The year rang in with the threat of a computer meltdown — the Y2K bug — but it proved to be more hype than horror. Yet having weathered that digital storm, the world has faced a succession of bugs and viruses that have done real damage to both computer systems and confidence in the network economy. These problems are not going to go away. They are an intrinsic part of the digital economy. But the casual approach to security that most computer users have must change.
Last year, it was Melissa. Last week, it was the Love Bug. Both viruses were designed by young computer hackers who had no idea of the havoc they were unleashing — the Love Bug was responsible for billions of dollars in lost productivity. Between those two incidents, unknown hackers unleashed denial-of-service attacks on some of the Internet’s most prominent businesses. The attacks — in which computers were flooded with as many as 1 million bits of information per second — temporarily disabled some of the biggest and most popular Web sites on the Internet. Their vulnerability is troubling. If they can be overwhelmed, then no one is immune.
Creating a framework to deal with these problems is critical. It is estimated that more than 500 million people worldwide will be online by 2003. As that number rises, digital technologies will work their way deeper into everyday life. The total value of e-commerce, both retail and business-to-business, is expected to rise from $120 billion this year to $2.8 trillion within four years. Security and reliability are essential.
Those concerns dominated meetings this week in Paris in which officials from the G8 nations, other concerned governments and leading computer industry representatives discussed cyber-crime. The gathering, hosted by the French and Japanese governments, was a preparatory meeting for the G8 summit to be held in Japan this summer. At that meeting, the G8 members are reportedly going to establish a “coordination mechanism” on information technology.
If the Paris sessions are anything to go by, it will be difficult. The problems are not new. They reflect different approaches to regulation that have long divided the United States from the other industrial nations. In short, the U.S. — backed by most of the industry representatives — is loathe to put a heavy burden on anyone connected with the Internet, out of fear that it will slow down innovation and the diffusion of digital technology. Other nations are less reluctant to intervene. The extent of the disagreements is alarming. Two weeks ago, the Council of Europe released its draft treaty to fight cyber-crime — three years after discussions began.
As the Love Bug case made clear, international coordination is essential in the fight against such crimes. While many of the offenses are old crimes in a new guise, the ease with which criminals cross borders means new tools are needed. And since some of the crimes themselves are new, new laws are needed as well — as the Philippine police learned when they tried to arrest a suspect in the Love Bug case and found they had no statute to use. It does not matter how vigilant one government is when criminals can exploit the weakest link in the chain.
While governments will be forced to move slowly, individual computer users are not. There will never be a 100-percent solution to computer security. But computer users can change their mind-sets. They must recognize they security is a problem for which they too are responsible. They must realize that security is a process, not a result. Common sense rules, such as not opening e-mail files from just anyone, can cut the risk of breakdowns.
Systems operators and software makers can help. Sysops must acknowledge the severity of the challenge. According to one estimate, only 32 percent of large companies and government agencies in the U.S. that were victims of serious hacking incidents reported them to law enforcement officials. Ignoring the problem only compounds the dangers. The denial of service attacks that disabled the Net businesses are not new; industry professionals have dealt with them since the 1960s.
Software makers must realize that putting user convenience above all other concerns has created all sorts of vulnerabilities. Microsoft has conceded as much by releasing a patch to its software that closes the door that was exploited by the makes of the Love Bug and other viruses.
That is a good first step, but it is only a beginning. There is no “quick fix” to the problems that are rapidly emerging as integral parts of the digital economy. Security will continue to be an issue; our job is to make it more manageable.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.