Published online by Cambridge University Press: 17 September 2019
Despite an ongoing drive by governments and law enforcers around the world to improve the sophistication of their risk mitigation measures, cyber-attacks are continually increasing. A study from Computer Crime and Intellectual Property Section (CCIPS) shows more than 4,000 ransomware attacks occurred daily in 2016. That's a 300 percent increase over 2015, where 1,000 ransomware attacks were seen per day. Cyber criminals are successfully penetrating even the most high-profile companies and governmental agencies. The breach at the NSA was truly alarming and just one recent example of the dire situation the country, and world, face as cybercrime intensifies and the cyber security talent shortage becomes more serious.
Accordingly, the purpose of this research is to focus on cyber education at the national, government, and law enforcement level examining the methodology to set the tone from the top ensuring alignment between governments, law enforcers, private sector, and academic level. It also examines the gaps in cyber laws and educational governance initiatives and their impact on efficient execution of cyber policies for various regions of the world with a focus on the United Arab Emirates and the United States of America.
Finally, this article recommends policy guidelines and a compliance manual framework for governments and law enforcers to consider ensuring that cyber risks are properly addressed and mitigated in a structured and coherent way.
© Hala Bou Alwan, 2019. ELLM, LLM and LLB – Founder and Managing Director of Hala Bou Alwan (HBA) Consultancy.
2 Fraud Watch International-Why is cyber security awareness important - https://fraudwatchinternational.com/security-awareness/what-is-cyber-security-awareness-training/ Dec 21, 2018.
3 National Crime Agency (NCA) Strategic Cyber Industry Group, Cyber Crime Assessment 2016, July 7, 2016, http://www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file.
4 Dale C. Rowe, Barry M. Lunt, and Joseph J. Ekstrom, The Role of Cyber-Security in Information Technology Education. Brigham Young University, Provo, UT, U.S.A.
5 E. Chabrow, Bank Info Security—Ideas for Filling the Cybersecurity Skills Gap-Testimony Given to Presidential Commission on Enhancing National Cybersecurity, September 21, 2016.
6 Thomson Reuters, Cost of Compliance 2017 report – 2017 https://legal.thomsonreuters.com/en/insights/reports/cost-compliance-2017
Thompson Reuters – Data Privacy Compliance Survey report – 2018.
Emerging Payment Association – Facing up to financial crimes survey report - 2019.
7 A. Carado—CompTIA: Human Error the Primary Cause of Security Breaches-May 2016.
8 Farwell, J.P., Industry's Vital Role in National Cyber Security. Strategic Studies Quarterly, Vol. 6, No. 4 (WINTER 2012), pp. 10–41Google Scholar. Air University Press.
9 Kelly Ricker, Battling Cyber Threats Begins With Employee Education-Senior Vice President for CompTIA, May 31, 2016. https://www.entrepreneur.com/article/274786.
10 K. Ricker, Battling Cyber Threats Begins With Employee Education-Senior Vice President for CompTIA, May 31, 2016. https://www.entrepreneur.com/article/274786.
11 M. Talib and V. Sekgwathe, Cyber Crime Detection and Protection: Third World Still to Cope-Up-CeND 2011: e-Technologies and Networks for Development pp. 171–181.
12 N. Gamer, The effort to educate young people in cyber security, May 2015.
13 UNODC, Comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector, Vienna, 25–28 February 2013.
14 UNODC, Comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector, Vienna, 25–28 February 2013.
15 UNODC, Comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector. Vienna, February 25–28, 2013.
16 UNODC, Comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector. Vienna, February 25–28, 2013.
17 United Nations Office of Drugs and Crimes, Comprehensive Study on Cyber Crime, 2013.
18 Prof. Greiman lectures—Boston University—ELLM, Fall 2016.
19 Prof. Greiman lectures—Boston University—ELLM, Fall 2016.
20 St. Clair v. Johnny's Oyster & Shrimp, Inc., 76 F. Supp. 2d 773 (S.D. Tex. 1999).
21 Hala Bou Alwan—Policy Development and framework for cyber security in corporates and Law firms—ELLM, Boston University—March 2018.
