Ambiguous government Cybercrime Policy in cybercrime prevention
Executive summary
Cybercrime has significantly increased due to the latest advancement in technology and internet use. More and more sensitive information is uploaded online, which further increases the cases of cybercrime. As cyber, criminals have become more organized. Their activities continue to pose a significant challenge to both the government and the private sector. The government has therefore formulated numerous policies to combat the rising risk of cybercrime. In addition to proving a thorough understating of cybercrime, this study conducts an in-depth policy analysis of selected ambiguous government policies preventing cybercrime. This thesis also discusses why these policies are ineffective in combating the increasing risk posed by cybercrime and provides recommendations on improving these policies.
Significance of the research. 6
Cyber crime policy research. 7
Computer fraud and abuse act 14
Presidential/executive orders. 17
Strategies for combating cyber crimes. 18
Emerging trends in cyber crime prevention. 32
Barriers to implementing effective strategies to fighting cyber crime. 33
Cyber crime prevention policies. 35
Computer fraud and abuse act 35
Presidential/executive cyber crime policy. 40
Introduction
Cybersecurity has drawn significant attention from the media, experts and the government in the last decade. This is due to the essential role that information and communication technology plays in businesses and both private as well as public organizations. The internet forms a platform, which major infrastructures are, based on the modern advanced technology that includes transportation, energy, communication, national securities among several others. However, Cyber crime has emerged to be a persistent challengeto all the sectors relying on the internet that authorities must strive toaddress. Studies have revealed that organizations, both public and private, have had to contend with huge losses arising from instances of cybercrime attacks. Prasanthi and Ishwarya (2015) define cyber crime as any activity thatis computer mediated and considered illegal targeting the security of computersystems and the data they process. Due to the need of protecting such importantinformation, the government has implemented various policies to combat therising threat of cyber crime. Cyber crimes are of different types hence requiringa different approach to address them effectively. They include financial crimeswhere criminals target to get credit card numbers of their clients using fakewebsites and products, marketing strategies selling illegal drugs and narcoticsonline. Email frauds are also an example of cybercrime where hackers target to send unwanted emails with wrong information to ruin his/her repetition and fund transfer fraud (Broadhurst et al, 2014). In addition, other cyber crimes include funds transfer fraud where hackers divert funds from originally intended accounts of unsuspecting individuals to different accounts (Prasanthi &Ishwarya 2015) despite the threat posed by cybercrime to the government, private and public sectors, ambiguous policies remain one of the biggest challenges in combating cybercrime. Ambiguous policies make it difficult to enforce laws and regulations enacted to combat cybercrime. This study aimed at identifying ambiguous government policies and their impact in preventing cybercrime.
Statement of the problem
Cybercrime has become a huge problem for organizations especially in maintaining datasecurity. Due to the rising threat of cyber crime, several government policies havebeen formulated and directed to combating the threat of cyber crime. However,some ambiguous policies hinder effective prevention of cyber crime (Dashora, 2011). Theresearch therefore indentified ambiguous government policies and their effecton cyber crime prevention.
Research questions
The current study was guided by the following questions:
- What are the policies enacted by the government to address cyber crime prevention?
- How do these policies hinder effective cyber crime prevention?
- What are the emerging trends of cyber crime in the modern world?
- What is accessible from the outlook of current cyber crime policies that can be used for future planning?
Significance of the research
By detailing existing ambiguous government policies related to combating cybercrime, this thesis provides an understanding of how such policies can hinder effective prevention of cybercrime. In addition, it delineates how such policies aimed at stopping cyber intrusion have failed to achieve their purpose because of over-focusing on cybercrime criminals rather than addressing the direct threat of cyber intrusion. Policies focusing on cybercrime criminals have proven ineffective as emerging technologies are making it hard to identify the actual persons behind cybercrime attacks.
Literature Review
Cyber crime policy research
The government of theUnited States recognizes the threat that cyber security poses to the national security as well as development. The government has come up with various policies that aim at preventing the threats of cybercrime (The White House,2016). According to Sherman et al, (1998) whereas all the policies are formulated to combat the threat of cyber crimes, some work while others do not. Majority of the policies that do not work have not been evaluated through scientific research processes and therefore have little evidence to back their workability. Other policies that have failed their purpose are ones that require excessive resources to implement (Sherman et al, 1998). According to Sherman et al (1998), formulating effective policies, therefore, requires policymakers to have a thorough understanding of how the internet and the cyber world work. In addition, they must have sufficient knowledge of the factors that cause and facilitate cybercrime. Kumar & Shah, (2014), note that Cybercrime criminals are also coming up with new methods and ways to overcome the various restrictions that are put in place by polices targeting to reduce the threat of cybercrime. Therefore, Kumar & Shah (2014) argues that policies aimed at preventing cybercrime should be regularly updated to ensure that they cover the emerging new threats. According to Broadhurst et al, (2014) cybercrime as a global crime faces a great challenge in tracing the criminals involved as well as their location. This makes most of the policies targeting global cybercrime effectively. It also becomes difficult for policymakers to factor in the motivations of criminals who commit cybercrime on a global scale (Broadhurst et al, 2014). Another major challenge facing the department of homeland security resulting from cybercrime is an illegal interception of information as unauthorized people gain access to sensitive data. This has, in turn, created more problems for homeland security as they have to protect sensitive information from hackers who have the capability of destroying or altering sensitive data on criminal activities (Poonia et al,2011).
The United States department of homeland security is responsible for operating the national cyber alert system. The department is also responsible for building he national response systems on cyber crimes as well as protecting the nation’s critical structure. In addition, it regulates and implements government policies that are aimed at combating the threat of cybercrime (Levin & Ilkina, 2013). Therefore, any changes to the ambiguous government policies should start with the department of homeland Security. The United States has passed on several laws and regulations that accompany the policies formed to prevent cyber crime. Example of such laws is the electronic and communications acts which was passed in the 1986 to regulate disclosure of sensitivein formation. According to Levin & Ilkina (2013), despite some policies poorly implemented and failing to accomplish their purpose effectively, they are an indication of the government’s willingness to reduce the cases of cybercrime. According to Bucci etal (2013), the government has also put considerable efforts in the last 10years to preventing the threat posed by cyber intrusion through maintaining areliable, secure, interoperable and open internet. In addition, the government has formulated several policies on cyber crime that focus on protecting critical infrastructure, which include critical information systems from the threat posed by cyber crime. Other efforts by the government focus on improving the ability of victims to report incidences of cyber crimeto increase the response time to criminal incidences. The government has also reached out on international partners the world with the aim of promoting freedom, reliability and security of the internet. It has also aimed at maintaining secures federal networks through setting security targets and pressuring the responsible agencies to meet the set targets. The government has also focused on collaborating with the private sector and creating a workforce that is well aware of the dangers and the risks posed by the cyber crime.
Despite the positive efforts put by the government in preventing cyber crime, there are still notable failures on the policies that the government has adopted Bucci etal, (2013) indentifies the contributing factors that cause such failures of government policies in combating cybercrime. The factors indentified include the expanding and growing scope of hreats posed everyday from criminals who target the commit cyber crime. Inaddition, the restrictions by the United States constitution in protecting the interests and the privacy of the citizens limits the government efforts to search and track suspicious behaviors of potential criminals without violating their rights to privacy. According to Bucci et al (2013), the United States also faces new forms of challenges from Russia, China and Iran in their attempts to steal valuable information, data and innovations. Such threats backed by states are more sophisticated when compared to the individual criminals who have less motivation and capacity to cause a substantial threat to the governments’ critical infrastructure. They therefore require clear,timely and adequate policies to deal with such threats, which the government does not formulate in time.
