There they go again
The Organization for Economic Cooperation and Development (OECD) and the Asia Pacific Economic Co-operative (APEC) have released a comprehensive report on malware (1.6MB PDF here) in preparation for the meeting of OECD ministers in Seoul next 17-18 June.
Drafted by the OECD’s Working Party on Information Security and Privacy and APEC’s Telecommunication and Information Working Group, the report contains nothing startling. Our views on the essential futility of these bureaucratic exercises is here.
But still, it’s a handy summary of the current state of play for those, like the OECD ministers, who know nothing about it – which is, after all, its purpose. The main points:
· Spam has evolved from a nuisance to being a critical part of self-sustaining cyber attacks through the distribution of botnets.
· The rapidly vanishing period between discovery of vulnerabilities and their exploitation is challenging current, mainly reactive, security measures. (See our report on this here)
· Market mechanisms are inadequate to meet the challenge and in some cases operate to make things worse.
So, yes – you know what’s coming:
· “There is a need for more structured and strategic co-ordination at national and international levels.”
Like our national police forces and Interpol, which copes so well with transnational crime?
“All the costs of dealing with spam and malware are passed on to the internet provider and the ‘unwilling’ recipients [are there willing recipients?] says the report. “Criminals minimise their costs to the extreme: they pay no tax, escape the cost of running a genuine business, and pay commission only to others in criminal circles worldwide and at a comparatively low price.”
The report concludes that if only governments, the private sector, the technical community and civil society could come together in a global partnership, all would be well. We look forward to their next report on improving pig aerodynamics.