Cybersecurity issues, especially in the light of recent large-scale attacks on the computers of enterprises, banks and government agencies, have become extremely relevant. Recently, in our country, information security (IS) issues in various sectors of the economy, including the financial and banking sector, have received special attention.
Information security consists of a whole complex of various measures and actions. This is, first of all, the control of the actions of various subjects of business processes - ordinary employees of the company, privileged users, IT outsourcers, contractors. In addition, this is a clear delimitation of access rights within the company, the use of data backup, as well as the availability of a simple, understandable and communicated security policy to employees. In the current realities, protection must be flexible in order to provide both a sufficient level of security and the fulfillment of business goals.
The Bank of Russia believes that, in general, the level of cyber resilience in our country is at the appropriate level. The regulator also expects a decrease in the number of successful cyber attacks and, accordingly, the damage from them. According to the results of the first half of 2017, the number of successful attacks was about 30% of the level of the previous year for individuals and about 25% for legal entities. For example, the WannaCry and NotPetya ransomware attacks barely touched the Russian financial system. There were isolated cases of infection of the information infrastructure, but this did not cause negative consequences - financial and credit organizations continued their work, there were no cases of any financial losses of their clients.
Hypothetical scenarios that could become reality
According to information contained in a joint study by Lloyd's of London and Cyence, financial losses from a large-scale cyber attack could cost the global economy from $15.6 billion to $121 billion. In the most pessimistic scenario of events, the losses from cyber attacks could exceed the economic damage from Hurricane Katrina, which was the most destructive in the history of the United States. Losses from it amounted to 108 billion dollars.
The report points out two potential scenarios for the development of a global cyberattack: hacking cloud storage providers or exploiting possible vulnerabilities in operating systems.
In the first scenario, hackers modify the "hypervisor" that controls the cloud storage system, as a result of which all stored files are lost to the user. The second option considers a hypothetical case when a cyberanalyst accidentally leaves a bag on a train that contains a report on the vulnerabilities of all versions of the operating system installed on 45% of all world devices. This report is subsequently sold on the "dark web" to unknown criminal groups.
The minimum damage in the first scenario will be from 4.6 to 53.1 billion dollars, depending on the duration of the period of unavailability of cloud services, as well as on which organizations were attacked. This amount, in a certain, most negative scenario, may increase to $121.4 billion, experts say. Under the second scenario, losses will range from $9.7 billion to $28.7 billion.
Security must be embedded in processes
At numerous conferences, seminars, round tables, the topic of countering modern cyber threats is raised. So, recently, within the framework of the XXVI International Financial Congress (IFC-2017), which took place from July 12 to 14, 2017 in St. Petersburg, the session “Information Security. Modern challenges and methods of support”.
The participants of this session discussed the topic of information security in the financial and banking sector and ways to counter modern cyber threats, staffing requirements, including the need to improve the overall level of cyber literacy of company employees and civil servants.
The President of the InfoWatch Group of Companies (GC) Natalia Kasperskaya, who moderated the discussion, in her opening remarks recalled that according to the results of a study by the InfoWatch Analytical Center in Russia in 2016, an increase in the number of information leaks by 80% compared to 2015 was recorded. At the same time, in nine out of ten cases, personal data (PD) and payment information leaked.
During the session, Deputy Chairman of the Management Board of VTB Bank Olga Dergunova drew attention to the unpreparedness of the Russian judicial system to work with digital evidence. She noted that the judiciary is fundamentally unprepared to consider digital evidence of cybercrime as arguments in either arbitration or criminal proceedings.
Deputy Chairman of the Board of Sberbank of Russia Stanislav Kuznetsov, speaking during the discussion, noted that a legislative framework is needed that will allow for tougher measures against cybercriminals, and a cybersecurity ecosystem, the connection to which will provide protection from cyberthreats. “80% of success in ensuring cybersecurity depends on how well the processes are built, and only 20% on technology,” the expert said.
The head of the information security department of Globex Bank, Valery Estekhin, agrees with the last thesis. He believes that security should first of all be laid down in processes, and only then technologies, tools and the information security team begin to work effectively.
Vseslav Solenik, head of the information security department at DeltaCredit Mortgage Bank, also believes that cybersecurity is more dependent on properly built processes. “Most of the players in the market use the same or similar security technologies, but even with the same technologies, one company can be hit by a cyber attack while another is not. And the company that correctly made the settings, updated the software, detected the attack in time and responded to it, and this is an operational component, will not suffer,” the expert notes. However, Vseslav Solenik makes a reservation that all of the above is true only if resources are available. If there is a significant underfunding or there are not enough other, non-financial resources to ensure the company's information security, then without proper technological tools, the processes will be very cumbersome and time-consuming, and therefore inefficient.
Director of the Department of Non-Financial Risks and Financial Monitoring of RosEvroBank Marina Burdonova believes that it is the smooth running of processes that is the main component of cybersecurity. “If the system is initially configured correctly, the operation algorithm is clear to all participants, then the level of protection can be very high. Of course, new technological solutions also significantly help to increase the level of work efficiency, but this is a tool that must be in good hands,” the specialist warns.
Human factor
It is the problem of "reliable hands" or, in other words, qualified personnel, that is still one of the most urgent. It has been of particular relevance over the past years, because today a person remains the most vulnerable link in the IT infrastructure.
“The weakest link in the information security of a bank is an employee of the company,” Valery Estekhin (Globex Bank) is sure. “Sometimes inattentive, sometimes careless, sometimes gullible, sometimes bored at work, sometimes mercenary,” the expert lists possible options for problems. In all these cases, the consequences can be very deplorable not only for the employee, but also for the organization in which he works.
Marina Burdonova (RosEvroBank) also considers the human factor to be the main risk factor. “If employees do not follow safety rules, then technology will not be able to protect themselves,” she explains her point of view. Vseslav Solenik (DeltaCredit Bank) points out that when using social engineering, attackers can force an employee of an organization to take some action that will simplify the attack. “Often, in order to guess the password to an account, an attacker does not have to crack it - all the information about the password is in social network profiles or next to the desktop. Even employees in leadership positions carry out manipulations provoked by intruders, to say nothing of employees in ordinary positions. In a separate line, one can cite the unwillingness of employees to follow the policies and requirements for information security, because this can complicate their work. As a result, they ignore the risks that appear in this way,” the expert emphasizes.
According to Vseslav Solenik, in order to minimize the impact of the human factor, it is necessary to constantly raise the awareness of employees in the field of information security, as well as implement a system for monitoring and monitoring compliance with information security policies and requirements.
Among the main ways to minimize the threat of information security, Valery Estekhin names raising the awareness of personnel in matters of information security, conducting tests, business games, and cyber exercises. Along with the human factor, a serious threat to the information security of companies, according to Valery Estekhin, is an outdated fleet of equipment and software not supported by the manufacturer, the lack of solutions for monitoring the corporate network, database leaks through employees, IT outsourcers, software developers.
