Crime institute says govt tenders too soft

Security requirements of government tenders should be toughened to reduce incidents of cybercrime, according to the Australian Institute of Criminology.

Security requirements of government tenders should be toughened to reduce incidents of cybercrime, according to the Australian Institute of Criminology.


(Complete image by Tim Geers, CC BY-SA 2.0)

Government agencies should also play a "major supporting role" to help IT vendors design more secure products.

Senior research analyst Raymond Choo said the moves would help "cultivate a culture of security" and reduce the instances of cybercrime.

"[Government should] create an environment conducive for ICT service or content providers to achieve marketing and competitive advantages if they offer products and services with higher levels and more innovative types of security," Choo said.

"There will never be enough policing resources to investigate all cybercrime."

He cited the example of the United States National Security Agency, which assisted Microsoft to develop the Windows Vista operating system according to Department of Defense security requirements.

Choo said a "one-stop 24/7 reporting website" could be established to help feed better cybercrime statistics to law enforcement agencies.

"This would also enable coordinated action by government and law enforcement agencies and the private sectors to have a better understanding of the frequency and extent of cybercrime incidents."

"Victims of cybercrime sometimes feel a sense of helplessness, as the mechanisms for reporting cybercrime have not kept pace with our use of ICT," he said.

The difficulties in prosecuting individuals for online crime stem from a lack of consistency of legal frameworks across countries, according to Choo. In order for a conviction to be successful, alleged misconduct must constitute an offence in both the country seeking prosecution and that in which the alleged offence was made.

"Cybercrime prosecutions involving multiple jurisdictions will be an essential response in the foreseeable future," Choo said. "… until the process of harmonisation of laws and sanctions is more advanced, disparities within and between jurisdictions will continue to create risks and impose serious operational burdens on the resources of a jurisdiction's prosecution services."

To this end, countries should establish laws to outlaw the creation of networks used for illegal purposes to crackdown on botnets and distributed denial-of-service attacks, Choo said, adding that Australia, Singapore, the United Kingdom and United States have a "relatively comprehensive" legislative framework in place to deal with cybercrime.

"I believe the international community is starting to understand the importance of cross-border cooperation in cybercrime cases not just in online child exploitation cases," he said.

Tougher measures should also be enforced to reduce abuse of the domain name system, according to Choo, including the creation of a stricter domain name registration regime, and ensuring domain names and IP addresses suspected of being used for cyber criminal activities are revoked.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All