Cybersecurity and cybercrime are very similar in that a computer is the tool in the commission of a crime or the target of a crime. Cybersecurity is a bit more narrow in that the major concern is the unauthorized access and use of computers, or hacking. Cybercrime has a broader focus, encompassing hacking along with other computer related offenses such as identity theft, cyberbullying, and online fraud. In the best case scenario, the two would be treated very similar as similar techniques can be used to understand and prevent both.
However, our nation’s leaders have understood and responded to cybersecurity and cybercrime in two very different ways. This tells us a great deal about the current gulf between elites and commoners. It is one more quiver in the bow for those embracing American populism.
Modern organizations have a series of interconnected computers housing valuable pieces of information. Only authorized personnel – people with the right identities and passwords – are able to access and manipulate this information. The network in which I have access through my user ID and password allows me to see student information and manipulate grades. The employees at Bank of America use their credentials to see the bank statements of customers stored on their computers. The information kept in these computer networks have various levels of sensitivity – from the contact information of faculty and students to the emails and operational plans on military bases. People are always trying to get access to these networks in order to steal information or manipulate information. Sometimes they want access in order to change the way in which these computers operate.
Given the importance of these computer networks, billions of dollars have been invested in developing tools, techniques, and personnel to protect them. Thus the cybersecurity industry.
Cybercrime is more broad in focus. It also deals with the unauthorized used of a computer (in the simplest terms, a virus placed on your computer or the stealing of someone’s computer passwords is unauthorized use). But the use of computers to steal one’s financial identity, and then run up their credit cards also falls under the cybercrime rubric. As does using sending out harassing tweets, posts, and emails to someone. As well as defrauding someone by taking advantage of the Internet’s anonymity.
But it is not the scope of cybercrime that makes it different than cybersecurity. It is the targets. Everyday people are the targets of these crimes, not large corporations of bureaucracies.
Media attention and legislative efforts have been disproportionately aimed at cybersecurity. Yet in reality more people have been touched and hurt by cybercrime.
The FBI hosts a website that collects and reports cybercrime, the Internet Crime Complaint Center (IC3). Their website states that: “The IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant.”
One of the types of complaints collected by the IC3 are romance scams. These are instances where offenders use the anonymity of the Internet to portray their love for a victim only in an effort to fleece them of as much money as possible. This scam is as old as the world’s first profession, I imagine. The difference is that the Internet makes it possible to (a) reach more people, and (b) more easily construct the idea in the victim’s mind that the relationship is real and genuine.
In 2014, the FBI reported a total loss of approximately 87 million dollars through romance scams. This is in an underreporting of the total dollar loss. People are too embarrassed or do not know about IC3.
Romance scams are, in my opinion, one of the more despicable offenses. They prey on a vulnerable subset of the population – middle aged women. It is highly likely (although I do not have the data to support this idea) that the victims are low on digital literacy, and are unaware of the many ways that lotharios manipulate the digital environment. Many individual lives and homes can be destroyed through crimes like this. However, these people do not have a lobby in Congress to protect them.
One could make the argument that being duped by a man who makes sweet music with computer keys is more about the ignorance of the victim, has little to do with technology, and at any rate is not a new crime.
Well, what about when an individual’s private computer or computer network is used without authorization (i.e. hacking)? People fall victim to viruses, worms, and phishing attacks (when a fraudulent email is sent) everyday. All of these are the same types of techniques used to compromise the computer networks of large entities.
The crucial difference is the targets.
Follow the Money
In 2009 the Obama administration announced a Comprehensive National Cybersecurity Initiative (CNCI), with a “total budget 40 billion over several years”. This has trickled to my current home state of Virginia. Our governor, Terry McAuliffe has been aggressively pushing a number of cybersecurity initiatives:
- “Establishing the nation’s first state-level Information Sharing and Analysis Organization (ISAO) to monitor cyber security threats.”
- “Two-year college scholarships for students interested in cyber security and willing to work another two years in public service”
- “establishing a public-private working group to explore the technology needed to safeguard Virginia’s citizens and public safety agencies from cybersecurity attacks targeting automobiles”
There is nothing wrong with providing the vision and funding for cybersecurity. We need it the same way we need to protect our water facilities (see Flint) or our levees (see New Orleans) or our bridges (see Minneapolis).
But there is no such federal initiative and consequent state level programs that deal with cybercrime. I am sure there are some monies somewhere. But the level of interest in protecting everyday American citizens is paltry in comparison to the interest in protecting bureaucracies.
I can go a bit further. This government aid is in all likelihood a subsidy for American corporations. Corporate networks are much more numerous than those of the military, and although there are many hospitals and colleges storing sensitive information, hackers simply are not interested in x-rays and midterms. The majority of people who are trained and the greatest application of the innovations produced will accrue to entities like Wells Fargo and Bank of America.
And so cybersecurity is to cybercrime as Wall Street is to Main Street. Millions of dollars are being funnelled into protecting large industries while a relative trickle of dollars is devoted to educating the people themselves or the law enforcement charged with protecting the people.
Universities and colleges are scrambling to develop cybersecurity programs and dole out cybersecurity certificates, while little interest is in developing digital literacy courses that teach everyday citizens some basic measures that will protect them from romance scams, phishing attacks, and computer viruses.
I am aware that people are not that upset about how the government ignores their computer security. The world of bits, bytes, packets, and protocols is too arcane and too distant from the everyday necessities of life. But the relationship between cybercrime and cybersecurity is another illustration of why people feel the government does not work for them. They have a legitimate beef, and their support of Donald Trump and Bernie Sanders – what has crudely been labeled “populism” – is more than justified.
From the government bailout of banks, to a national health care plan that forces people to give money to health insurance companies, to billions of dollars in subsidies going to sugar producers, to costly wars that only seem to provide benefits to defense contractors and oil companies, to free trade agreements that never provide benefits to working Americans, to cybercrime and cybersecurity, the American people are realizing that their government no longer represents them.