Underestimated risks
In connection with the problem of risks posed by the human factor, it is interesting to recall the study of the antivirus company ESET, published in July 2017. Four out of five companies underestimate the information security risks associated with the human factor. This conclusion was made by ESET employees after a survey of Internet users from Russia and the CIS.
Respondents were asked to choose an answer to the question: “Have you been trained in information security at work?”. A striking fact for our time, but the result was as follows: a negative answer leads by a wide margin. 69% of respondents have never been trained in the basics of cybersecurity in their companies. Another 15% of survey participants reported that their employers limited themselves to the minimum amount of information. The training did not go beyond "in case of problems, restart the computer", the rules of cybersecurity were not affected.
Only 16% of respondents completed high-quality trainings with a detailed story about information security and current threats.
In comparison, more than 60% of participants in a similar survey in the United States reported that their employers provided cybersecurity training for them.
The ESET survey participants were then asked to list aspects of computer security that they lack information about to ensure protection. Respondents honestly admitted that there were gaps in their knowledge.
70% of participants reported that they did not know enough about the topic of wireless network security, in particular threats to Wi-Fi.
Other categories of malware - banking trojans and malware for mobile devices - received 56% of the votes each. 57% of survey participants would like to know more about password security, 51% - about protection against "classic" Internet fraud tools (phishing and spam).
“Most of the information security breaches in companies are due to human error,” comments Vitaly Zemskikh, head of ESET Consulting, on the results of the survey. - Targeted attacks on organizations are based on the human factor - social engineering - and old software vulnerabilities. Employee training, as well as various tests that identify internal security threats, allow you to reduce risks and find a weak link in the company before attackers do it.
Personnel hunger IB
Experts note that the speed of change and the emergence of new technologies has caused a shortage of personnel, and zero unemployment is observed among information security specialists around the world.
Artem Sychev, Deputy Head of the Main Directorate for Security and Information Protection (GUBZI) of the Central Bank of the Russian Federation, during the session “Information Security. Modern Challenges and Methods of Ensuring” within the framework of the IFC-2017 confirmed the problem of a shortage of personnel in the field of information security for the financial industry. The operation of a modern financial system is impossible without the application of the principle of security by design (development of information systems that are initially protected from various kinds of threats), which requires qualified specialists.
Speaking about the personnel problem, Artem Sychev also noted the need for the emergence of new professions at the intersection of IT and other disciplines. For example, a combination of the profession of a security specialist and a lawyer is required. Such specialists could help law enforcement agencies in the fight against cybercriminals.
Cybersecurity is one of the most dynamically developing industries, so the demand for personnel is very high, emphasizes Marina Burdonova (RosEvroBank). And the educational market did not have time to fully respond to this trend, this problem is connected with this. But in 3-5 years the situation with personnel will be much better, the RosEvroBank expert believes.
“The most talented people want to work for the most successful companies,” says Valery Estekhin (Globex Bank). - It takes quite a long time to look for the right people, usually with experience, with the necessary qualifications. I want to hire people charged with results, not whiners. The requirements for qualifications, experience and competencies of specialists are dictated by the complexity and variety of equipment and software used to protect information. After all, despite the help of an integrator or vendor in the implementation of protection tools, the further operation of the solution lies on the shoulders of the company's information security team, the specialist emphasizes.
The most dangerous cyber attacks
The Cisco 2017 H1 Information Security Report points to the rapid evolution and growth of threats, as well as the spread of destruction of service (DeOS) attacks that can destroy backups and safety nets. required by organizations to recover systems and data after an attack. With the advent of the Internet of Things (IoT), more and more operations in key industries are transferred online, which expands the horizon of attacks, increases their scale and exacerbates the consequences.
The recent WannaCry and NotPetya attacks have demonstrated the spread of malware that looks like ransomware, but is actually capable of causing much more significant destruction in the information technology field. This heralds the emergence of threats that Cisco has called "interruption of service" attacks: they are extremely dangerous because, if they are successful, the affected business is effectively unable to recover completely.
However, there are other very dangerous phenomena in the field of information security. So, Vseslav Solenik from DeltaCredit considers “silent” attacks, which can go unnoticed for a long time, to be the most dangerous. The purpose of attacks can be different - data theft, financial theft, penetration to partners, exploitation of resources, or all of these goals at once. According to the specialist, precedents have already been recorded when attackers used the infrastructure of a banking organization for years, and employees responsible for ensuring the information protection of companies did not even know about it - naturally, until the moment when the damage to the business became real and obvious.
Marina Burdonova (RosEvroBank) believes that the most dangerous attacks are those organized by professionals with experience in the information security industry. For example, if we are talking about some kind of planned attacks in the interests of large groups of influence. “In this case, the level of danger is very high,” the expert emphasizes.
“Any emergency situation is a test for professional suitability of security officers, AI specialists,” says Valery Estekhin (Globex Bank). - Recent events with attacks by WannaCry, NotPetya and others have clearly shown this. The most effective attacks for medium and small companies are, oddly enough, rather primitive and easy to implement types of attacks, such as attempts to intrude through software vulnerabilities, deception or breach of trust, malware infection through phishing emails, targeted attacks for personnel with the required level of access.
Most of these attacks could have been prevented by applying basic information security principles. Among the main principles, the Globex Bank expert names the following: using spam filters in e-mail, segmenting the corporate network, checking for certificates of installed programs, filtering suspicious URLs, using patches and security updates for operated software, monitoring running processes in the corporate network , raising staff awareness. Along with this, it is important to carry out scanning with anti-virus solutions (updating anti-virus databases), setting up behavioral analysis in anti-virus solutions, using a firewall, firewalls. Of course, company employees should not open links in emails from unverified sources. Finally, it is necessary to organize the exchange of information about incidents between participants in information interaction within the framework of computer crime response centers.
The most current threats
The information security of banks has recently been associated with targeted attacks: email messages containing malware are sent to the addresses of employees, commented on the situation in the press service of VTB 24 Bank. Threats associated with DDoS attacks and attacks on clients of remote control systems also remain relevant. banking service (RBS).
Such risks can be minimized by introducing modern protection systems and effective response procedures, meeting information security requirements, and raising personnel awareness in the field of information security. “When developing mobile applications, we analyze and prevent security vulnerabilities and threats,” the bank's press service emphasizes. - On a regular basis, application vulnerability checks are carried out with the involvement of external specialized companies. In our opinion, an external contractor with a reliable reputation and experience in the market will a priori have greater competence, including competence in terms of safe development. Also, VTB 24 has implemented an anti-fraud system that detects abnormal behavior of customers in remote banking (RBS) and stops fraudulent transactions. In VTB 24 applications, multi-factor authentication works in all RBS systems. Not a single case of hacking has been recorded in the VTB 24 mobile application.”
