In last week's State of the Union address, President Barack Obama mentioned his plans to bolster cybersecurity efforts in the United States.
However, President Obama's proposals and vision for this new initiative may be underwhelming and ineffective, suggests David Upton, a professor at the University of Oxford's Said Business School. Mr. Upton penned his thoughts in a Harvard Business Review article.
In his proposal, President Obama seeks to ban the sale of botnets, give courts the power to shut down networks assembled for cybercrime and encourage public-private cooperation by protecting companies that share information with the government regarding computer threats.
Mr. Upton wrote that while these aims are good intentions, the actuality and reality of achieving them may do less for cybercrime than anticipated.
First, a large number of cyber criminals reside outside of the United States, and therefore are not subject to U.S. jurisdiction, "or at least [they are] beyond the capacity of law enforcement to track them down in large numbers," Mr. Upton wrote. "Criminalizing many of the activities and products associated with cybercrime is likely to have more symbolic value than actual effect."
Additionally, the rate of cybercrimes occurring on American soil is already going down, Mr. Upton wrote. He said in three months in 2012, the number of "malicious hosts" in Russia rose by 10 percent, while the number in the U.S. fell by 10 percent. He wrote cybercriminal activity is cheaper in other countries, so cybercriminals are incentivized to move elsewhere. "Obama's proposals are tackling a problem that was already diminishing in the U.S.," Mr. Upton wrote.
Regarding the protections for companies reporting malicious cyberactivity to the federal government, Mr. Upton wrote that many companies already share such information, without involvement from the government. He also wrote that liability issues are just a fraction of the larger cybersecurity issue, and the government doesn't always have the resources to thoroughly prosecute cybercrime. "Why share information with the government if it won't help your situation?" Mr. Upton wrote.
Mr. Upton suggests that global cooperation and involvement is going to be the most effective way to fight against cyberattacks. Additionally, he suggests delving deeper into the psychology of cybercriminals to understand how and why they are coaxing and blackmailing insiders from organizations. Education, too, is highly important for all players to understand the dangers of cybercriminals.
"I believe Obama's proposals are well-intentioned," Mr. Upton wrote. "Information sharing is, on balance, a good thing. They at least start to address a set of problems that will impact the next generation even more than ours and may be the basis for some fundamental research. But I just doubt that they will be very effective in combating cybercrime."