Big numbers splatter the headlines as cybercrime owns the front page for a third straight week. Estimates of the global losses attributable to cybercrime range between $575 billion and a more conservative $375 billion, while the latest report by McAfee and CSIS settles at $400 billion—around the GDP of Austria.
The report, Net Losses: Estimating the Global Cost of Cybercrime (PDF), notes the difficultly in accurately estimating a figure for certain types of online crime, but the trend is clear. As more businesses move online the figure, and the impact of cybercrime on the performance of private industry and the strength of national economies is set to increase. The paper also outlines how cybercrime is damaging export growth with the knock-on effect of speeding up job losses; some reports put this at around 20,000 positions in the United States alone. In the end, the one undeniable conclusion is that cybercrime certainly is a ‘growth industry’.
But law enforcement isn’t standing idly by. At the launch of the McAfee/CSIS report, Paul Gillen, head of operations at Europol’s European Cybercrime Centre, extolled the virtues of public-private partnerships in combating cybercrime. Meanwhile in the UK, the Queen celebrated her birthday by introducing a Serious Crimes Bill that, among other things, will amend the Computer Misuse Act 1990 to ensure hackers face sentences that ‘fully reflect the damage they cause’. That move could bring life sentences for serious cyberattacks. If you’re not convinced, swing over to InfoWorld to see Roger A. Grimes channel his inner J Edgar Hoover and warn cyber criminals there’s ‘Nowhere to Hide’.
Crowdstrike also has a new intelligence report out that delves into the operations of an espionage group with ties to the PLA. ‘Putter Panda’ is an adversary group that supports space surveillance and is alleged to be connected to the Third Department of the PLA, specifically the 12th Bureau, Unit 61486, based in Shanghai. The group used several remote access tools to gather intelligence on US and European defence, research and technology sectors connected to aerospace and satellite technologies. The report identifies Chen Ping as the specific individual who registered the domains required to control the malicious software and attempts with great detail to lay out the evidence that connects him to the PLA.
With intrusions and strikes on the rise, DARPA is looking to accelerate the development of automated security systems. The $2 million prize for the top team in the Cyber Grand Challenge may seem paltry compared to the cost of cybercrime tallied by MacAfee and CSIS, but the effort has great compound potential. Mike Walker and Chris Eagle from the DARPA team are certainly excited for the prospects, taking to Reddit AMA to spread the good word.
Following last week’s adoption of a new cyber-defence policy by NATO Defence ministers, the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn ran a successful CyCon, which discussed the changing perception of cyber within the alliance. It has yet to be seen if this will provide any comfort to Latvia and Finland. Whether current Russian cyber activities constitute cyber war is a matter of interpretation, but a fascinating look at the F-35 Joint Strike Fighter reveals a very real intersection between cyber capabilities and war.
And as a reminder that it isn’t all war and crime in cyberspace, the next big disruption in the global Internet could come from Google. The outerspace threat to cyberspace comes in the form of 180 satellites that will see cheaper, high-speed Internet options break into rural and developing areas of the world, a real game changer for ISP providers.
Klée Aiken and Jessica Woodall are analysts in ASPI’s International Cyber Policy Centre.