WASHINGTON — Two House subcommittees recently asked IT experts about the potential of technology to protect Americans from international cybercriminals. Technology can answer some of the threats, but by itself will not ensure secure digital financial transactions, they answered.
In the U.S. over the course of one year – 2009- — the amount of information lost to cybercrime nearly doubled, from $265 million in 2008 to $560 million, according to a report by the Internet Crime Complaint Center, which is supported by the FBI. The World Federation of Exchanges reported in July 2013 that half of the 46 exchanges it surveyed had been victims of cyberattacks in the previous year.
The U.S. government is progressively seeing cybersecurity as a major threat that requires its intervention. While watching the level of cyber protection for critical infrastructure, President Barack Obama signed an executive order early last year expanding private sector access to government cyber threat information and instructing agencies to create a set of standards.
Dr. Charles Romine, director of the Information Technology Laboratory at the National Standards and Technology, cited the potential of technologies such as the EMV (Europay, MasterCard, and Visa) cards to mitigate risks in face-to-face transactions.
EMV uses smart card technology to ensure the secure storage of personal identity information in the card rather than the magnetic strip. Not only does EMV transaction data exclude other data needed for magnetic strip counterfeits, but there is also a one-time unique code generated by each transaction proving the cards’ authenticity.
Although EMV cards have great potential, Russo emphasized that their use is only one piece of the puzzle in reducing cybercrime. Encryption, malware protection and other security measures should be combined with stronger protections for card information data as part of new laws, he said.
“A multifaceted problem cannot be solved from a single technology, standard, mandate, or regulation. It cannot be solved from a single sector of society. We must work together to protect the privacy and financial interests of consumers,” said Russo.
The Government and Accountability concluded in its cybersecurity report that “both public and private entities have responsibilities to protect against, detect, investigate, and prosecute cybercrime.” While public and private entities, partnerships, and tasks forces have begun to address these challenges, “federal agencies need to take additional action to ensure adequate law enforcement capabilities.”
Justin Brookman, director of consumer privacy at the Center for Democracy & Technology, supported Russo’s criticism of current policy solutions, citing their deficiencies in addressing data breaches. He pushed for comprehensive data security and privacy legislation, calling on policymakers to enact laws that strongly incentivize companies to save personal data with consequences for companies who fail to use security measures to protect consumer information.
Both experts also pushed for greater attention in ways to quickly detect and mitigate harm and tougher penalties for cybercriminals.
But the government must be cautious. Some technology experts warn that new legislative proposals being considered by Congress could be potentially intrusive on private industry, preventing enterprises from responding efficiently to emerging and changing threats.