Research on cyber crime
Numerous studies have been conducted with the aim of analyzing various government policies to combat the threat from cybercrime. numerous research has been conducted on cyber crime. Broadhurst et al. (2014) assesses the nature of the groups that are involved in cyber crime. The author notes that Cyber criminals are organized in groups and indentifying these groups can help policy makers tocome with effective policies to reduce the threat formed by the operations ofsuch groups. Similarly, understanding their organization can also help organizations and groups to come up with effective strategies and measure to combat the rising cyber crime threats as well. According to Casey (2011) the emerging trends in digital technology not only provides criminals with a easywork to indentify, target and executive their plans but also policy makers canuse it to their advantage. Through specialized training, policy makers can understand the possibilities in digital technologies to unmask the operations of criminals. This is essential in helping them avoid coming up with ambiguous policies that only address part ofthe problem and leave a huge part unsolved. Cyber crime is a global issue and essentially requiring global cooperation to address the challenge of cybercrime even more effectively. Therefore, policies formed by the government should first create a platform through which different states can corporate andaddress the challenge and a group rather than an individual countries. Cybercrimes covering a global context will first require laws and regulations inplace that makes it easy to track any criminal activity despite of their geographical location. However, such laws are different to promote because of different ideologies promoted by different countries and the competition to outeach other in terms of technology and innovation. For instance, the United States is facing a newthreat from the Russia, china and Iran where most of the cyber crimes directed towards the country’s critical infrastructure originate.
Lack of a common jurisdiction law on these countries makes it difficult to formulate effective policies that can aid in indentifying these criminals. The government offers the evidence of digital trends and takes an investigative approach to crimes that amount to the definition of cyber crime. In Choo (2011), the author explores the trends of cyber crime and gives a perspective on the future research direction. He explains the success attained so far and advises on how future research needs to be undertaken. Choo(2011)and McQueen (2006) analyzes the way various groups, authorities and businesses understand cyber crime and the management practices employed in combating theeffects of cyber crime.
Another major challenge facing the department of homeland security resulting from cybercrime is illegal interception of information as unauthorized people gain access to sensitive data. This has in turn created more problems for homeland security as they have to protect sensitive information from hackers who have the capability of destroying or altering sensitive data on criminal activities (Poonia et al, 2011). The department of homeland security workds with other federal agencies to combactcyber crime through initiating investigations on the activities of cyber crime, recruiting technical experts to address the threat of cyber crime, developing cybercrime prevention methods like technologies to address specific vulnuribilities on cybercrime. They also work effectively to responds and investgate inciedents of cyber crime(DHS,2016). Another new emerging form of cyber crime is identity theft. Identity theft has largely contributed to online fraud as criminals use false indentifies to perform online transactions. Indentify thefts has also worsened the problem of cyber terrorismand blackmail making hindering the efforts to prevent cyber crime (Rotich et al, 2014). Online businesses are the biggest contributors of spam, which is also an emerging form of cyber crimethrough forced advertising. Although they are not necessary harmful, spam messages are consuming much of the user’s bandwidth increasing unnecessary costs and time wastage for internet users (Rotich et al, 2014).
Research ndicates that the high rate of cyber crime results from carelessness as private industries and individuals underestimate the risk of cybercrime and therefore fail to take adequate measures to protect their information and sensitive data. In addition, over dependence by the government on centralized systems and lack of proper guidelines on protecting personal informationcontained in these systems has left millions of individual sensitive information vulnerable. In response to the increased cases of cyber crime,governments are investing millions of dollars in building cyber skills andcapability to as a cyber crime prevention measure (Dashora, 2011). Otherscholars have focused on the way cyber crime influences other issues in the modern society. For instance, Fatima (2015) explores the way cybercrime influences the practices in the apparent modern niche of E-Banking. Fatima explores the trends, the threats and the strategies of combating cybercrime in the E-Banking niche while also investigating the potential of biometrics in addressing cyber crime in the E-Banking niche. An investigation on the way cybercrime influences the victimization of women has also been conducted (Halder & Jaishankar, 2012). The authors explore the various circumstances in which women have been victimized through cybercrime attacks. Nelson, Phillips and Stuart (2014) have developed a guide to computer forensics and investigations. The authors point out to the past trends, the current initiatives and the future projections on the way computer crime and investigations should be undertaken. Poole and Sky-Mcllvain(2014) explore the current trends and recommend the way education should be undertaken in the modern age. Weisburd and McEwen (2015) recommend the way cybercrime should be mapped with the aim of developing and implementing strategies that will deter cyber crime. Stephenson and Gilbert (2013) offer aguide on the way cyber crime investigations should be undertaken. From the analysis of all the literature cited in the paper, it is apparent that there are strategies that work, and others that are ineffective in deterring and combating cyber crime challenges now and into the future (Putnam & Elliott,2001).
Viruses form the highest negative influence on users in relation to cyber crime. Majority of the internet users report viruses as their main threat as comparedto the number of people who report losing money in a survey conducted in 2012and 2013(McGuire,2013). Similarly, businesses report virus related problems astheir main threat on security incident. The samples were collected through random sampling. Statistics from police recordings on cyber crime on police department show that fraud as the most reported form of cyber crime. However,the data presented from the police cases is not separated into online andoffline therefore making the information hard to analyze. These presented the main challenge of conducting research-using data provided by the police. For instance, the police were more likely to record computers fraud as cyber crimewithout indicating if the crime was committed online or offline (McGuire, 2013).Majority of the research on cyber crime prevention are based on review of relevant literature and lack of adequate information on the field is one of the biggest challenges.Secondly, much of the information is obtain need from self-reports which asindicated earlier has the challenge on existent laws under which cyber crime is reported. Limited data on cyber crime and the emerging forms of such crimes as cyber terrorisms is thegreatest weakness of various researches on cyber crime prevention .In addition, the survey questions that are mostly used in the conducting these research are self selecting which implies that the information collected is limited in relation to the actual cyber crime. Similarly, most of the crimes are under reported by the victims and organizations due to the fear of negative publicity. Therefore, the actual information relating to cybercrime is with held by the victims, which greatly hinders finding an effective solution to the problem (Rotich et al, 2014).
Several modes are suggested to help reduce increasing rate of cyber crime. One is the KVIRUS model, which is a virus prevention model that aim at identifying virus according to their programs rather than software signature. Other models aim at identifying the cybercriminal through using the details of the internet service Provider ISP and usethe necessary laws to apprehend the criminal. However, with the current technology advancement, this is proving a little bit difficult as criminal have come with programs to avoid being detected (Rotich et al, 2015).MethodologyThe current study purposively selected cybercrime policies formulated by the United States to address cyber crime. The sampling criteria was Influenced by the scope covered by the policy, the resources required to implement the policy effectively and reported statistics related to the problem that the policy aims to address.Various resources that included presidential orders, state and federal laws and regulations were used as the primary data sources for analysis. The analys is evaluated existing policies to determine their ability in covering their intended goals. The study focused on the weakness and strengths of the undefined policies evaluating their flaws in curbing the rising threat of cybercrime. Although much of policies were worked during the time they were implemented, the emerging trends in cybercrime have made them in effective or useless. The study therefore adopted the policy analysis methodology to identify the flaws in the selected polices and recommending possible changes that can be adopted to ensure that the policies are effective in combating the rising threat of cybercrime through multi-goal policy analysis approach.
The multi-goal policy analysis approach involves selecting the impact of the goalsof the policy analyzed. The goals are indentified and accessed if they meet th edesired objectives set by the policymakers (Weimer & Vining, 2005). Next is predicting the impact that is expected with the modifications of the policy to achieve the relevant goals. The predicted impact from the policy modifications is valued as well as evaluating the modifications that are suggested for the policy. The current study focuses on understanding the current polices on cybercrime through evaluating their strength and weakness to recommend necessary changes that can make them more effective. The current study therefore involved gathering the information on the selected policies and analyzing to indentify the problems facing the policies and recommended changes. The research involved several steps. The first step included defining the problem of cyber crime andindentifying various challenges that the current policies face when trying toaddress the threat. The next step was analyzing sufficient evidence to supportthe problem through evaluating the current policies to the problem. Thepolicies analyzed include the computer and abuse act, the wiretap act, variousnetwork crime statues that include the access to stored information, identitytheft act and the can spam act. The study also analysed the presidentialexecutive order by president Obama on cyber security. The analysis consideredif the policy promotes effective management of cyber crime based on theinformation obtained from various primary data sources used by the study. From the information obtained, severalrecommendations were then made to the current polices to make them moreeffective in combating the threat of cyber crime. Policy analysis is used innumerous researches. It has several advantages as well as disadvantages as a research method. The advantages include its ability to consider various choices and options. It is also more flexible for application on data that is not quantifiable. The disadvantage of policy analysis as a research method is that it does not achieve the scientific accuracy as other research methods because of it depends on the analysis of the policy analyst and is likely to be biased depending onthe opinion of the analyst. In addition, lack of adequate research and information may also be a challenge to using policy analys is as a research method.
