Overview

The unprecedented connectivity of the Internet age has led to enormous social and economic benefits, but has also introduced numerous new challenges. In a fully connected world, security threats continue to evolve, keeping ahead of the most advanced defenses.

Background

Network-based security threats have led to widespread identity theft and financial fraud. Spam, viruses, and spyware cause significant problems for consumers and businesses. A security breach may irreparably damage a company's brand or reputation. In the U.S., security issues threaten to slow the national adoption of electronic medical records. In the EU, consumer confidence regarding security and data protection is a barrier to the more rapid expansion of e-commerce across member state borders.

Today’s information attacks are a profitable business enterprise and are often controlled by organized crime syndicates. A growing number of sophisticated cybercrime business models, including the emergence of criminal enterprises, are built around selling tools and services for launching network attacks, rather than simply selling information gained from attacks.

Security technology continues to advance, changing from passive, point product-based to active, end-to-end approaches to security recognition, containment, and quarantine. In addition, Internet Service Providers (ISPs) are competing on security and consumer ISPs offer security as part of their service.

Policy makers around the world are focused on the state of the information infrastructure. Policy makers want to ensure that users of networks employ the best technology and process practices to make networks as secure as possible. Governments and businesses continually update their strategies to prevent attacks, and public-private partnerships have been formed to develop voluntary, market-based approaches to security.

Cisco’s Position

Cisco believes that governments can help decrease cyber security threats by:

Raising consumer and industry awareness of the importance of network security
Educating users about best practices
Using best practices to secure their own systems
Funding long-term research and development
Aggressively enforcing the laws against cyber crime and prosecuting criminals that use or attempt to use the network for theft, fraud, extortion, or other crimes
Increasing cooperation at an international level with other governments, law enforcement agencies, and the private sector on the socialization of best practices and international prosecution of cybercrime

Cisco does not believe that governments should regulate security. In general, regulation:

Stifles innovation by picking and choosing specific technology, rather that letting market competition develop the best and most advanced solutions
Does not advance quickly enough to keep pace with current industry needs and newly posed threats
May actually decrease Internet security by creating specific points for systemic failure

Additional Resources

U.S. Strategy to Secure Cyberspace

National Infrastructure Advisory Council (NIAC)

The Business Software Alliance Cybersecurity website

The Institute for Information Infrastructure Protection (I3P)

TechNet CEO Cybersecurity Resource Center

Stay Safe Online

e-Europe initiatives

OECD Guidelines: Towards a Culture of Security

APEC eSecurity Task Group

Partnership for Critical Infrastructure Security

European Information and Network Security Agency, ENISA

E-Security Task Force

National Cybersecurity Partnership

President's Critical Infrastructure Board