey http://www.pwc.com/cybersecurity

• [US] Executive Order (EO) 13636 Improving Critical Infrastructure Cybersecurity

• [US] Presidential Policy Directive (PPD)-21 Critical Infrastructure Security and Resilience

• [US] Presidential Policy Directive (PPD)-28 Signals Intelligence Activities

• [US] U.S. Code Title 42 Section 2000ee Privacy and Civil Liberties Oversight Board

• [Singapore] National Cyber Security Masterplan 2018 http://www.ida.gov.sg/Collaboration-and-Initiatives/Initiatives/Store/National-Cyber-Security-Masterplan-2018

• ASEAN ICT Masterplan 2015 http://www.asean.org/resources/publications/asean-publications/item/asean-ict-masterplan-2015