Symantec’s latest report on its beloved billion-dollar baby  29.9.11

431 million adults, $388 bn, marijuana, cocaine, heroin – cybercrime adds up to just an EFSF per year according to the folks at Symantec:

For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually. Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).

The research methodology:

Findings are extrapolations based upon results from a survey conducted in 24 countries among adults 18-64. The financial cost of cybercrime in the last year ($114bn) is calculated as follows: Victims over past 12 months (per country) x average financial cost of cybercrime (per country in US currency).

Between February 6, 2011 and March 14, 2011, StrategyOne conducted interviews with 19,636 people and included 12,704 adults, aged 18 and over 4,553 children aged 8-17 years and 2,379 grade 1-11 teachers from 24 countries (Australia, Brazil, Canada, China, France, Germany, India, Italy, Japan, New Zealand, Spain, Sweden, United Kingdom, United States, Belgium, Denmark, Holland, Hong Kong, Mexico, South Africa, Singapore, Poland, Switzerland, United Arab Emirates).

20,000 interviews – interviews, not surveys – sounds impressive. With an interview lasting some 15 minutes, that’s 300,000 minutes or 5000 hrs or 625 days with an 8hrs day. You’d need a team of some 15 persons making telephone interviews for two months. Doable, just a few hundred thousand bucks going from Symantec to StrategyOne. But does such firepower help to dig out the truth™?

StrategyOne – Evidence-based communications:

As the strategic research partner of Edelman, the world’s leading independent PR firm, our heritage is in communications research. We understand that useful research informs strategy that engages, persuades, and moves products, minds, and media alike.

As to the methodology of the report, which is by the way not available as a PDF:

  • A list of questions asked is not attached.
  • Definition of cybercrime I: Cybercrime is, among others, defined as: “Computer viruses or Malware appeared on my computer”. (Chapter 7) So a malware attachment in your inbox qualifies as a single incident of cybercrime. No indication about the percentage of such cybercrime incidents vs., say, credit card fraud.
  • Definition of cybercrime II: Which kind of incidents have been reported as “another type of cybercrime on my computer”? What’s the percentage of this category?
  • Calculation of costs I: No indication whether different price bases are used e.g. for the U.S. and countries with substantial lower price indices, i.e. India, China.
  • Calculation of costs II: How are non-monetary incidents such as “malware or virus appeared on my computer”, “responding to a smishing message”, “approached by a sexual predator”, “Online Harassment” etc. are turned into monetary damages?

Can being exposed to such reports be subsumed under online harassment? We won’t have reliable, sound, unbiased figures on cybercrime and the costs associated with it until a major research endeavour with serious funding spanning institutes in different countries is set up.

 

Dr .de  22.5.11

In Germany, there appears to be a hidden, implicit, rarely outspoken two-track system:

  1. the show-off doctorate with little scientific value and
  2. the real scientific doctorate based on dissertations that actually contribute to scientific knowledge.

The show-off doctorate is the product of the high social value of a doctorate in Germany, incompetence, co-optation or naiveté (in dubio pro latter) of supervisors and university bodies conferring doctorates, combined with some trickery of eager climbers. […]

ENISA debate in Brussels – some notes and excerpts  21.5.11

Here some of my notes on the ongoing ENISA debate in Brussels.
Currently, there are bunch of proposals in the loop, thrown in by the European Commission. (The parliament itself can still not issue their own initiatives. All they can do or rather: after Lisbon, the parliament can at least alter existing paragraphs, though it can’t add new ones.)

In the loop:

[…]

Agency or networks – some thoughts about Europe’s ongoing internet security debates  21.5.11

Well, I shouldn’t make these all-encompassing headlines, after all, forcing me to write way too long texts. Anyhow. I’ve been in Belgium a couple of weeks ago, used the opportunity of proximity for a Brussels visit. The first glaring characteristic of Brussels is the scent of Waffles all over Midi station. It is like any station comes with a little suprise for its passengers. At Luxembourg station, the on which neighbours the European Parliament, the party in control of the facility equipment opted for an acoustic treatment: Abba’s “The winner takes it all.” For sure she does. (Which reminds me of “Mamma Mia”: Meryl Streep has quite a voice, by the way.)