Analysis
Computer fraud and abuse act
The computer fraud and abuse act were enacted by the United States Congress in 1986 in combat the unauthorized use of computers and networks. According to the law, it is illegal to access information and data stored by computers without being authorized. The motive of the policy was to curb the trespass to government and financial institution computers. However, the policy was broad and was amended by the Congress to include the federal computers and networks to provide the authorities with a clearer statement in implementing the policy. The amended policy limited investigations at federal level to only federal related interests in cybercrime activities. The policy was further amended to include fraud and property theft facilitated through illegal computer use. This amendment was influenced to combat the distribution of malicious codes and software that could cause damage to critical infrastructure. The policy included intentional altering, damaging or destroying information that belongs to otherparties. Further amendments were added to the computer and fraud acts were further amended to include traffickingpasswords and other sensitive information that can facilitate accessingunauthorized information.
The amendments were further added to the acts to increase the effectiveness of the policy due to the increased supplication in computer technology. In 1988, the amendment was to the act that required information accessed illegally must be through an interstate or foreign communication. The effect of theamendment was increased jurisdiction on prosecuting cases that involvedcomputer information on protected computers. The 1990-2008 amendments closed an existing gap in the law that required loss resulting from the crime to exceed $5000 and 10 or more infrastructure. They also Increased threats to steal information disclose stolen data publically or failing to repair the damage resulting fromthe offense, made it a cybercrime to conspire to hack confidential information or data and expand the definition of protected computers to computers used inforeign or interstate communication or commerce. In addition, the amendmentsprovided a mechanism through which property involved in cyber crime acts couldbe forfeited by the states (Department of justice, 2015)
The wiretap act
The wiretap act was amended by the United States Congress in 1986 to include electronic communications from the omnibus crime control and safe streets act of 1968. The makes it a cyber offense to tap into any communication, disclosing or using the material that has been illegally intercepted unless for prosecution and investigative purposes by united states law enforcement agencies (U.SGovernment Publishing Offices, 1986). This act was influenced by the increased illegal access to information by criminal through spy software, email cloning, and intrusion equipment from the computer of an unsuspecting victim. The policy includes cyber crimes that committing by illegal intercept of communication by criminals unless explicitly stated for the prosecution and investigative purposes.
Network crime statues
Access to stored information act 18-U.S.C 2701
The acess to stored information act enacted in 1986 added provisions of protecting stored electronic communications. The act aimed to prevent access to information after it was retrieved by the recipient and an addition to the intercept act that prohibited illegal taping of communication while it was under transmission. The acts prohibit intentional access of storage information or without authorization. The act does not include electronic billboards which public can access information. The penalty for the violation of the act include up to a two years imprisonment (Department of justice, 2016).
Identity theft act
The identity theft was enacted by congress in 1988 and made it a federal crime to use or obtain identification of another person and use it for fraudulent acts. The identity acts was enacted to reuce fraud in commerce and provide a framework through which violators could be prosecuted. The identity act of 1998 also targeted use of other peoples identity to commit drug trafficking or conspiracy. The act was passed by the House of Representatives in October 7 and approved by senate by October 14(Federal Trade Commission, 1998).
The can spam act
President George w bush passed the Can-spam act in 2003. The act makes it a criminal offence to send spam commercial email without the regulation of the federal trade commission. The act makes it an offence to send email with misleading header information or containing adverts but does not provide a notification of the content to the recipient. In addition, the act also prohibits sending mails without correct addresses and for commercial emails (Federal Trade commission, 2008)
Presidential/executive orders
President Barack Obama issued a presidential directive addressing the malicious activities that constitute cybercrime in April 2015. The presidential order was inresponse to the increased cyber crime activities including to the national security and critical infrastructure. The orders make it an offence to engage in any malicious activity that can aid cyber crime and the consequences includeblocking the property of the involved parties. The order also directs theattorney general and the department of homeland security to formulate rules andregulations that will ensure that the policy is implemented effectively (Thewhite house, 2015). The april 2015 exuctive order builds on the previousexecutive orders given by president Obama in 2012 in combating the threat ofcrime. it also the most comphrehesive executive order on cyber crime.
Discussion
The United States has implemented several policies in the last two decades aimed at combating the threat of cybercrime. The average user is at the high risk of experiencing cybe crime if he/she is not careful in the way they handle their sensitive information online. With the increasing threat from cybercrime, there is need for government policies addressing these challenges through means that are both effective and adequate. This is because Cybercrime is not only threatening national security and infrastructures but also the individual security. Such policies should enlighten organizations and the public who are most vulnerable to cyber crimes in addition to the government.
Understanding cybercrime
Types of cyber crimes
The main types of cyber crimes experienced by several organizations include Computer systems attacks, Cyberbullying, Spamming or phishing emails Use of prohibited/ offensive or illegal content, Material related to sexual abuse on children, Online cases of fraud and swindles and copyright related offences.
Strategies for combating cyber crimes
Due to the increased conne ctivity brought by modern technology, cyber crime cases have significantly increased. Therefore, organizations are coming up with various strategies in addition to the policies formulated by the government to combat cyber crime. These strategies can be classified as legal, technological and educational/awareness. Legal strategies focus on avoidances of cyber crimesby discouraging cyber crime criminals from committing crime through tough legal measures and penalties. Technological strategies focus on making it difficult for criminal to commit cyber crime as well as enhancing security of information and data. Strategies based on creating awareness of cybercrime and datasecurity.
Table 1: strategies used in cyber crimeprevention
| Common strategies implemented in combating the threat from indentified types of cyber crimes. | Percentage (%) |
| Installing latest security patches & antivirus | 80 |
| Using updated operating systems and computer applications | 40 |
| Requiring employee to posses basic skills on preventing cyber crime | 30 |
| Reporting cyber crime incidence to the police | 50 |
| Password protection | 60 |
| Maintaining a strict validation for data input | 50 |
| Monitoring processes & procedures of external contactors | 45 |
| Performing regular security scans to networks and computer systems | 40 |
| Implementing a network security architecture | 60 |
| Comparing organizations network outbound traffic with baseline operations | 30 |
| Holding workshops on cyber crime | 30 |
| Taking civil actions to violators of company policy on computer systems | 20 |
| Involving ethical hacking to test security of organization systems | 30 |
Legal strategies
The government and the law enforcers have a wide responsibility in reducing cybercrime. Due the critical role that ICT plays in the country and in every in dustry, it faces numerous challenges and threats that require legal steps in designing effective strategies to reduce cyber crime. Fighting the threat if cybercrime requires establishments and reviewing of the available legal infrastructure including updating the criminal laws procedures and regulations that deal with the cybercriminals. Among the legal strategies that can help combat cybercrime include passing necessary legislations on security of electronic communications. Others include enhancing current laws on fraud ulentcomputer use and computer systems use to make it easy to prosecute cybercrimes. Current laws require hard evidence which is sometimes hard to obtain considering the innovative ways employed by cybercriminals to delete evidence of their activities. Laws on protecting personal and private data should also be passed as a measure of reducing cybercrime. Lastly, necessary legislations on certifications and digital signatures are essential as a legal approach in reducing cybercrime.
The principal aim of legal strategies in fighting cybercrime is making the internet much safer by discouraging criminals from participant in criminal activities due to strict penalties that are set ( Choudhury et al,2013). The United States has several regulations on the use of computer and computer technology. The legal regulations play a strategic role in reducing instances of cybercrime. In Addition to implementing the necessary legislation to combat the threat of cybercrime among the public sector, a proper crime reporting mechanization should also be put in place. The biggest challenge in prosecuting cybercrime cases is gathering of evidence depending on the scope of crime. The existing legal systems require hard evidence that may be hard to obtain in the context of computer technology as criminals rarely leave their marks, which can be used to track them( Choudhury et al,2013).
In addition, the long process and the cost involved in reporting and investigating cybercrime discourage individuals from reporting such cases to the relevant authorities (Rantala, 2004). Therefore, there is need for promoting the use of online reporting system to encourage organizations to report cases of cybercrime attacks. An online system will not only create a simple mechanism through which cybercrime can be reported but also make it easy to alert law enforcers of any suspected criminal activities and violations of the set regulations even more easily. An online platform for reporting cybercrime will provide central repository when both organizations and authorities can reference the laws and the context in which they apply regarding cybercrime. An online system for reporting cybercrime will also provide a central database to monitor criminals convicted of cyber crimes and will discourage potential criminals from engaging in such spurious acts.
