Computerworld - WASHINGTON -- At the first Global InfoSec Summit here on Monday, a lot of attention was focused on hackers and crackers and whether laws -- worldwide -- were strong enough to do anything about them. But not everyone at the conference blamed the obvious bad guys.
William Caelli, who heads the school of data communications at Queensland University of Technology in Brisbane, Australia, said responsibility for many security problems rests with insecure software being produced by the information technology industry. "There is no evidence that industry has ever done anything that has involved extra cost unless mandatorily told," said Caelli, in arguing for security regulations.
But Betty Shave, who heads the international computer crime division of the U.S. Justice Department, said the government's view was to let self-regulation work and let the industry shake itself out. "We won't be prescriptive in a way that is particularly, in this setting, harmful to business," said Shave.
"There is also not much tradition in the United States for criminalizing products that don't work very well or don't work the way they're suppose to," she said.
Those two views represented something of the diversity of outlooks expressed at this conference, attended by 300, on how to approach the complex problem of international cyberlaw.
The conference, sponsored by the Information Technology Association of America in Arlington Va., and the World Information Technology and Services Alliance in Vienna Va., a group that represents high-tech trade associations worldwide, took a bird's eye view of security issues worldwide. When it comes to cybersecurity, the conference proceedings revealed that many countries remain far apart in their approaches.
For instance, according to a preliminary analysis of 44 nations by Bruce McConnell, a former White House official who led the International Y2k Cooperation Center, more than half of the countries studied lack any specific computer crime laws at all. Most of the major industrialized countries have such laws, including India and Malaysia. But there are some notable exceptions, such as New Zealand and Norway, he said.
For businesses, the absence of specific laws dealing with information security creates an element of risk and uncertainty. "I don't think there is a resistance [to computer-specific laws], it's more of a lack of awareness," McConnell said.
More countries have laws prohibiting break-ins of government computer systems and but they don't necessarily extend those same protections to the private sector, said McConnell, who operates a Washington-based consulting firm McConnell International LLC. But "as a general matter, the penalties are very weak," he said.
Some attendees
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