The voices of the European citizens are represented by representatives sitting in offices matching in size those of elaborated knowledge workers in corporate headquarters. A nice quality surplus however […]

Internet principles and security  21.5.11

As Chris Marden puts it:

“So the governments of the West are at least rhetorically in favour of a free Internet…”

Rhetorically. The difference between the Council of Europe and the core of the European Council though is that only the latter is of substantial relevance for immediate political and legislative outcomes outcomes. Plus: a CoE is quite different from the “goverments of the West.” […]

The uber-CERT: Germany’s new cyber-defense centre  2.4.11

I guess when average media consumer hears “cyber-defense centre”, she likely has Star-War-ish control rooms in mind,. Now, starting today, Germany has its National Cyber Defense Centre. It is located in the offices of the Federal Office for Information Security (BSI), which reports to the Federal Minister of the Interior. Not much of a surprise, any Quite some headlines in national media for a 10-persons task-force. (Sources: FAZ, Ministry of the Interior, both in German)

[…]

Benkler on Wikileaks, media, distributed models of mutual criticism  23.3.11

Yokai Benkler, A Free Irresponsible Press: Wikileaks And The Battle Over The Soul Of The Networked Fourth Estate, forthcoming Harvard Civil Rights-Civil Liberties Law Review, 66 pages (benkler.org)

It forces us to ask us how comfortable we are with the actual shape of democratization created by the Internet. […]

NATO and its role in internet security – geopolitics of intenet security governance?  20.3.11

“The threat is there to see and if the worst were to happen…” (Donald Rumsfeld, Feb 2003)

Looks like Stuxnet is the best of all electronic Pearl Harbours, so far. The signs on the walls of what could be. The “game changer” (DHS cyber director), the menace that seems to convince politicians, media and the public alike that there is something potentially very threatening. It has taken some fifteen years of fear mongering to achieve that.

Menaces, threats, risks, dangers require responses, yet which? […]

House of Cards  19.3.11

I couldn’t possibly comment:

We’re delighted to tell you that in late 2012 Netflix will be bringing to our members in the U.S. and Canada exclusively “House of Cards,” the much-anticipated television series and political thriller from Executive Producer David Fincher and starring Kevin Spacey. We’ve committed to at least 26 episodes of the serialized drama, which is based on a BBC mini-series from the 1990s that’s been a favorite of Netflix members. (Netflix)

Or, maybe: If you’ve ever wanted the essence of politics, the schemes, the manipulation, the games, the viciousness, condensed into a timeless, enthralling play, enjoy Ian Richardson performance as Francis Urquhart, a modern mix of the Shakespearean figures of Richard III. and Macbeth, who succeeded Margaret Thatcher as Prime Minster. (IMDB)
Some of the political wisdoms the series conveys:

  • Power and its volatileness: “fear that this might be the day we wake to find the magic gone” (youtube)
  • Political loyalty: “a helping hand in these rather trying days” (youtube)
  • Leaking: “beware of an old man in a hurry” (youtube)
  • Social responsibility: “let’s give our young people a chance to learn self discipline, again” (youtube)
  • Power, terrorism and leadership: “Deeper than honour, deeper than pride, deeper than lust, deeper than love is the getting of if all. The seizing and the holding on.Tthe jaw is locked, biting into power and hanging on. Biting and hanging on.” (youtube)
  • Trust and power: ” But they all, all of them, betray us eventually. They love us, but not quite enough. They trust us, but not quite enough. And we trust them to be entirely human, meaning less than trustworthy. Which means we cannot entirely sleep. As the cat’s eyelids flicker, some part of us must stay awake, always, ready, as the coiled spring is ready.” (no link here, alas)
  • Role of a parliamentary majority leader: putting a bit of stick about

“Intensification of civil-military cooperation”. Some comments on the recent Dutch National Cyber Security Strategy on incident response  18.3.11

In February, the Dutch Ministry of Security and Justice released its “National Cyber Security Strategy (NCSS) – Success through cooperation.” (govcert.nl) Section 5.4, “Response capacity for withstanding ICT disruptions and cyber attacks”, is particularly interesting and highlights the ongoing transformation of the organisational landscape. While the strategy’s briefness makes a refreshing change for lazy readers like us, is also raises a couple of questions.
[…]