Another legal strategy that is applicable in reducing cyber crime threat is increasing collaboration in the international private sectors in the nations across the globe (Brown, 2015). Despite the internet connecting different parts of the globe, organizations rarely cooperate to monitor incidences of cyber crime attacks in their areas. Organizations need to strengthen their cooperation behold the physical barriers that the cyber world transcends. Criminals take advantage of this lack of cooperation to use the same techniques or commit the same cyber attacks on different organizations without being easily detected. Countries need to create legislations that create a framework of International cooperation among the private sectors. Such collaboration will address the increasing threat of cybercrime attacks that has significantly increased due to social media and adoption of cloud services technology. Collaboration between different organizations will also make it easier to prosecute cyber crime cases because criminals maybe located miles away from the actual crime scene. Information that is critical for conducting such investigations can easily be obtained through such collaborations.
Implementing a legal framework that will enable the collaboration strategy will provide the necessary jurisdiction that is required for authorities and law enforcers to conduct investigations on cybecrime. It will provide an easy access to important information located in another country required for investigations of cyber crime cases. Lacks of collaboration creates a challenge for authorities investigating cybercrime incidences especially when the criminals involved are from a different country. However, there has been an increase with many global institutions like the United Nations General Assembly adopt legal strategies t combat cyber crimes threat on an international platform.
Technological strategies
Majority of the organizations and business rely on technological strategies to combat cybercrime. The technological measures included applying latest security patches, up to date antivirus, operating systems and computer application, password protection, maintaining a strict validation for the data input, monitoring the processes as well as procedures of external contractors who have access to the organizations computer systems. Others include performing regular scans to the network securities and activities, implementing a network security structure and comparing the traffic accessing the organizations network with its baseline operations (Byrne &Marx, 2011).
Technology plays an essential role in formulating effective strategies to keep private industry organizations safe from the threat of cyber crime. Effective strategies to employ in preventing cyber crime depend on the type of crime if its computer enabled or computer dependant. Computer enables crime refers to the traditional form of crime that has been facilitated by the existence of anew technology. The computer dependent crimes require a computer in order to exist. Technology plays an essential role in aiding cybercrime and is therefore the main targets for the organizations and criminals as well to enhance their security. Best strategies to prevent cybercrime should revolve around technology. The following concepts are essential in developing technological strategies to combat the threat of cybercrime.
Amplifying force
The damage that criminals can cause with technology is much more when compared to those without. The concepts therefore targets reducing the criminal’s access to digital technology and subsequently prevent cyber crime. It is therefore essential that organizations adopt the use of technology to prevent cyber crime. Embracing technology will ensure updated security measures that can counter the technology used by criminals to commit cybercrime(Byrne & Marx, 2011).
Creating entry barriers
The main aim of such strategies is to create a barrier for criminals to reduce their access to computer systems and cause damages. An example of the cyber creating barriers strategies is preventing the copyright of media content using modern technology(Byrne & Marx, 2011).
Strategies based on training and creating awareness of cyber crime to employees
Other strategies used by organizations focus training and creating awareness on cybercrime to their employee as an important factor in controlling cyber crime. The organizations in dentified the need for more training and creating awareness for their employees on information security because the increasing accesses to technology meant more risk especially to low awareness users. The number of internet users has significantly increased with the availability of high computing device that have the potential to access the internet from every part of the world. Private industries have also embraced the use of internet networks in their operations increasing the risk of cyber crime attacks. Despite the high uptake of technology, organizations in the private industry provide little training for their employees on the risks associated with such technology. This has made them easy targets for cyber crime criminals. Spreading awareness on cyber crime is an effective strategy, which can effectively help to reduce the rising cases of cyber crime in the private industry. Some of the cyber crime attacks on computers and computers sys tem of many organizations are because of low awareness of the employees and users using the internet.
The private sector should build the technical capacity to handle cyber crime by setting up necessary technical infrastructure that also aids the employee to report cyber crime. In addition, they there is need organizations to implement training in cyber forensics to specialized employee to enable them detect cyber crimes early in advance and put up necessary measures. Employees should be equipped with the necessary skills to understand technological evolution as well as the threats and vulne abilities related to cyber crimes.
The environment through which the organization works is very essential in preventing cybercrime. It is therefore important that the private sector trains their employees on keeping safe working environment to reduce incidences of cybercrime. A good working environment will also ensure that employees can easily indentify the psychological behavior of a cyber criminal. Cybercriminals will often look for new ways to exploit the potential victim that can be detected early with by employee through proper training and awareness. A positive working environment will promote proper handling of knowledge and digital evidences that can aid in cyber crimes investigations. Without proper training, employees may unknowingly contaminate digital evidence or store it in poor conditions, which may make investigation seven more challenging. Where technologies are not sufficient to help employe detect cybercrime threats, special training can provide alternatives that employees can rely on in the absence of technology.
Figure 1: A grouping of various strategies implemented by organizations in preventing cyber crime.
The growing importance of information security and the rising risks of cybercrime threats are making it necessary for organizations to embrace training and educations awareness for their employees. Such programs can be lanced through ICT departments in most organizations and the progress of such awareness program strategies to be monitored regulars to ensure that employees are updated of the emerging threats from cybercrime.
Digital technology has made it difficult to track and reveal the Identity of the cybercrime criminals. Various measures or strategies that are effective in preventing cybercrime depend on the nature or organization of the cybercriminals. According to Broadhurst (2014), organized criminal groups as cybercrimes require a high degree of specialization and organization . Therefore, the highly specialized nature of the groups has only left the government and the authorities speculating on their activities. Over 80% of the crime is likely t obe committed by organized groups. These groups can be organized into traditional hierarchal organizations or networks.The figure below demonstrates groupings of cybercrime organizations .
Figure 2: cyber crime criminals groups
The groups are further divided into types. The first group is known as type 1. It is subdivided into swarms and hubs that essentially operate online. Swarms are less organized and comprise of grouped networks that have a common purpose but lack organized leadership. This group of cyber criminals are commonly influenced ideological ideas shared online like hate crime and political activities. On the other hand, the hubs are more organized and have a clear structure of command. They engage with diverse online activities that include piracy, botnets phishing attacks and sexual offenses. The other group is the type II group. They are divided into clustered hybrid and extended hybrid.Clustered hybrid involves small groups of people that are that have targeted activities or methods. This group operates both online and offline and mostly involved incredit card and data fraud. The extended hybrids are less centralized. The group involves several associates coordinating to ensure that their operations are successful. The third group or type III group essentially operates offline but use online platforms to facilitate their activities. They operate in hierarchies and their main activities include malware attacks and blackmailing. The group is also subdivided into aggregate group that are temporal and lacking a clear purpose. Understating the structures of cyber crime criminals can easily identify the best effective strategies to prevent attacks from eachgroup by an organization.
Identifying cyber crime criminals groups make it easy to identify the threat arising from each group and the risk they pose to an organization to come up with effective strategy to prevent the threat. In addition, disorganized groups pose minimal risk when compared tothe well organized crime groups with a clear command structure to coordinatetheir activities. Comparing the online hybrid and the offline groups, thethreat posed by each group depends with how an organization operates if it isonline based or its activities are based on the offline. Online businesses havethe highest risk to cyber crime when compared to offline businesses.
Most organizations implement technological strategies in preventing cyber crime. Technological innovation is the leading force in cyber crime prevention for organizations and individual citizens and indentified most effective. They can be sub divided into two types that include the soft-based strategies and hard based prevention strategies (Byrne & Marx, 2011). The hard based information strategy aim at using the various intrinsic features to preventing or making it difficult cyber criminals committing cyber crime. Some of the hard prevention strategies that were identified by the study include use of antivirus, use of updated operation systems and applications and password protections among several other measures. Figure 1 shows that Majority of the organizations use hard prevention strategies to prevent cybercrime threats. However, some of the hard prevention strategies are largely infeasible because the criminal activities that they target are hard to differentiate from non-criminal activates based on the purpose and context that the crime that likely took place.