Biometric identification
Recently, large banks have launched pilot projects for the use of biometric identification tools. Of course, there are still too many questions in this area. For example, which type of biometrics is the most effective and applicable in practice, how to approach the introduction of biometrics from a technological point of view, as well as from the point of view of legal and methodological support of the process of identifying customers using biometric data? After all, the prospects for the use of biometric technologies are still constrained by gaps in the current legislation, high cost and imperfect solutions. However, with all this, large financial and credit institutions are already using biometric technologies to ensure information security and counteract external and internal fraud. For example, VTB 24 is interested in the possibility of using biometric technologies, commented in the press service of the organization. “The advantage of biometrics is customer convenience. Passwords can be lost or stolen, and biometric data is unique, so we can talk about the reliability of the method,” VTB 24 experts say.
At the beginning of 2017, VTB 24 completed a pilot project for voice identification of customers when contacting a contact center, which makes it possible to create a process for confirming transactions that is convenient for the client and reliable for the bank. This can significantly increase the volume of audited transactions and minimize the risks of customers and the bank, according to the financial and credit organization.
VTB 24 also launched a project for biometric authentication of clients by appearance in a new type of office with paperless service. When visiting such branches, customers sign only electronic versions of documents. At the same time, in addition to the traditional identification by passport, the bank offers to pass authentication on a tablet, which additionally confirms that it was this person who signed the documents on a certain day and time.
In the retail business of VTB Bank and VTB 24, the service of using a fingerprint in a mobile bank for entry has already been introduced, and in the retail business of VTB Bank - also for confirming transactions.
Obviously, with the development of financial technologies and their incorporation into the banking business, both the risks in the field of information security and the requirements for specialized departments and departments will increase. Banking experts are confident that the road will be mastered by the walking one. On the other hand, their common position is as follows: since we are talking about a complex multi-component problem, an integrated approach is also needed to solve it. In the matter of providing a reliable "fortress wall" for banks, there cannot be a single solution or action that can once and for all eliminate the risks of information security.
Photo by Nicholas Vallejos/Flickr.com
The word “cybersecurity” has recently been heard more and more often in Russia. It cannot be said that the frequency of its use corresponds to the seriousness of the attitude to the problem and the quality of the solutions found. But global challenges and local changes force the Russian authorities to react and take action. These actions actively influence many areas of digital life, including the media ecosystem.
Maxim Kornev
Cybersecurity and media
We live in a turbulent time when the media have become a battlefield. Moreover, at all levels: physical, digital, institutional. There are more than enough examples:
- ISIS hackers are hacking US Department of Defense social media accounts and actively exploiting social media;
- The death of French cartoonists from Charlie Hebdo exposes the conflict between traditional Islamic and modern post-Christian cultures in Europe;
- In a full-scale information war in connection with the events in Ukraine, media with Russian participation become targets of influence.
It is not surprising that the defense of the information space is a serious task not only for any developed state and cultural society, but also for various groups of influence.
Cybersecurity issues are broader than media restrictions. Just as the topic of information security is even wider than the problems of cybersecurity. But we can say that it is with the help of the media that threats and measures to eliminate them are implemented in the digital space. Therefore, media is a key component in the cyberspace defense system.
If you do not go into terminological nuances, then cybersecurity is the security of information and supporting infrastructure in a digital environment. It should also be taken into account that there are several levels of problems and solutions: from the private, related to the protection of citizens and a particular person from various types of intruders, to the state and supranational, where the tasks of national security and information wars are solved.
The Cyber Security Forum (traditionally held in February this year) can be safely called the key event and discussion platform on cybersecurity in Russia. Here, in addition to the problems of information security, they also discuss the security of communications in the media, malicious technologies for the dissemination of information, as well as the possibility of influencing people through the media. It is important that in the course of such meetings, the participants discuss and develop legislative solutions that, at the basic, infrastructural level, directly affect the work of the media, set the boundaries of opportunities and responsibilities for the authors of publications.
Cybersecurity in Russian: what happened to the National Strategy Concept?
The main document on cybersecurity issues was to be the Concept of the Cybersecurity Strategy of the Russian Federation. She, in theory, could lay the foundations for the interaction of all participants in digital virtual communications in Russia. But the concept remained in the status of an uncoordinated project, although the need for it was long overdue. In particular, industry experts pay a lot of attention to this problem. Since the importance of the information security of the Runet, the state cybersecurity strategy of Russia and the need for international cooperation in 2014 was often discussed at all levels, including this topic was repeatedly voiced by President Putin.
At the end of November 2013, parliamentary hearings on the “Concept of the Cybersecurity Strategy of the Russian Federation” took place. Then the project was supposed to go to the Security Council, where it would receive approval in order to start the process of developing the strategy itself. However, at the moment, the fate of the project is unclear, and there is reason to believe that it was stuck at the approval stage or was rejected altogether. This indirectly confirms the fact that in February 2014 Ruslan Gattarov resigned ahead of schedule from his position in the Federation Council and moved away from developing the concept, returning to Chelyabinsk. His place in the Federation Council was taken by Lyudmila Bokova, who will also oversee the development and strategy of cybersecurity. Previously, she dealt mainly with school education and pedagogy.
Cybersecurity in Russia and the World: main trends and how does it threaten the media?
Thus, at the moment in Russia there is no fundamental document that would correspond to modern realities and challenges, which would explain how to deal with cybersecurity at the national level. This is bad for everyone, including the media.
Instead of a structured system of regulations in Russian practice, there are a number of declarative documents (Information Security Doctrine, National Security Strategy until 2020, the draft Cybersecurity Strategy Concept (pdf) and others), as well as packages of restrictive and prohibitive laws and amendments (including high-profile 139 -FZ on protecting children from harmful information, 136-FZ on insulting the feelings of believers, "blogger" FZ-97 and others). Such measures are obviously not enough to create a flexible and effective security system in the cyber environment. Therefore, there is a lot of work ahead to develop national standards and harmonize them with international norms.
In this we are significantly different from the "Western" approaches to the development of a secure Internet. In Europe, the network aims to contribute to the development of society and multiculturalism, support cultural and linguistic diversity, empower users and encourage openness. At the same time, the Internet should be globally accessible, open, decentralized in management. Accordingly, cybersecurity issues should come from these seemingly simple but deep value premises. Although not everything is going well in Europe with openness and multiculturalism, there are starting points and rational guidelines for designing the future.
You can start with basic things. First of all, in Russian practice it is necessary to separate the concepts of "information security" and "cyber security". Also, the main trend in international practice is the emphasis on cooperation between the state, business and civil society, that is, on the creation of an ecosystem to counter cyber threats. At the same time, developed countries are trying to avoid both excessive regulation and insufficient attention from the state.
