The unprecedented connectivity of the Internet age has led to enormous social and economic benefits, but has also introduced numerous new challenges. In a fully connected world, security threats continue to evolve, keeping ahead of the most advanced defenses.
Network-based security threats have led to widespread identity theft and financial fraud. Spam, viruses, and spyware cause significant problems for consumers and businesses. A security breach may irreparably damage a company's brand or reputation. In the U.S., security issues threaten to slow the national adoption of electronic medical records. In the EU, consumer confidence regarding security and data protection is a barrier to the more rapid expansion of e-commerce across member state borders.
Todayâ€™s information attacks are a profitable business enterprise and are often controlled by organized crime syndicates. A growing number of sophisticated cybercrime business models, including the emergence of criminal enterprises, are built around selling tools and services for launching network attacks, rather than simply selling information gained from attacks.
Security technology continues to advance, changing from passive, point product-based to active, end-to-end approaches to security recognition, containment, and quarantine. In addition, Internet Service Providers (ISPs) are competing on security and consumer ISPs offer security as part of their service.
Policy makers around the world are focused on the state of the information infrastructure. Policy makers want to ensure that users of networks employ the best technology and process practices to make networks as secure as possible. Governments and businesses continually update their strategies to prevent attacks, and public-private partnerships have been formed to develop voluntary, market-based approaches to security.
Cisco believes that governments can help decrease cyber security threats by:
- Raising consumer and industry awareness of the importance of network security
- Educating users about best practices
- Using best practices to secure their own systems
- Funding long-term research and development
- Aggressively enforcing the laws against cyber crime and prosecuting criminals that use or attempt to use the network for theft, fraud, extortion, or other crimes
- Increasing cooperation at an international level with other governments, law enforcement agencies, and the private sector on the socialization of best practices and international prosecution of cybercrime
Cisco does not believe that governments should regulate security. In general, regulation:
- Stifles innovation by picking and choosing specific technology, rather that letting market competition develop the best and most advanced solutions
- Does not advance quickly enough to keep pace with current industry needs and newly posed threats
- May actually decrease Internet security by creating specific points for systemic failure
U.S. Strategy to Secure Cyberspace
National Infrastructure Advisory Council (NIAC)
The Business Software Alliance Cybersecurity website
The Institute for Information Infrastructure Protection (I3P)
TechNet CEO Cybersecurity Resource Center
Stay Safe Online
OECD Guidelines: Towards a Culture of Security
APEC eSecurity Task Group
Partnership for Critical Infrastructure Security
European Information and Network Security Agency, ENISA
E-Security Task Force
President's Critical Infrastructure Board