It is therefore necessary for organizations to implement architecture or protocols that resist misuse from in appropriate users. Similarly, hard prevention structures encourage internet-connected devices to act depending on the nature of the environments to reduce chances of intentional manipulation especially by potential cybercrime criminals. The conflict of privacy is another factor that faces the effective implementation of hard prevention strategies on privacy and accountability. For instances, some of the cyber attacks identified by the study was committed by organization employees.
On the other hand, soft prevention strategies include disincentives to discourage criminals from committing cyber crimes. This includes the legal strategies and the strategies based on training and creating awareness to prevent cybercrime identified in the study. According to Clarke et al, (1998) soft strategies include clearly defining actions, which an organization may term as criminal in its environment. In addition, raising public or employee awareness on cybercrime through education seminars, workshops and other training activities is an example of soft prevention strategy. Others include promoting effective investigation and prosecution of cybercrime criminals by reporting their actions to the police or various non-governmental organizations that focus in preventing cyber crimes.
Preventing cybe crime through soft prevention strategies requires that the organization shave Cleary defined boundaries on factors constituting an offence and under which context. This can be achieved by educating employees of an organization and creating awareness on where the boundaries lie and possible punishments or legal measures that accompany such boundaries. The challenge of soft prevention st rategies that involve me asures as identified in the study is collecting sufficient evidence to preset to the co urt to prosecute cyber. Another disadvantage is that due toadvance d technology and technical knowledge of cybercrime criminals, it makesit difficult to identify the real culprits behind the offence (Clarke et al, 1998). Therefore,the success of legal strategies is subject to the capability of the legal authorities’ to conduct effective investigations to detect the criminalactivities and the offender of the crime. According to Casey (2011), digitalevidence can be applied for investigative purposes in indentifying cyber crime offenses and the offenders. Cyber crime is different from convectional crime.Therefore, the strategies that are involved in convectional crime are difficultto implement in fighting cyber crime because the offenders can be based faraway from the scene of crime (Poonia et al, 2011). In addition, cyber crime isillegal interception of information that is illegal as people intercept such information and gain unauthorized access for the information or data.
Therefore, to support the effective application of the indentified legal strategies, there must be adequate law reforms aimed at preventing cyber crime threats. Traditional laws can no longer match with the innovative modern technology and therefore inadequately deal with cyber crime. The law enforcement agency and judicial communities need to develop new skills to handle cyber crime cases effectively. The technology has complicated the regulatory and jurisdiction of cyber crimes as the systems the internet links users all over the internet. For instance, an online payment company based in the United States or any company using online payments may be serving customers in china. The jurisdictions of the applicable cyber crime laws applicable for these two parties are very different. There is therefore a need for adopting a global stand on cyber crime, as it is the case for terrorism.
Therefore, the study indentified that technological strategies were the most common among many organizations in preventing cyber crime. In addition, numerous resources considered for the study support such strategies as the most effective in dealing with cyber crime. However, organizations should also create awareness and educate their employees on cyber crimes. This is essential in ensuring that they exercise caution with sensitive data to minimize risks of such information landing on cyber crime criminals. Research indicates that the high rate of cyber crime results from carelessness as organizations and individuals underestimate the risk of cyber crime and therefore fail to take adequate measures to protect their information and sensitive data. In addition, over dependence by the government on centralized systems and lack of proper guidelines on protecting personal information contained in these systems has left millions of individual sensitive information vulnerable. In response to the increased cases of cyber crime, governments are investing millions of dollars in building cyber skills and capability to as a cyber crime prevention measures.
Emerging trends in cyber crime prevention
Cyber crime is evolving at a very fast rate due to advancement of computer and information technology. Similarly, the society is also evolving with regard to technology use and Innovation. This has led to continued expansion of cyber crime activities when compared to the traditional definition of cyber crime activities in the last decade (Shehu, 2014). The emergence of social media sites has expanded the environment through which cyber crime can be committed and led to new forms of crimes as well. Reputation damage is a new form of emerged cyber crime that has rooted itself in the social media costing organizations, governments and individuals millions of dollars to reduce the damages. Economic crimes have significantly risen with organized cyber crime groups organizing well funded into company systems using technologies to committee fraud. A new network known as the dark web has emerged where such information like credit card numbers is sold has made it difficult for authorities to detect the new form of cyber crime as the criminals no longer use normal activities to commit fraud.
Espionage is another form of emerging cyber crime where the valuable intellectual properties of an organization like research and development files are stolen (Shehu, 2014). The theft of intellectual property belonging to organizations has caused them to lose millions of dollars. In some instances, cyber criminal have grown so cunning that the victim may not even realize that tones of valuable information is stolen until the damage is irreversible. The victims begin to realize that their intellectual property have been stolen when they begin to realize counterfeit products in the market as similar technology that is slightly modified. Activism is another emerging form of cyber crime. In this case, hackers are backed by supporters who are fighting for an ideological cause. A good example of activism crime is wiki Leaks where sensitive and crucial information especially for government agencies and security organizations are exposed to the public by hackers who intend to compel the government or the victim to pressure.
Another form of emerging cyber crime is cyber terrorism. In this type of crime, terrorist groups have turned to attacking private or government organizations or even critical national infrastructure to disrupt services or cause damages. Cyber terrorism is posing a serious threat to governments and security authorities, which have turned to offering critical services to the citizens using networks or internet. The systems that are prone to cyber terrorism crimes include communication networks like telecoms and financial systems that are heavily reliant on the internet (Shehu, 2014). Cyber welfare is also another form of cyber crime that is emerging. In this type of crime, states and governments attack other states or private sector organizations and steal information and valuable data.
Barriers to implementing effective strategies to fighting cyber crime
Despite organizations being aware of the significant risk posed by cyber crimes, some have still not taken necessary measures to prevent such threats. In some instances, barriers exist in the way of implementing these strategies, which may render them ineffective. The first barrier is lack of cooperation between organizations, government agencies and business partners concerning the cyber crime. Every organization has to maneuver its own threat in despite that the same techniques are used to target different organizations every day. Similarly, coordination lacks between the government authorities and organizations in fighting crime. This has caused organizations to spend numerous resources, which could be saved if they come together and address the problem of cyber crime as one.
Poor communication is also another barrier preventing the implemented strategies on cyber crime to work effectively. To avoid negative publicity, organizations are avoiding disclosing their information on cyber crime. This gives the attackers an advantage to apply the same technique to attack as a many organizations as possible and hindering a swift response to emerging threats and cyber crime activities.
Ignorance and negligence is another barrier for implementing strategies to prevent cyber crime. Some of the organizations are aware of the security risks that exist with their environment and do little to resolve such problems. This is giving cyber crime criminals an easy time to advance their activities without applying much effort. Examples of negligence includes failing to deactivate access to a an organization data by a former or fired employee, maintaining same passwords for a long period of time, sharing sensitive information like credit card numbers in unsecured networks. Other acts of negligence include lack of clear guidance policies and protocol on the accessing organization information especially sensitive data. This has led to increased cases of security breaches as hackers gain access to sensitive information through any access to the system. Without such protocol in place, organizations are bound to incur more losses from cyber crimes. For instances, a criminal with authorization can use the computer for activities that are behold the intentions of the authorizing party constituting cyber crimes. It becomes difficult to prosecute such criminal cases because the criminal did break the policy as his actions were within his allowed authorizations. Such cases hinder effective prevention of cyber crime results to criminals facing fewer penalties that are not equivalent to the damages and risks caused by their actions.
Cyber crime prevention policies
Computer fraud and abuse act
Despite the numerous amendments on the original acts, the computer fraud and abuse act remains ambiguous in combating cyber crime largely due to the current technology that has significantly advanced. The policy lacks clarity on the penalties for the acts increasing the possibility that cyber criminals charged with this act receive low penalties that are not equivalent to the damages arising from their activities. In addition, the act does not exclusively specify the relevant authorizes to enforce the act. This has caused conflicts between various law enforcement agencies at both the state and the federal level. In addition, the protected computers are only interstate or foreign computers only used by financial institutions and the government for communication and commerce purposes. There definition of protected computers indentified in the policy limits its applicability to government and financial institution computers. Therefore, majority of the computers that are facing a huge threat from the cyber crime attacks are not covered by the policy. The policy also does not explicitly require the proof on the ways that the criminals used to access the protected computers. In addition, it does not specify if the crime covers the use of the computer to access the internet or the internet to access the computer creating a wide gap in implementation of the policy. It is therefore only illegal to use a protected compute to access the internet and communication purposes (Jarrett & Bailie, 2015).