It is noteworthy that national web security strategies have appeared relatively recently. The United States, as one of the leaders in the development of this area, acquired a national cybersecurity strategy only in 2003. For example, France developed its own rules and regulations only in 2011, and a single strategy for the European Union appeared only in February 2013.
In 2014, the focus of the new generation strategies shifted significantly. If earlier the state focused on protecting citizens and organizations, now it is focused on society and institutions as a whole. This is due to the growing role of the Internet in the economy and public administration, as well as potential threats from other states. That is, the problems of cybersecurity have grown from private problems in just a couple of decades to an interstate level. Therefore, interdepartmental interaction and public-private partnerships within countries and interstate cooperation outside are encouraged. The role of the media in this situation can be compared with the role of the nervous system in the human body: to transmit impulses and signals that lead to the correct functioning of the entire social organism.
Without idealizing the role of society and the media, it should be noted that state sovereignty and the protection of their own economic and political interests are put in the first place by all active participants in the process, while the value of the openness of the Internet and its self-regulation are recognized as unshakable. Civil society and journalism as a public institution are called upon to help maintain this balance: the use of a flexible strategy on the part of the state should help develop facts and practices for decision-making (based on knowledge arrays, monitoring cyber threats and response schemes to them). These facts, in particular, were discussed at the already mentioned Cyber Security Forum 2014 by expert Elena Voinikanis from Rostelecom.
In the current 2015, control and combating cyberterrorism will obviously increase, but the expansion of the participation of citizens and the media in building a network security system will benefit all participants.
Cyber security, the problem of network trust and media
Another key issue that has been growing in influence throughout 2014 and continues to grow is the problem of trust between countries. Revealing scandals with Julian Assange, Edward Snowden and the wiretapping of German politicians by American intelligence agencies exposed the distrust and suspicion of countries towards each other. It got to the point that German Chancellor Angela Merkel started talking seriously about "digital sovereignty", and some German departments suggested returning to the use of typewriters.
Mutual hostility between intelligence agencies and leaders of countries, spiced with a clash of interests in zones of local conflicts and fueled by the actions of international terrorists, is actively rebroadcast by the media, and also captures millions of people on social media. As it turned out, the Internet can not only effectively unite, but also divide and exacerbate conflicts between people around the world, breaking them into opposing camps.
In this regard, experts predict a possible collapse of the Internet into a number of national or even group segments. And the “general” Internet will turn into a “wild field” and a marginal environment where laws do not work and there are many dangers. This is the so-called "balkanization" of the Internet, which was ranked as the number one online threat in last year's Pew Research Center study.
One of the consequences (or partly the cause) can also be called the problem of the “red button” for the Internet: there is a technical possibility to disconnect some country from the global network for a while. But rather quickly, access will be restored, and the militarization of the Internet and cyber threats from closed segments are growing even more. For example, Saudi Arabia, Syria, Iran, North Korea, China live with varying degrees of closedness of their "Internets", and this does not benefit the global network and world security. Some analysis of what might happen if Russia is tried to be disconnected from the Internet as a result of sanctions can be found in an article on the website of the Electronic State Expert Center.
As for Russian measures to restrict freedom on the Internet, in general, the desire of the authorities to cultivate the network space and propose the rules of the game is understandable. Even in places it is acceptable, but at the micro level, legislative initiatives are often expressed in a prohibitive and punitive manner. And this is bad for both sides: the authorities never get solutions to problems, and the media and the active public are increasingly moving into the “gray” zone, and problems go out of sight, but are not removed from the agenda.
As practice shows, attempts to restrict the freedom of access to various sites and mass media are ineffective, and even achieve opposite goals. For example, the blog "Humpty Dumpty" from the hacker group "Anonymous International" has been keeping the Russian political establishment in suspense for more than a year. Approximately the same situation with the site of Alexei Navalny (navalny.com). Blocking root resources does not work, because redirects and "mirrors" of the main resources are organized. A successful review on network bans "The Internet has gone into the shadows" was published in mid-January on the site slon.ru Anton Merkurov.
Of course, we need standards, we need to cooperate at the international level in the fight against fraud, terrorism and criminal content. But it is shortsighted to try to build boundaries within the Internet. In response to this, other forms of network activity or network communities are developing, which are even more inaccessible to supervision and control by the authorities. For example, deep web projects are developing, anonymous networks like Tor, also anonymous social networks or instant messengers without an Internet connection. And these are far from all the information security trends of the near future.
Key trends for 2015
Based on the predictions of RAEC, GROUP-IB and Kaspersky Lab analysts that came true in many respects for the past year, as well as our own observations of the trajectory of events, we can identify several key cybersecurity trends for the coming year.
- 1. Trends in Internet regulation across the board will only intensify. The development of new bills and amendments to the current legislation in the field of ICT and computer information will be actively continued.
- 2. The relevance of the topic of digital sovereignty of the Russian Federation will continue to grow, especially in connection with the aggravation in relations with the West and sanctions against Russia.
- 3. Hence - the priority of information security of critically important objects.
- 4. The themes of children's online safety, the protection of believers and morals, and anti-terrorist rhetoric will continue to be used to overcome the resistance of public opinion in making the necessary government decisions.
- 5. The importance of state institutions and their influence on the Internet industry and telecom companies will increase, but counter-movement from business and the professional community in the form of initiatives, joint projects and decisions will also become more active.
- 6. At the household level, cybersecurity: mobile, spam, botnets, viruses, phishing, the fight against scammers and international criminal groups of Internet scammers. All this leads to the desire of people to further protect their privacy and personal secrets, and therefore the development of platforms and services is moving in this direction.
- 7. Threats to business: cybersecurity is becoming an increasingly pressing issue from a commercial perspective. Especially in the field of banking, IT and media business and personal data protection.
Cybersecurity in Russia: what is it based on and how does it affect digital media?
What is being worked out now instead of a “cybersecurity strategy” or at least its “concept”? What is Russia's cybersecurity based on, both inside and outside the country? RAEC experts helped answer these questions in a special bulletin for the Cyber Security Forum 2014 (PDF). Below are the main documents with explanations and updated status of their current state.
Cyber security strategy concept was designed to rally business, government and civil society to ensure cybersecurity in the country. After the Parliamentary hearings in the Federation Council and discussion on the website of the Federation Council, the document was supposed to go to Valentina Matvienko for its further movement along the chain of improvements and approvals. But it seems that after a short discussion on the network, the initiative died out.
Project "Fundamentals of the state policy for the formation of information security culture". Work on it was completed in July 2013, the current status of the document is unknown, and even the text cannot be found by search engines.