22 Federal Decree-Law no. (5) of 2012, Issued on 25 Ramadan 1433 AH, Corresponding to 13 August 2012 AD, ON COMBATING CYBERCRIMES, United Arab Emirates Ministry of Justice, http://ejustice.gov.ae/downloads/latest_laws/cybercrimes_5_2012_en.pdf.
23 Federal Law No. (3) of 1987 Concerning Promulgating Penal Code, https://www.centralbank.ae/pdf/amlscu/Federal-Law-No.3-1987.pdf.
24 Ministry of the Interior, The International Cyber Crime Conference to Start March 16, March 15, 2016, https://www.moi.gov.ae/en/media.center/news/news2k20160315.aspx.
25 McKinsey & Co., “Digital Middle East: Transforming the region into a leading digital economy.” Accessed May 8, 2018.
26 McKinsey & Co., “Digital Middle East: Transforming the region into a leading digital economy.” Accessed May 8, 2018.
27 “UAE To Double Security Budget, Focus on Cyber.” Military Edge: The Most Comprehensive Tool on the Web for QME (blog), February 24, 2014. https://militaryedge.org/articles/uae-double-security-budget-focus.
28 The Arab Gulf States Institute in Washington. “Bridging the Cybersecurity Talent Gap.” Accessed May 8, 2018. http://www.agsiw.org/wp-content/uploads/2016/02/Cybersecurity-Forum-Report.pdf.
29 Lewis, James Andrew. “Cybersecurity and Stability in the Gulf” Center for Strategic & International Studies. Accessed May 8, 2018. https://csis-prod.s3.amazonaws.com/s3fs public/legacy_files/files/publication/140106_Lewis_GulfCybersecurity_Web_0.pdf.
30 United Arab Emirates—Telecommunication Regulatory Authority.
31 Interpole—Connecting Police for a Safer World—Partnership with the United Arab Emirates 2017.
33 UAE Federal law—Federal Law No. 17 of 2002 (as amended by Federal Law No. 31 of 2006) regulating and Protecting the Industrial Property of Patents, Industrial Drawings and Prototypes (the Industrial Property Law); Federal Law No. 7 of 2002 in respect of Author Copyright and Parallel Rights (the Copyright Law); and Federal Law No. 37 of 1992 (as amended by Law No. 19 of 2000 and Law No. 8 of 2002) concerning Trade Marks (the Trade Marks Law).
34 United Arab Emirates cyber security criminal prosecutions are often not publicly reported in the U.A.E. and examples of enforcement actions are rare. Figures released by Dubai police's cybercrimes department show that it received 1,549 reports in 2014, broken down as follows: 248 fraud cases, 163 information security cases, 389 extortion and libel cases, 235 website crimes and 514 miscellaneous cybercrimes.
35 Hala Bou Alwan—Policy Development and framework for cyber security in corporates and law firms—ELLM, Boston University—March 2018.
36 Substantive cybercrime laws (e.g., laws prohibiting online identity theft, hacking, intrusion into computer systems, child pornography, intellectual property, online gambling): 18 U.S.C. § 1028—Fraud and related activity in connection with identification documents, authentication features, and information 18 U.S.C. § 1028A—Aggravated identity theft 18 U.S.C. § 1029—Fraud and related activity in connection with access devices 18 U.S.C. § 1030—Fraud and related activity in connection with computers 18 U.S.C. § 1037—Fraud and related activity in connection with electronic mail 18 U.S.C. § 1343—Fraud by wire, radio, or television 18 U.S.C. § 1362—[Malicious mischief related to] Communications lines, stations, or systems 18 U.S.C. § 14//62—Importation or transportation of obscene matters 18 U.S.C. § 1465—Transportation of obscene matters for sale or distribution 18 U.S.C. § 1466A—Obscene visual representation of the sexual abuse of children 18 U.S.C. § 2251—Sexual exploitation of children 18 U.S.C. § 2252—Certain activities relating to material involving the sexual exploitation of minors 18 U.S.C. § 2252A—Certain activities relating to material constituting or containing child pornography 18 U.S.C. § 2252B—Misleading domain names on the Internet [to deceive minors] 18 U.S.C. § 2252C—Misleading words or digital images on the Internet 18 U.S.C. § 2425—Use of interstate facilities to transmit information about a minor 18 U.S.C. § 2319—Criminal infringement of a copyright 17 U.S.C. § 506—Criminal offenses [related to copyright] 47 U.S.C. 605—Unauthorized publication or use of communications. The Unlawful Internet Gambling Enforcement Act of 2006. Procedural cybercrime laws (e.g., authority to preserve and obtain electronic data from third parties, including internet service providers; authority to intercept electronic communications; authority to search and seize electronic evidence): 18 U.S.C. §§ 2510-2522—Interception of wire, oral, or electronic communication 18 U.S.C. §§ 2701-2712—Preservation and disclosure of stored wire and electronic communication 18 U.S.C. §§ 3121-3127—Pen registers and trap and trace devices.