In order to reduce the discrepancies created by the policy, congress amended the act in 2008 to include explicitly computers not connected to the internet but used for government and financial institutions. This is because some computers are not connected to the internet due to security reasons but are used for the specified protected computer purposes. Similarly, the acts was further amended to reduce its ambiguity by specifying that the act also includes the computers that are outside the united state but used to restricted purposes. The amendments were influenced by the increased cyber crime activities with criminals outside the United States who hack the protected computers from a foreign country (Jarrett & Bailie, 2015). The act is also ambiguous on the definitions exceeding limited authorization and without authorizations. Both instances refer to the insiders and the outsiders accessing the information or data from protected computers. The policy therefore unequally applies to criminals differently depending on weather they are insiders or outsiders. The policy raises a crisis on the border between allowed authorization with limitation and without authorization, which in several instances are difficult to prove
The wiretap act
The wiretap act policy creates a wide gap in its implementation because criminals can argue that they intercepted communication while conducting their personal investigations. The policy therefore creates a crisis on the nature and the context through which the policy can be applied. The policy also creates a challenge when implemented on computer usage. Computers have the ability to hold recorded information through text form, which can be easily accessed later. According to the policy, such act is not covered in the act presenting a wide gap through which criminals can use to commit cyber crime.
According to the policy, it is only illegal to obtain a copy of unauthorized information n or data only when it is being transmitted. Therefore obtaining such information after its destination is not intercept. However, such data or information may still be holding critical and valuable information that can cause significant risk to critical state infrastructure. The technology has long evolved past the era of telephone wiretaps when the policy was excellently effective. Similar to the computer abuse act, the policy is affected on intercepting communication that affects interstate commerce. The policy therefore creates a crisis where criminals can argue that their activities did not contradict the interstate commerce as indicated by the policy. For instance, a suspect charged by intercepting signals between the keyboard and computer was dismissed was dismissed as cyber crime because it does not involve intercepting electronic communication as provided for in the policy (Jarrett & Bailie, 2015). The policy therefore provides for prosecution of criminals who use malicious software to intercept emails and other information or data from a victim’s computer during its transmission. According to the policy, it is also illegal to disclose intercepted information or data. However, it does not an affect the disclosure of information that has already been shared to the knowledge of the public. However, lack of clarity on the conditions and context through which the intercepted information or data can be disclosed creates ambiguity in implementing the policy.
Networks crimes statues
The network crime statues policies are limited to devices through which access of information or data can be regarded as cyber crime. For instance, accessing home computers does not amount to a cyber crime according to the policy. In addition, the policy also criminalizes altering or changing information that can cause the loss of authorized access to the information. The policy is ambiguous because it definition of storage information limits the scope though which accessing such information may be regarded as cyber crime. The broad interpretation of electronic storage creates a gap through which numerous cyber crimes related to cyber crime can be accessed illegally and criminals still avoid prosecution.
The policy on illegal access of information or data in electronic storage is ambiguous because it does not include the access to such information or data by the parties providing the storage services as contravening the policy. There are numerous incidences when information storage providers have been involved in cyber crimes activities but cannot be prosecuted due to the ambiguity of the policy. The policy criminalizes intentional transfer or use of another person identity without his consent as a cyber crime.
Another form of cyber crime is identity theft. There are several laws enacted on identity theft to combat the increasing unlawful use of identification information to commit fraud. The policy can only be applied with prove that the criminal intentionally used a false identification that belonged to an actual specific person. Cyber criminals have gone round through such ambiguous requirement of the policy and committed cyber crimes by using identities that do not belong to any specific person. This policy has therefore created a challenge in its implementation for combating the threat of cyber crime.
The can spam act
The act was enacted by congress in 2003 creating a policy to prosecute criminals who sent spam emails especially when the criminal does not disclose his/her identity. Email spams have become very common and used by criminals to steal confidential information from unsuspecting victims. Although there is several have with capability to filter spam emails, the act provides a legal avenue that the victim can utilize t ensure that the criminals face justice. The spam acts also prohibits transmission of sexual content in spam emails without providing notification on the type of content contained I n the email. However, the spam act is not usually utilized on several incidences because of the ambiguity in the policy. The act applies for commercial mails leaving personal or non-commercial emails out of the policy coverage. It is also important to note that the spam act does not only apply to emails but also to messages sent through the social networking sites (justice.gov, web). The policy also applies to falsified material but requires adequate proof that the material was falsified. The policy has created a crisis on the definition of spam messages. One court interpreted that messages that contained the correct address of the sender and links to unsubscribe from receiving such mails cannot be categorized as spam. In addition, the act also criminalizes multiple emails sending with the same content. Multiple applies to than a hundred mails in one day or one thousand in month. Cyber criminals have found a way of going through the act by including their addresses and links to unsubscribe from such messages and use such emails for commercial purposes or to trick unsuspecting victims to sharing their personal information. Majority of the cyber crimes committed under this act are not reported, as users prefer using the software to filter unwanted or spam messages from their inboxes.
Presidential/executive cyber crime policy
In addition to the legislations passed by the congress and federal statutes, the president has the powers to give out orders on prevention policies on cyber crime. Some presidents have utilized these powers to create policies on preventing the threat of cyber crime where some worked and others have failed. Since taking office in 2009, president Obama has pushed several policies aimed at combating the rising cases of cyber crime. Obama released his proposal policy to deal with cyber crime in May 2011 that focused of protecting the American citizens, critical infrastructure, federal networks and privacy and liberty of private individuals from the threat of cyber crime. The first part of the policy made it necessary for private sector to disclose cyber crime attacks to consumers. This was due to enable consumers take measures to protect their personal information that is held by the attacked organizations and business. The proposal sought to harmonize the state laws with the business policies to protect the public interest whose data has been compromised by cyber attacks.
The second part of the proposal aimed at the country’s critical infrastructure from cyber crime. The proposal required that the congress provide legislations on assisting the private sector, government agencies from the DHS through sharing of information on cyber crime and trouble shoot the threat arising from cyber crimes. The president’s proposal also included provisions to protect computers and networks that were used by the national and the state governments. The proposal required that the DHS (department of homeland security) provide resources for the federal networks as well as the civilian networks. Lastly, the proposal sought to create a framework for granting individual privacy and liberty adequate protection from cyber threats. However, president Obama’s proposal did not get the full congress approval due to the concerns raised by the digital rights group that it would intrude in the right of privacy for the American citizens (Bessant, 2014).
The Obama administration has attempted to resurrect the sharing of information on threats regarding cyber crime by private and government institutions with the department of homeland security. Despite the concerns raised on such a policy, it would be an effective way of combating the threat of cyber crime. This is because lack of sharing cyber crime threats information has only worked to the advantage of the cyber criminals. In addition, sharing such information can keep the public well informed on the trend of cyber crime attacks helping them mitigate the damages or losses should their personal information and data be compromised. The president has also sought support to increase the government spending in cyber crime prevention as well increase the capacity of the government institutions to fight cyber crime. After the failure by the congress to approve the president Obama’s proposal into legislations, the president in turn issued executives orders that were based on the principles of his proposal (The white house, 2015). The executive orders provided a platform where the private sector and the government agencies can share important information that will help curb the threat posed by the cyber crime.
Obama’s election into office began with a strong note of curbing the threat of cyber crime when compared to his predecessors. President Obama’s executive orders cover a wider scope because they include the public when compared to the congress acts, which cover the protected computers used governments selected organizations. The policy also focused on abroad range of factors, which include the vulnerability from increased storage of sensitive data information by the American citizens. The greatest challenge affecting the implementation of president Obama’s cyber crime policies is the political divide between the democrats and the republicans with the republicans favoring market incentives to discourage cyber crime and the democrats favoring legislative approach to combat cyber crime (Bucci et al, 2013). Without The executive’s efforts directed to reducing the increasing cyber threats, they may jeopardize the American presence online. This is largely because the political division on how the nations should approach the rising cyber threats. In addition, the ideological differences thought the United States have also created a dispute on the best approach to curb the threat rising from cyber crimes. Therefore, the president’s executive orders mirror the proposals that have failed to pass the congress to legislation. The orders also provide a framework through which the widening gap between the private sector and the government agencies of fighting cyber crime.