Law on blocking "pirated" content at the request of copyright holders(No. 187-FZ Federal Law "On Amendments to Certain Legislative Acts of the Russian Federation on the Protection of Intellectual Rights in Information and Telecommunication Networks"). It does not achieve the goals of the regulators, but it has increased the risks of doing legitimate Internet business in Russia. In force since August 1, 2013, law enforcement practice is being formed.
Draft law on changes (there are more than 15) of the rules of regulation in the field of personal data(No. 416052-6 "On Amending the Federal Law "On Personal Data" and). Now under consideration in the State Duma and experts are practically removed from the influence and edits of its subsequent editions.
Critical Information Structure Protection Bill(The bill "On the security of the critical information infrastructure of the Russian Federation" and the Federal Law on amendments to other laws in connection with its adoption). RAEC has prepared more than 20 comments and remarks to the document, which is currently under consideration in the State Duma.
Methodological document "Information protection measures in state information systems". From February 11, 2014, it regulates measures to protect information systems in state institutions.
Law on the immediate blocking of resources with extremist content at the request of the prosecutor's office(No. 398-FZ “On Amendments to the Federal Law “On Information, Information Technologies and Information Protection”). The RAEC Commission on Legal Issues formulated its comments, but none of them were taken into account. The law came into force on February 1, 2014.
Draft law on informing subscribers by Internet providers about the possibilities of parental control systems(No. 231833-6 ""). Rejected by the State Duma at the end of April 2014.
Bills No. 428884-6 “On Amendments to Certain Legislative Acts of the Russian Federation on the Regulation of Information Exchange Using Information and Telecommunication Networks” (aimed at streamlining the dissemination of information and data exchange between users on the Internet) and No. 428896-6 “On Amendments to certain legislative acts of the Russian Federation "(tightens the requirements for electronic money transfers). The same RAEC had many professional questions regarding these laws, where experts pointed out a number of shortcomings of a technical, legal, conceptual and technological nature. Both laws came into force in May 2014.
A package of "anti-terrorist amendments" aimed at countering terrorists. In fact, many experts see them as a formal reason to “tighten the screws” in various areas: to limit the possibilities of electronic payments, the dissemination of objectionable information on the network and strengthen control at the level of providing Internet access. As part of the expansion of the same package, the “Law on Bloggers” was adopted, which actually equates active publishers in terms of responsibility with journalists, while giving nothing in return (except for a privilege, of course,
Tim Compston spoke with Cliff Wilson, Associate Partner, IBM Security Business Unit (UK & Ireland), about key cybersecurity challenges and vulnerabilities in legacy industrial control systems and critical infrastructure. He also mentions a cyberattack on the Ukrainian energy system. We have prepared a translation for you.
When we started our interview with Cliff Wilson, IBM's Business Process Security Officer for Industrial, Energy and Utilities in the UK and Ireland, he expressed his concern that many industrial control systems were designed, built and deployed long before the advent of the Internet. These systems were supposed to operate in a more or less closed environment, albeit connected to a simple broadband data network.
Nowadays, these infrastructures are increasingly being connected to control and analytical systems for end users. Many are even connected to the internet for convenience and lower access costs. This new connectivity makes them vulnerable to cyberattacks by individuals or states: “In addition to being old, these systems can be very fragile. Thus, penetration testing or other analytical security testing should be done carefully - it is not difficult to disable a legacy programmable logic controller (PLC)."
In terms of the scope of industrial control systems, Wilson confirms that they play an important role in the day-to-day operation of various facilities: “Thinking of manufacturing facilities, civil nuclear power, power generation, power distribution, utilities, water treatment, and a number of other enterprises,” — he says.
Outbreak of serious attacks
Turning to the trends that Wilson and his colleagues at IBM see regarding the level and origin of cyberattacks on industrial control systems, he notes that it's a very mixed picture.
On the one hand, Wilson notes that the number of attacks by the so-called "pimply youth" who simply go to the site and try to break into the system has decreased. “This is one of the reasons the overall attack graph is going down.” On the other hand, Wilson points to a worrying escalation in attacks at a more serious level: “These are attacks such as the attack on the Ukrainian power grid, which was widely reported in the international press.”
Expanding on the subject of a cyberattack on Ukraine, Wilson says that someone believed to be a third party essentially hit the targets and shut down power grid capacity: turn the system back on. Can you imagine if you lived in a country where the water suddenly disappeared, the electricity disappeared, how much fear and panic that could cause.”
Hidden threats
Wilson continues this theme by telling me that there is also a lot of concern that malware can exist on client systems, especially those associated with critical infrastructure. This means that potential attackers - individuals or government entities - can potentially disrupt critical systems and processes - and no one will understand what is happening behind the scenes: “Such suspicion arises in a number of cases when some critical infrastructure organizations have studied their systems and found software that wasn't supposed to be there, and indeed, it was subsequently proven that this software had existed in some cases for a significant period of time,” says Wilson.
Forensic Analysis
Emphasizing how easy it is to identify what malware is, Wilson acknowledges that in practice things are not as easy as they might seem at first glance: “Unless you do a deep enough security analysis, you usually don’t know what does software. For example, I am aware of one organization in another country. When they discovered the suspicious software, the local government agency recommended not to remove it or do anything about it, but to monitor its activity to understand what its purpose was. Was it data filtering? Is it related to some external command and control system? Is it just gathering information about the network? Sometimes just ripping out suspicious software, in terms of removing it from any server, is not the smartest thing to do.”
Building connections
Asked for comment if one of the issues is that utilities and other users are looking for a wider coverage of their systems from a business point of view. Wilson agrees that this is indeed an "observable phenomenon": "More and more systems are connecting to the internet because it is necessary to be able to patch application software, extract log data, update software versions - whatever that may be - as well as the ability to extract operational process data for sending to corporate management systems. Rather than having the van drive across the country halfway back to look at a piece of industrial control equipment, for example, it's much easier to connect the device to the internet and be able to query it remotely." The threat, says Wilson, is that people are connecting some of their old equipment to the Internet, quickly and easily, without proper security considerations.
Search Tools
The situation with industrial control systems is made even more dangerous by the wide availability of online tools that attackers can use to their advantage, Wilson said: “Something called Shodan is a software product that can search for devices, including industrial control systems. , and when it finds it, it tries to log on to them using various methods. He logs out again, but saves this information in a database on the internet that anyone can now find." Wilson goes on to explain the implications of this information, which is available to the public. Basically, he says that if someone ventures into the systems of a utility company, for example, they can quickly find out if any industrial control equipment is connected to the Internet: “They just search through Shodan until they find vulnerable devices.”
“If people can't find something on Google, they think no one can find it. It's not," says John Matherly, creator of Shodan, the web's most feared search engine.
Unlike Google, which searches the web for simple sites, Shodan works with the shadow channels of the Internet. This is a kind of "black" Google, which allows you to search for servers, webcams, printers, routers and a wide variety of equipment that is connected to the Internet and is part of it. Shodan operates 24 hours a day, 7 days a week, collecting information about 500 million connected devices and services every month.
