This was from Ashok Vemuri – SVP and Head of the Banking and Capital Markets Business, Infosys Technologies on the Forum Blog.
Often, the informal conversations you have over coffee are far more valuable than the public forums and one of the more interesting themes that came up amongst those I spoke to today was security. I’ve attended several meetings since my arrival and been involved in a number of discussions with banking institutions and business executives about the threats they’re currently facing.
Phishing, phreaking and pharming are now everyday terms and the kind of attacks that are having a massive impact on customer confidence driving the demand for some kind of security governing body. There is a definite feeling amongst delegates that trust is slowly dissolving amongst customers who are getting increasingly disillusioned about the safety of their information with their bank.
I had several fascinating statistics thrown at me in conversation. Whilst three years ago 90 percent of hacker attacks were benign with little dollar impact, 90 percent of hacking nowadays is malicious designed to disrupt data or steal information. One of the newest concepts I heard about earlier was ‘data-kidnapping’ – where hackers break into business systems and block a company from using its data, effectively holding them to ransom.
This provoked fierce debate about accountability amongst many of my fellow delegates. If an online banking customer has his account details stolen and loses money, who is responsible? Is it the user for not keeping his identity secure or is it the bank whose security may have been compromised? Doubtless, this is set to be the biggest driver behind the calls for regulation and standards with banks crying out for guidance from a governing body.
It makes sense. If we have regulators for the Internet, telecommunications and accounting then surely we should have some standards in place for security? Someone to turn to so there is no doubt over where the responsibilities lie or what actions should be taken when a security breach happens.
This post proves 1) Open Space is a great way to do events. Even at this incredible event the coffee breaks rock. 2) The issues that the Identity community is seeking to address are front and center amongst world business and political elites.
I also think there is a problem with he thinking that we need to have a security ‘governing’ body. I hope that those thinking along these lines can get with the ‘internet’ paradigm and read the Accountable Net: Peer Production of Internet Governance White Paper (Crawford, Johnson, Palfry) and Article (by Esther Dyson)
Three problems of online life – spam, informational privacy, and network security – lend themselves to the peer production of governance. Traditional sovereigns have tried and, to date, failed to address these three problems through the ordinary means of governance. The sovereign has a role to play in the solution to each of the three, but not as a monopoly and not necessarily in the first instance. A new form of order online, brought on by private action, is emerging in response to these problems. If properly understood and encouraged, this emerging order could lead to an accountable internet without an offsetting loss of those aspects of online life that we have found most attractive.
There has been a great deal of loose talk about the need for internet governance, particularly in the context most recently of the World Summit on the Information Society, but much less careful analysis of the question whether the online world really does pose special problems, or present special opportunities, for collective action. There has been a general discussion as to whether the internet, as a general rule, lends itself to governance by traditional sovereigns or if something in the net’s architecture resists such forms of control. We do not seek to re-open this debate, acknowledging at the outset the important role that traditional sovereigns have to play in most areas of decision-making and enforcement on the internet. Rather, we seek to look more closely at a series of particularly thorny issues that have proven especially challenging for policy makers seeking to impose governance by states. We seek the special problems — and corresponding opportunities – of online activity and assess the relative merits of various options for how to resolve them.