However, despite the executive orders playing a significant role in combating cyber crime in the United States, they need to be more effectively formulated and defined to reduce their ambiguity for easy implementations. The orders do not provide a clear strategy on the relationship on sharing information between the private and the government sector. Majority of the organizations are reluctant o sharing information because of the unintentional damage and that sharing some information may at instances contradict the freedom of information act. Similarly, lack of a clear guideline on information sharing between the two sectors as directed in the executive orders may e be used by regulators against the private sector.
Therefore, information sharing is only currently applied between smaller organizations networks based on trust. The government has also several laws and regulations that govern information sharing process which may contradict with the policy requirements. The policy therefore requires that guidelines be developed to remove the ambiguity on the policy and make its implementation practical. The information-sharing platform that the president Obama’s executive orders to cyber crime seek to achieve should be build through trust, confidentiality and non-victimization of the parties sharing sensitive information. Most important the congress must also repeal the numerous barriers that hinder information sharing between the private and the government sectors. In addition, information sharing should not be mandatory but voluntary for both sectors. There is therefore need to create incentives that will encourage the private sector to share sensitive information and data that may be used by cyber criminals to aid their activities.
Creating an environment that is based on cooperation and not coercion may be a challenge given the nature of strained relationship between the government and the private sector. The political divide in the United States is also more likely to interfere with the presidential directives especially given the stand of the incoming government. Presidential policies have the great challenge in that they do not go behold the term limit of the current administration. This poses a challenge of stabling a long working co-operational relationship between the government and the private sector. To ensure that the policy works as intended and free from political interference, the policy should be anchored on a legal framework to protect the parties that are involved in information sharing.
Such legal protection should expressively provide guidelines to eliminate the liability concerns that are the biggest fear for the private sector. Bucci et al (2013) notes the threat from sharing information has discouraged various businesses and private sector from sharing confidential information that can aid in combating cyber crime. In addition to liability protection for the shared information, the policies require a framework that will prevent competitors gaining a competitive advantage on the market by utilizing the shared information against their partners. Although implementing such a structure is technical, it is essential because the shared information could be from a compromised database of a company exposing its innovations and other critical data to competitors. The resulting consequences from the shared information may cause substantial loss for the affected company despite that the intention was different. The policies also have to build confidence between the private sector partners that the information shared will be acted upon swiftly and the necessary action taken to combat cyber crimes. The long response time this is common for government agencies may discourage the private sector from contributing critical information if their information is not acted upon to bring meaningfully changes especially considering that leadership skills required to run such a partnership.
Recommendations
Based on the findings of the analysis done by the current study, it is recommended that the computer and abuse act should therefore be amended to include all the computers that are in the risk of cyber crime attacks. The act only covers protected computers which include government and financial institutions computers(Jarrett & Bailie, 2015). Non –financial institutions and other organizatiosn not covered under the proteted computer provision of the CFAA act are incurring millions in losing due to unauthorized access to information and data by cyber criminals. In addition, criminal activities on non-protected computers give the criminals an advantage to test various tools and software through which they can employ on protected computers more easily. Similarly, to the computer abuse act, the study recommends that the information intercept act should be amended to include the broad acts of criminal activities committed on non-protected computers . Private organizations Computers hold sensitive information that although not directly related to state matters, its disclosure can have an indirect impact to critical infrastructure. Based on the study findings, it is also recommended that the government should amend the identity theft clause to include criminals who use indentities of people who do not exist currently, the provisions of the law only ally to people who falsfy the indentity of other existent people as their own. In order to discourage illegal access to information and data on providers of storage services, the policy should be expanded to include the illegal sharing of information by the service provider’s who have access of such information as a cyber crime.
Cyber crime is unarguably a complex challenge in the modern world that is defined by immense technological undertakings. Therefore, it is imperative that working strategies are employed in combating its threats. Based on the findings on the study, it is recommended that organizations such as homeland department of security develop a case-specific approach in developing tactics that will prevent future repeats. The department of homeland security has adopted regulatory procedures that focus on the parties at the risk of experiencing cyber-attacks and doing away with the focus on the groups that initiate cyber crime attacks which is proving an effective measure reduce cyber crime attacks (department of homeland security, 2015). Lastly, organizations should set aside investment that will fund research activities to determine the fronts that make it easier for perpetrators to initiate cyber crime attacks. The study also recommends that organizations implement both technological measures such applying latest security patches, up to date antivirus, operating systems and computer application, password protection, maintaining a strict validation for the data input, monitoring the processes as well as procedures of external contractors who have access to the organizations computer systems. Others include performing regular scans to the network securities and activities, and create awareness on cyber crime prevention among their employees. This will create an environment where everyone is cautions of the rising thereat on preventing cyber crime.
The United States congress should increases the resources and the funding to fighting cyber crime. the government allocated $14 billion in the 2016 year to cyber security and plans to increase ths by 35% to $19 bilion in the coming 2017 budget(the white house,2016)This is essential as cyber crime criminals are organizing themselves in forms of groups and outsourcing funding from terrorist groups and other criminals organizations to advance their criminal activities. With the potential to utilize modern technologies in facilitating cyber crime, the extent of the damages caused by such actions has therefore increased. The government should also increase the capacity of its agencies ad department the fight with cyber crime through more resource allocations, provision of relevant training and skills in handling the crisis. Similarly, the information sharing policies from the presidential directives on cyber crime can be very effective in combating the threat of cyber crime if well enacted. However, the policies are very ambiguous as currently constituted and require comprehensive reforms to ensure they are easily implemented and workable. For instance, the provision on information sharing is currently limited by the existing legal barriers on information sharing between the government and the private sectors.
The study also recommends the establishment of a specific national agency that will coordinate efforts of preventing cyber crime, its mitigation and prosecution just like the case with the drugs. The agency should comprise of top strategic, business and technical thinkers outside the government. The agency will push for proposals and recomedations on the effective legislations and actions to combat cyber crime through enhacing cyber security awareness, menitaining the security of the private and government sectors and empowering the American public to take charge of their digital security. Currently, cyber crime handled by the DHS and other federal agencies which include the FBI, the U.S secret service and U.S immigrations and customs enforcement(ICE) which have been assigned other responsibilities by the federal government(department of homeland security,2016). Such an agency should focus on creating a good working relationship between the private and the government sectors especially in combating cyber crime. The government should also embrace creating awareness through education and training to provide the public with accurate, consistent and reliable information on cyber crime. The department of homeland security that currently coordinates cyber crime prevention efforts should increase training and awareness initiatives for the public sector. Other initiatives include creating an effective cyber workforce that is responsible for ensuring cyber security through enforcing the enacted legislations in combating cyber crime.
Limitations of the study
The limitation of the study was lack of adequate information on the cyber crime prevention. Majority of the research on cyber crime prevention are based on review of relevant literature and lack of adequate information on the field is one of the biggest challenges. Secondly, much of the information was obtain need from self-reports and therefore there was no allocable method of confirming the accuracy or biasness of the information obtained. Limited data on cyber crime and the emerging forms of such crimes as cyber terrorisms was also a limitation for the study of various researches on cyber crime prevention. In addition, sources mostly used to conduct this research are self-selecting, which implies that the information collected is limited in relation to the actual cyber crime policy. Similarly, most of the crimes are under reported by the victims and organizations due to the fear of negative publicity. Therefore, the actual information relating to effectiveness of various cyber crime policies is with held by the victims, which greatly hinders finding an effective solution to the problem (Rotich et al, 2014).
Conclusion
In conclusion, cyber crime has significantly increased in the last decade posing a significant threat various organizations and the entire country as well. Studies have revealed that organizations, both public and private, have had to contend with huge losses arising from instances of cyber crime attacks. Prasanthi and Ishwarya (2015) define cyber crime as any activity that is computer mediated and considered illegal targeting the security of computer systems and the data they process. Carelessness in organizations and individuals is major cause of the rising rates of cyber crimes as they underestimate the risk of cyber crime and therefore fail to take adequate measures to protect their information and sensitive data. In addition, overdependence by the government on centralized systems and lack of proper guidelines on protecting personal information contained in these systems has left millions of individual sensitive information vulnerable. The United States department of homeland security is responsible for operating the national cyber alert system. It also coordinates national response systems on cyber crimes and protecting the nation’s critical structure. The department also regulates and implements government policies that are aimed at combating the threat of cyber crime. In response to the increased rates of cyber crime. The government has also put considerable efforts in the last 10 years to preventing the threat posed by cyber intrusion through maintaining a reliable, secure, interoperable and open internet. In addition, the government has formulated several policies on cyber crime that focus on protecting critical infrastructure, which include critical information systems from the threat posed by cyber crime. Other efforts by the government focus on improving the ability of victims to report incidences of cyber crime to increase the response time to criminal incidences.