It's incredible what can be found in Shodan with a simple query. Countless traffic lights, security cameras, home automation systems, heating systems are all connected to the internet and easily discovered.
Shodan users have found control systems for a water park, a gas station, a hotel wine cooler, and a crematorium. Cybersecurity experts have even discovered the command and control systems of nuclear power plants and an atomic particle accelerator with the help of Shodan.
And what's especially remarkable about Shodan, with its intimidating capabilities, is the fact that very few of the systems mentioned have any kind of security system.
"This is a giant security fiasco," said H.D. Moore, director of security at Rapid 7. The company maintains a private database like Shodan for its own research purposes.
If you do a simple search for "default password", you can find countless printers, servers, and control systems with the login "admin" and the password "1234". Many more connected systems do not have access credentials at all - they can be connected using any browser.
Independent systems penetration specialist Dan Tentler demonstrated at the Defcon cybersecurity conference last year how he used Shodan to find control systems for evaporative coolers, pressurized water heaters and garage doors.
Vulnerabilities
Joining the concerns about search tools, Wilson emphasizes that there are two sides to the fact that governments and manufacturers of industrial control equipment list known vulnerabilities related to specific equipment on the Internet: “This is supposedly done so that a technician can investigate issues related to the equipment under its control and take appropriate remedial action, such as releasing an update or patch, or even deciding to replace some devices. The disadvantage here is, of course, that the attackers will look for these same repositories of information, for them this will mean that there is a company, a target, with a lot of industrial control equipment, here is a list of all the vulnerabilities, and they can simply be attacked,” explains Wilson .
It's time to act
Moving on to potential solutions and how IBM is working with its customers to address the cybersecurity challenge, Wilson reports that it can be tackled from multiple perspectives: “We do penetration testing and system assurance testing, especially in industrial control, the idea is it is to see how difficult it really is to break into the industrial control systems of, say, a critical national infrastructure company. Oddly enough, it's usually not that hard to get in. We are also looking for things that shouldn't be and where there is a data leak that shouldn't be. We are also looking for differences between "how-designed" and "how-built" systems. We are often involved in advising our clients on how to bridge these gaps or close these backdoors in their industrial control systems and how to improve safety.”
Wilson says one approach that is being implemented is in the form of a technology that is basically designed to provide a protective envelope for these old and creaky industrial control systems: “In the UK and Ireland at IBM, we developed a security solution based on the Deep Packet Inspection (DPI) that can be inserted into almost any legacy industrial control system of any type. The solution allows you to put a modern and reliable security management system around key assets. “Now there is no more excuse for having vulnerable control systems,” Wilson concludes.
What's happened cyber security few in our country know. The most commonly used term is " computer security", but it is not as popular here as it is abroad. Meanwhile, almost 20% of cybercrimes in the world in 2012 fell on Russia. In order to ensure the cybersecurity of individuals, organizations and the state, the Interim Commission of the Federation Council for the Development of the Information Society to the development National cybersecurity strategies of the Russian Federation. The committee is chaired by a senator Ruslan Gattarov. The working group includes representatives of the government apparatus, the Ministry of Communications of Russia, the Ministry of Internal Affairs of Russia, the Ministry of Foreign Affairs of Russia, the Federal Security Service of Russia, the Security Council and other interested bodies, as well as public and non-profit organizations, including RAEC and the Coordination Center for the national Internet domain.
According to the draft of this strategy, cybersecurity is understood as a set of conditions under which all components of cyberspace are protected from any threat and undesirable impact.
Table. Objects and types of cyber threats
| Threat objects | Types of threats |
| citizens | Leakage and disclosure of private information, fraud, distribution of dangerous content, impact on the individual through the collection of personal data and attacks on the infrastructure used by citizens in everyday life. |
| Business | Impact on Internet banking systems, blocking of ticketing systems, online trading, geographic information systems and hacker attacks on private sites. |
| State | Attacks on key state control systems (e-government, websites of state bodies), economic blockade (large-scale shutdown of payment systems, booking systems), hardware attacks on personal computers, smartphones of citizens and organizations, attacks on household objects that are controlled using information and communication technologies , and critical infrastructure. |
The number of cybercrimes is growing daily
According to Foundation"Public opinion", in the fall of 2012, the monthly audience of the Internet in Russia was 61.2 million people over 18 years old, which is more than 52% of the total adult population of the country. For most users, the Internet has become an everyday, familiar phenomenon. people) do it daily. TNS in cities with a population of more than 100,000 inhabitants, 94% of users have access to the network from home. The Internet audience is still growing, although the growth rate is somewhat slowing down - from autumn 2010 to autumn 2011 it increased by 17%, and from 2011 to 2012 the growth was 12%.
According to the results of the annual study Norton Cybercrime Report 2012 damage from cybercrime for 2012 is estimated at $110 billion per year worldwide and $2 billion per year in Russia. According to the results of the study, every second 18 users over the age of 18 become victims of cybercrime. The average damage from a cyber attack per average user is $197 (or more than 6000 rubles).
According to the Norton Cybercrime Report 2012, one in five people over the age of 18 has been the victim of a cyberattack, either on social media or via mobile devices. Most Internet users take only basic steps to protect information (delete suspicious emails, carefully disclose personal data), but do not pay attention to such an important measure as creating complex passwords and changing them regularly.
The negligence of users generates new types of computer crimes. At the moment, among the main threats to cybersecurity are the introduction of a computer virus, unauthorized access to information, its forgery, destruction, blocking, copying, etc. In practice, computer crimes are most often just one of the stages in the commission of theft or fraud. Having obtained illegal access to a personal computer, a criminal, as a rule, is not limited to copying information about the password and access login in the personal account of the victim, who is a user of Internet banking services. The ultimate and main goal of the attacker is the secret withdrawal of other people's funds from the bank account of the victim, which qualifies as theft .
Cyber security issues in Russia
The problem of cybersecurity in our country is particularly acute largely due to the weak regulatory framework. In fact, there is currently no formulated and consolidated holistic approach to the national problem of cybersecurity. (approved by the President of the Russian Federation of September 9, 2000 No. Pr-1895) is obsolete and requires serious revision. In the Decree of the President of the Russian Federation of May 12, 2009 No. 537 "" and the mentioned doctrine, there was practically no place for the cybersecurity agenda. In particular, the problems of prompt response to incidents in information networks, the use of the Internet for criminal purposes, the problem of the internal security of enterprises and organizations (associated with information leaks), etc., have not been regulated and normatively fixed.
