Governments and companies must take an international approach to dealing with cyber crimes, the Global Internet Project (GIP) advised in a set of recommendations released at the G8 conference in Paris.
GIP has issued 13 recommendations for businesses and organisations to follow and nine measures for governments to consider.
Government regulations are not, however, the answer, according to the GIP, a group of senior Internet executives that promotes industry actions aimed at curbing the need for regulation. The recommendations were outlined in a press conference with Vint Cerf, senior vice president for Internet Architecture and Technology at WorldCom and a GIP member.
"You simply can't keep up with the technology," Cerf said of Internet regulation, "so the laws won't apply."
At issue in particular are forthcoming Internet advances, including video over the Net and wireless Internet-based communications. Issues related to those should be considered now, and measures should be taken to ensure security and safety of users, GIP officials said.
GIP members said companies must do whatever they can to smooth security, and some pointed comments were made regarding what members believe Microsoft should be doing to make its software less prone to attack by viruses and worms such as the recent IloveYou' threat.
Still, there was also acknowledgment that hackers reach new levels of sophistication with each new virus that is written, creating, in Cerf's words, a "cottage industry" of cyber criminals. Prevention alone won't work, so audit trails and other measures are needed on top of the preventative approach.
This is what GIP has recommended that businesses and organisations do:
* Identify and disseminate information about computer systems security holes, with CERT (http://www.cert.org/) and the US Federal Bureau of Investigation (FBI) National Infrastructure Protection Centre (http://www.fbi.gov/nipc/) serving as clearing houses.
* Perform security audits and decide how to protect systems from external and internal threats. As Cerf noted, many attacks come from users with authorised access who bear a grudge.
* Cooperate with law enforcement and other agencies to detect and alleviate attacks.
* Improve physical security of critical systems, especially domain name and root servers.
* Guarantee security tools being shipped and used are installed as they should be, and encourage administrators and users to be trained in tools usage.
* Make sure that workers know that security is part of their normal duties. n Establish policies that require regular updates of antivirus software, and require workers to use password protection systems.
* Provide advice to governments on how to protect their computer systems and track down and arrest hackers.
* Invest in research on how to reduce Internet security vulnerability and computers that are part of the Internet.
* Take all needed steps to secure networks, such as filtering incorrect routing information and spam and denying unauthorised access.
* Support outreach programs that will convey a code of cyber ethics to youngsters.
* Encourage deployment of IPsec and IPv6 protocol standards.
* Encourage and develop better authentication systems.
The GIP can be reached at http://www.gip.org/.