The study analyzed various government policies to combat the threat from cyber crime. Cyber criminals are organized in groups and indentifying these groups can help policy makers to come with effective policies to reduce the threat formed by the operations of such groups. Due to the increased connectivity brought by modern technology, cyber crime cases have significantly increased. Therefore, organizations are also coming up with various strategies in addition to the policies formulated by the government to combat cyber crime. These strategies can be classified as legal, technological and educational/awareness. Legal strategies focus on avoidances of cyber crimes by discouraging cyber crime criminals from committing through tough legal measures and penalties. Technological strategies focus on making it difficult for criminal to commit cyber crime as well as enhancing security of information and data.
Strategies based on creating awareness of cyber crime and data security. The study highlighted several ambiguous policies on cyber crime preventions for analysis using the policy analysis approach. Examples of the policies analyzed are the computer abuse and fraud act. The policy lacks clarity on the penalties for the acts increasing the possibility that cyber criminals charged with this act receive low penalties that are not equivalent to the damages arising from their activities. In addition, the act does not exclusively specify the relevant authorizes to enforce the act. This has caused conflicts between various law enforcement agencies at both the state and the federal level. The policy includes cyber crimes that committing by illegal intercept of communication by criminals unless explicitly stated for the prosecution and investigative purposes. Other policy is the interception communication act. The policy is ambiguous as it allows criminals to intercept information and data within the lawful confinements of the policy. The policy focuses on the intentional intercept of communication with the intention to commit cyber crime. The policy creates a wide gap in its implementation because criminals can argue that they intercepted communication while conducting their personal investigations. The policy therefore creates a crisis on the nature and the context through which the policy can be applied. The policy also creates a challenge when implemented on computer usage.
Other policy analyzed is the illegal access of storage of information. The policy on illegal access of information or data in electronic storage is ambiguous because it does not include the access to such information or data by the parties providing the storage services as contravening the policy. There are numerous incidences when information storage providers have been involved in cyber crimes activities but cannot be prosecuted due to the ambiguity of the policy. The study further analyzed the indentify theft policy. The policy criminalizes intentional transfer or use of another person identity without his consent as a cyber crime. On presidential/ executive policies, the study analyzed the President Obama’s executive orders. They cover a wider scope because they include the public when compared to the congress acts, which cover the protected computers used governments selected organizations. However, the policy is ambiguous to implement because the information-sharing framework in which it establishes has several legal barriers created by the United States law.
References
Bessant, J. (2014). Democracy Bytes: New Media, New Politics and Generational Change. Springer.
Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., & Chon, S. (2014). An Analysis of the Nature of Groups Engaged in Cyber crime. An Analysis of the Nature of Groups engaged in Cyber crime, International Journal of Cyber Criminology, 8(1), 1-20.
Brown, C. S. (2015). Investigating and prosecuting cyber crime: forensic dependencies and barriers to justice. International Journal of Cyber Criminology, 9(1), 55.
Bucci, S. P., Rosenzweig, P., & Inserra, D. (2013). A congressional guide: Seven steps to US Security, Prosperity, and Freedom in Cyberspace.Heritage Foundation Backgrounder, (2785).
Byrne, J., & Marx, G. (2011). Technological innovations in crime prevention and policing. A review of the research on implementation and impact. Journal of Police Studies, 20(3), 17-40.
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.
Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers & Security, 30(8), 719-731.
Choudhury, R. R., Basak, S., & Guha, D. (2013). Cyber Crimes-Challenges & Solutions. International Journal of Computer Science and Information Technologies, 4(5).
Clarke, R., Dempsey, G., Ooi, C. N., & O’Connor, R. F. (1998, February). Technological Aspects of Internet Crime Prevention’. In Proc. Conf.’Internet Crime’, Australian Institute for Criminology, Melbourne University (pp. 16-17).
Dashora, K. (2011). Cyber crime in the society: Problems and preventions. Journal of Alternative Perspectives in the Social Sciences, 3(1), 240-259.
Department of homeland security. (2015). Using the Cybersecurity Framework | Homeland Security. Retrieved from https://www.dhs.gov/using-cybersecurity-framework#
Department of Homeland Security. (2016). Combating Cyber Crime | Homeland Security. Retrieved from https://www.dhs.gov/topic/combating-cyber-crime
Department of Justice. (2015). Computer Crime and Intellectual Property Section (CCIPS) | Department of Justice. Retrieved from https://www.justice.gov/criminal-ccips
Fatima, A. (2015). E-Banking Security Issues? Is There A Solution in Biometrics?. The Journal of Internet Banking and Commerce, 2011.
Federal Trade commision. (2008). CAN-SPAM Rule | Federal Trade Commission. Retrieved from https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/can-spam-rule
Federal Trade Commission. (1998). Identity Theft and Assumption Deterrence Act | Federal Trade Commission. Retrieved October 9, 2016, from https://www.ftc.gov/node/119459
Halder, D., & Jaishankar, K.(2012). Cyber crime and the victimization of women: laws, rights and regulations. Information Science Reference.
Jarrett, M., & Bailie, M. (2015). Prosecuting Computer Crimes. Office of Legal Education Executive Office for United States Attorneys. Retrieved from https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf
McMahon, R., Serrato, D., Bressler, L., & Bressler, M. (2015). Fighting cyber crime calls for developing effective strategy. Journal of Technology Research, 6, 1.
McQuade, S. C. (2006). Understanding and managing cyber crime. Boston: Pearson/Allyn and Bacon.
Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and investigations. Cengage Learning.
Poole, B. J., & Sky-McIlvain, E. (2014). Education for an information age.
Poonia, A. S., Bhardwaj, A., & Dangayach, G. S. (2011). Cyber crime: Practices and Policies for Its Prevention. In The First International Conference on Interdisciplinary Research and Development, Special No. of the International Journal of the Computer, the Internet and Management (Vol. 19).
Prasanthi, L. M., & Ishwarya, T. K. (2015). Cyber crime: Prevention & Detection. International Journal of Advanced Research in Computer and Communication Engineering , 4(3), 1-4. Retrieved from http://www.ijarcce.com/upload/2015/march-15/IJARCCE%2011.pdf
Putnam, T. L., & Elliott, D. D. (2001). International Responses to cyber crime. Transnational Dimension of Cyber crime and Terrorism, 35-66.
Rantala, R. R. (2004). Cybercrime against businesses. US Department of Justice, Office of Justice Programs, Bureau of Justice Statistics.
Rotich, E. K., Metto, S. K., & Muketha, G. M. (2012). A survey on cyber crime perpetration and prevention: A review and model for Cyber crime prevention.
Shehu, A. Y. (2014). Emerging Issues in Cyber-Crime: Causes, Implications and Effects for the Legal Profession. Online Journal of Social Sciences Research, 3(7), 169-180.
Sherman, L. W., Gottfredson, D. C., MacKenzie, D. L., Eck, J., Reuter, P., & Bushway, S. D. (1998). Preventing Crime: What Works, What Doesn’t, What’s Promising. Research in Brief. National Institute of Justice.
Stephenson, P., & Gilbert, K. (2013). Investigating computer-related crime. CRC Press.
The White House. (2016). FACT SHEET: Cybersecurity National Action Plan | whitehouse.gov. Retrieved October 8, 2016, from https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan
U.S Government Publishing Offices. (1986). 18 U.S. Code Chapter 119 – WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS. Retrieved October 9, 2016, from https://www.gpo.gov//
Weisburd, D. L., & McEwen, T. (2015). Introduction: Crime mapping and crime prevention. Available at SSRN 2629850.
Weimer, D. L., & Vining, A. R. (2005). Policy analysis: Concepts and practice. Princeton, NJ: Recording for the Blind & Dyslexic.
Leave a Reply