Quote
Alexey Raevsky, Ph.D., CEO of Zecurion: "This problem[the problem of leaks and liability for them - Ed.] is relevant because, firstly, leaks lead to the compromise of large volumes of personal data of citizens, and, secondly, not enough attention is currently paid to this problem and the situation with protection against internal threats in organizations is not very good. Existing regulatory documents practically do not provide for the responsibility of organizations and officials for leaks of personal data that occurred through their fault". |
At the same time, in Russia, there is a lack of readiness of law enforcement agencies to investigate such categories of cases, in particular, due to the lack of a terminological apparatus. To resolve this issue, one has to resort to the help of specialists who explain the technological terms, and even the essence of the computer crime itself. Their help requires a certain amount of time and money.
Subjects of legal responsibility
In any dissemination of information on the Internet, several subjects are involved: the author himself, the owner of the site (resource) and the owner of the server (provider). Accordingly, in the case of unlawful dissemination of information, the task of the court when considering a civil case is to determine who in a particular case will be the defendant: the owner of the information resource or the host provider.
This issue is handled differently in different countries. So, in China and the Middle East, the provider is responsible for all user actions. In Europe, in accordance with the European E-Commerce Directive, the provider is released from liability for the transmitted information if it fulfills certain conditions of the contract (for example, if it does not initiate its transfer, does not select the recipient, does not affect the integrity of the information). According to the laws of some countries (for example, the USA), the provider is not responsible for the actions of users.
For a long time, Russian legislation did not clearly define the mechanisms for holding providers liable for posting inaccurate information on the sites they serve, and it also did not establish the possibility of making claims against them for the quality of such information. Federal Law No. 139-FZ of July 28, 2012 "" brought some clarity. In order to implement this law, a unified automated information system was created "Unified Register of Domain Names, Site Page Pointers on the Internet" and network addresses that allow identifying sites on the Internet, containing information whose distribution is prohibited in the Russian Federation. in this registry of site addresses, the latter are blocked.
Disputes involving a foreign entity
Also, complications are caused by information relations that arise in cyberspace, in which one of the parties is a foreign person. For example, if the owner, information consumer and host provider are citizens of different countries. Usually, in such cases, the subjects of relations have the right to choose the applicable law and the place for the dispute. However, there is no guarantee that the parties will be able to reach a consensus on the issue of jurisdiction. Similar problems may arise if the damage as a result of using the site is caused in the territory of a foreign state, or the information posted on the site violates the laws of a foreign state on the protection of intellectual property rights.
Criminal liability for cybercrime
In the current Criminal Code of the Russian Federation there is only one chapter that provides for liability for cybercrime - chapter 28 " Crimes in the field of computer information". Most scientists consider the placement of computer crimes in this chapter not entirely successful and suggest changing its title. For example, Vladimir Stepanov-Egiyants, K. Yu. D., Deputy Dean of the Faculty of Law, Moscow State University named after M.V. Lomonosov considers it appropriate to rename the chapter under study to " Crimes against computer information", since the legislator begins most of the chapters of the Criminal Code of the Russian Federation with the words "Crimes against ...".
This chapter contains only three articles that are tied to certain malicious software and hardware actions on the network ().
The note to says that computer information refers to information (messages, data) presented in the form of electrical signals, regardless of the means of their storage, processing and transmission. The Supreme Court of the Russian Federation expressed its opinion on this note in par. 29 of the official response dated April 7, 2011 No. 1 / general-1583 "On the draft Federal Law" On Amendments to the Criminal Code of the Russian Federation and Certain Acts of the Russian Federation ":" The term "electric signals" proposed in the note, in our opinion, does not provide sufficient clarity and requires additional explanation.
"Given that computer networks now use fiber optics for data transmission, in which information is transmitted using the transfer of light, and not electrical signals, it is difficult to answer the question of how acts will be qualified in practice, based on such formulations," Vladimir Stepanov is indignant Egiyants.
Liability is provided for illegal access to computer information protected by law, if this act entailed its destruction, blocking, modification or copying. It should be noted that the physical damage to the computer, which resulted in the destruction of the information stored in it, does not entail the consequences provided for, since the object of the criminal encroachment is computer information, and not its carriers.
Quote
Vladimir Stepanov-Egiyants, "It is advisable to introduce an article on liability for the fact of encroachment on computer information into the Code of Administrative Offenses of the Russian Federation. For the purpose of uniform application of judicial practice, I consider it desirable to generalize the Supreme Court of the Russian Federation judicial practice for the preparation of clarifications on issues related to the qualification of illegal acts in the field of computer information, including disclosure of the essence of the consequences of illegal access to computer information". |
A particularly dangerous consequence of unauthorized access to computer information is its destruction. To recognize the crime as completed, it is enough to execute commands specially designed for deleting, for example " delete" or " format", regardless of the possibility of recovery. Currently, scientists are widely discussing the question: does the composition of the crime in question form the presence of a copy of information from the victim or the possibility of its recovery? For example, Yuri Gavrilin, D. Yu. n., head of the department of criminal law disciplines of the Tula branch of the MosAP, and Valery Mazurov, K. Yu. n., Deputy Head of the Regional Scientific and Methodological Center for Legal and Technical Protection of Information of the Altai State University, Honorary Professor of the S. Amanzholov East Kazakhstan State University, believe that if the user has the opportunity to restore the destroyed program or receive it from another person, such an opportunity does not relieve the guilty person from liability ; Sergey Brazhnik, K. Yu. D., Head of the Department of Criminal Law and Procedure of the Academy of MUBiNT, holds the opposite point of view. “When committing a crime, a person cannot know whether the victim has the possibility of restoring information and a copy. To hold the perpetrator accountable, it does not matter whether the victim has a copy and whether the destroyed information can be restored,” believes Vladimir Stepanov-Egiyants.
The question is how long should it last information blocking for the perpetrator to be held accountable is also debatable. A number of scientists (for example, Doctor of Law, Professor of the Department of Criminal Law of Moscow State Law Academy named after O.E. Kutafin Samvel Kochoi) believes that blocking should continue for such a period of time as is sufficient to disrupt the normal operation or threaten to disrupt the user experience. In science, there is also an opposite opinion, according to which the guilty person is subject to criminal liability for blocking information, regardless of whether it was temporary or permanent. "The duration of blocking should be sufficient to disrupt the normal work of information users. Blocking information lasting from several seconds to several minutes cannot be considered a crime due to its insignificance," Vladimir Stepanov-Egiyants believes.
copying information, that is, the transfer of information from one medium to another, can be done, for example, by copying or photographing from a computer screen. Opinions of law enforcers about whether such copying would constitute a crime, differ.
Similar problems associated with the presence of an outdated definition of computer information and the lack of definitions for the destruction, blocking, copying of computer information arise when applying. provides for liability for violating the rules for operating the means of storing, processing or transmitting computer information and information and telecommunication networks, but in practice it is practically not used.
