Cybercrime is outpacing cyber enforcement. In the United States, less than one percent of malicious cyber incidents result in arrest, according to an analysis by policy think tank Third Way. At a recent conference co-hosted by Third Way, NYU Law’s Center for Cybersecurity, and the Journal of National Security Law and Policy, a range of policymakers, security experts, and legal scholars discussed the difficulties of prosecuting cybercrime, including determining jurisdiction and low rates of cybercrime reporting by its victims.
The conference, “Catching the Cybercriminal,” included a lunchtime talk with Google’s director of law enforcement and information security Richard Salgado and a live broadcast of the “Lawfare Podcast," among other events. During the broadcast, US Senator Mark Warner of Virginia and US Representative Jim Himes of Connecticut discussed the lack of an articulable federal policy to combat international cyberattacks, as well as legislation they hoped would improve election security, among other topics. The conversation was moderated by Lawfare editor-in-chief Ben Wittes.
Mark Warner: “We have been so afraid of cyber escalation, that I think we’ve been kind of open season, open hunting, for other nation states and their agents.… We have been unwilling to lay out, in an articulable way, what our country’s strategy is, what our red lines are, and what our willingness to use our own tools is.” (video 28:44)
Mark Warner: “I think we ought to build more incentives--whether from the insurance marketplace or others--to make sure ransomware and other attacks are reported. Because, you know, no matter how good law enforcement is, if you don’t get it reported, you’re never going to be able to find the bad guys.” (video 41:28)
Jim Himes: “The number of consumers out there who aren’t using two-factor authentication, the number of people who don’t patch their software—there’s just such low hanging fruit in the realm of defense…[A solution could be] a PSA saying if you don’t understand what two-factor authentication is…let us tell you what it’s all about. That would really, I think, move the needle.” (video 48:13)
Jim Himes: “Whether it’s, you know, deliberate Chinese hacking or a bunch of guys doing ransomware out of a basement somewhere, I think all those jurisdictional boundaries need to be, in my opinion, swept aside.” (video 1:16:55)
Watch video of the broadcast with Mark Warner and Jim Himes:
Posted February 7, 2019