37 Omnibus HIPAA Rulemaking, HHS.gov, Oct. 30 2015 .
38 Drexel University—Drexel University Information Technology—Federal laws.
39 Xavier Becerra, Data Security Breach Reporting, Office of the Attorney General, 2016, https://oag.ca.gov/privacy/databreach/reporting.
40 Noluxolo Kortjan, A cyber security awareness and educational framework in SA. https://core.ac.uk/download/pdf/145053774.pdf, 2013.
41 Richard K. Nilsen, Yair Levy Nova, Steven R. Terrell Ph.D., and Nova, Dawn Beyer Lockheed Martin, A Developmental Study on Assessing the Cybersecurity Competency of Organizational Information System Users. Journal of Cybersecurity Education, Research and Practice, Article 2, December 2017.
42 Office of the White House Press Secretary. (2013, February 12). Executive Order: Improving Critical Infrastructure Cybersecurity [Press release]. Retrieved from obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity.
43 Chelsea Binns—American society for public administration—Law Enforcement Partnerships Enhance Cybercrime.
44 Eric Chabrow—Ideas for filling cyber security gaps—Bank info security—September 2015.
45 Michael Daniel, Ed Felten, Tony Scott, Announcing the President's Commission on Enhancing National Cybersecurity, April 13, 2016.
46 Donna Dodson—Chief Security Advisor at Information Technology Laboratory—Strengthening Public-Private Partnerships to Reduce Cyber Risks to Our Nation's Critical Infrastructure, March 26, 2014. Department of State International Cyberspace Policy Strategy, March 2016 Public Law 114-113, Division N, Title IV, Section 402.
47 Appropriations Act, 2016, as Public Law 114-113- Division N- section 402.
48 Department of State International Cyberspace Policy Strategy, March 2016 Public Law 114-113, Division N, Title IV, Section 402.
50 US Government Accountability Office, CYBERSECURITY: Actions Needed to Strengthen U.S. Capabilities, GAO-17-440T (Washington, DC, 2017), accessed February 14, 2017, https://www.gao.gov/products/GAO-17-440T.
51 US Government Accountability Office, CYBERSECURITY: Actions Needed to Strengthen U.S. Capabilities, GAO-17-440T (Washington, DC, 2017), accessed February 14, 2017, https://www.gao.gov/products/GAO-17-440T.
52 Noluxolo Kortjan, A cyber security awareness and educational framework in SA. https://core.ac.uk/download/pdf/145053774.pdf, 2013.
53 Noluxolo Kortjan, A cyber security awareness and educational framework in SA. https://core.ac.uk/download/pdf/145053774.pdf, 2013.
54 Sara Norden, “How the Internet has Changed the Face of Crime” (Masters thesis, Florida Gulf Coast University).
55 UNDERSTANDING CYBERCRIME: A GUIDE FOR DEVELOPING COUNTRIES ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Secto- 2009.
56 1. Each Party shall ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties, including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, and other applicable international human rights instruments, and which shall incorporate the principle of proportionality.
2. Such conditions and safeguards shall, as appropriate in view of the nature of the procedure or power concerned, inter alia, include judicial or other independent supervision, grounds justifying application, and limitation of the scope and the duration of such power or procedure.
3. To the extent that it is consistent with the public interest, in particular the sound administration of justice, each Party shall consider the impact of the powers and procedures in this section upon the rights, responsibilities and legitimate interests of third parties.