On November 29, 2012, Federal Law No. 207-FZ "" was adopted, which for the first time in Russian legislative practice singled out various types of fraud into separate offenses, depending on the area in which they were committed. This law created (“Card Fraud”) and (“Computer Information Fraud”). Obviously, in law enforcement practice within the framework, questions will arise about what actions should be attributed to the input and removal of computer information. Technically, computer information can be completely deleted only by physically destroying its carrier. The use of special programs and tools, as a rule, allows you to recover deleted information.
To combat the enemy of the 21st century - cybercrime - the state is taking various measures, however, in order for this fight to be really effective, one should not forget that the observance of elementary security rules when working on the Internet is the responsibility of the user.
The growth of information volumes, computer networks and the number of users, the simplification of their access to information circulating through networks significantly increases the likelihood of theft or destruction of this information.
At present, the importance of the problem of protecting information resources, including personal ones, is determined by the following factors:
· development of world and national computer networks and new technologies providing access to information resources;
transfer of information resources to electronic media and their concentration in information systems;
· an increase in the "price" of the created and accumulated information, which serves as a real resource for socio-cultural and personal development;
· Development and improvement of information technologies that can be effectively used by criminal structures.
Computer crime has become a real scourge of the economy of developed countries. So, for example, 90% of firms and organizations in Great Britain at different times became objects of electronic piracy or were under its threat, in the Netherlands 20% of various kinds of enterprises became victims of computer crime. In Germany, with the use of computers, information is stolen annually in the amount of 4 billion euros, and in France - 1 billion euros.
The greatest public danger is represented by crimes related to illegal access to computer information. It is known that the offense in question has a very high latency, which, according to various sources, is 85-90%. Moreover, the facts of detection of illegal access to information resources are 90% random.
A crime of this type, as world practice shows, causes enormous material and moral harm. For example, the annual losses of the US business sector alone from unauthorized penetration into information databases range from 150 to 300 billion dollars.
In modern conditions of socio-economic development of the Russian Federation, computer crime has become a reality of public life.
The growth of computer crimes in Russia is confirmed by the statistics of the Security Council of the Russian Federation, according to which more than 800,000 attempts to carry out computer attacks on the official information resources of state authorities were detected, more than 69,000 of them on the official Internet-representation of the President of Russia.
The following data clearly demonstrates the dynamics and scale of computer crimes. Over the past ten years, their number has increased by 22.3 times and continues to grow by an average of 3.5 times annually. The annual amount of material damage from these criminal encroachments is 613.7 million rubles. The average damage caused to the victim from one computer crime is 1.7 million rubles. Only about 49% of crimes are investigated with a certain degree of success, and convictions are issued only in 25.5% of the total number of criminal cases.
The average indicator - the number of criminal cases on which the proceedings are suspended - is 43.5% and clearly reflects the low degree of professionalism of law enforcement officers in their activities to detect, investigate and prevent these criminal attacks.
For a more accurate comparison, the following data can be given. 1,673 criminal cases were initiated based on the materials of the “K” subdivisions, which is 45% more than in the same period of the previous year. The number of detected crimes increased by almost 6% and amounted to 4295 against 4057 in the previous year.
According to the Department "K" of the Ministry of Internal Affairs of Russia, it was possible to solve over 7,000 crimes in the field of high technologies, more than 4,000 of them fall under Art. 272 of the Criminal Code (CC) “Illegal access to computer information”. The bulk of the crimes are computer crimes related to illegal access to information and the use of malware. An analysis of the current situation shows that about 16% of attackers are young people under the age of 18, 58% are people from 18 to 25 years old, about 70% of them have higher or incomplete higher education.
The following main trends in the development of computer crime in Russia are distinguished:
a) the highest growth rates;
b) mercenary motivation of the majority of committed computer crimes;
c) the complication of methods for committing computer crimes and the emergence of new types of illegal activities in the field of computer information;
d) growth of criminal professionalism of computer criminals;
e) rejuvenation of computer criminals and an increase in the proportion of people who have not been prosecuted before;
f) growth of material damage from computer crimes in the total share of damage from other types of crimes;
g) transferring the center of gravity to the commission of computer crimes using computer networks;
h) development of computer crime into the category of transnational crime; i) high level of latency of computer crimes.
The fight against cybercrime should become a priority function of all law enforcement agencies and law enforcement agencies.
Since the Internet as a whole does not belong to anyone in particular, is not regulated by anyone in particular, there is no administrative authority responsible for the Internet that could prohibit the practice of posting pornographic images on Web sites. The situation is complicated by the fact that the information may be stored on Web sites in another country or on another continent, where the legislation is not ready to establish liability for the storage and dissemination of obscene information. The problem should be solved at the international level, possibly within the framework of UNESCO.
The results of the analysis of the characteristics of computer crime make it possible to predict the complication of the fight against it, due to the fact that the methods of committing computer crimes are becoming more sophisticated and difficult to determine every year. It is necessary to approach the solution of this problem comprehensively.
Experts identify the following elements of organizing the activities of law enforcement agencies in global information networks:
study and assessment of the situation in networks;
Implementation of the optimal alignment of forces and means, ensuring interaction;
management, planning and control; coordination of actions of subjects of law enforcement agencies.
An important element of the system of measures to combat computer crime are preventive measures nature, or preventive measure. Most foreign experts point out that preventing a computer crime is much easier and simpler than uncovering and investigating it.
Usually there are three main groups of measures to prevent computer crimes: legal; organizational, technical and forensic, which together make up an integral system of combating this socially dangerous phenomenon.
The strategy of international cooperation in the field of combating computer crime and priority areas for its implementation, including: interstate agreements, organization of interstate operational-search activities, adoption of interstate regulations and improvement of integration processes within interstate organizations, substantiation of the need to develop and adopt an appropriate comprehensive interstate program.
Cybercrime control
The totality of needs, the satisfaction of which ensures the existence and the possibility of the progressive development of every citizen, society and state, is part of the national interests, without the implementation of which it is impossible to ensure the stable state of the state and society, as well as the normal development of the country as an independent subject of international relations. All protected interests in the information sphere are divided into the interests of the individual, the state, and society. The problem of cybercrime currently affects both entire states and individuals.
Based on the foregoing, we can conclude that counteracting cybercrime is part of the national interests
Figure 1.1 shows a cybercrime countermeasures system.
Fig.1.1 Cybercrime control
conclusions
Cybercrime has already become a big problem for the whole world - and the problem is growing rapidly. Law enforcement agencies are trying to keep up with it - legislators pass new laws, police agencies form special units to combat cybercrime. Cybercrime, like any other crime, is not only a legal but also a social problem. In order to successfully fight cybercrime, IT specialists and those in society who are directly or indirectly affected by criminal activity that has found a favorable environment - virtual space should be involved.
It is necessary to create a unified classification and a formal model of cybercrime that will facilitate both countering and investigating cybercrime.
