Comment: Where is Australia's cybercrime data?

No time or funding to get the complete picture.

Does it not strike you as odd to hear the Federal Government rabbiting on about the importance of cybercrime, hosting 'cybersecurity awareness week' and proposing an internet filter, while we continue to be a hostage to the data they are given from interested parties such as rights holders, security software and local police?”

The latest issue of the Australian Institute of Criminology’s (AIC) annual compendium on Australian crime known as Facts & figures 2010, offers little that is up-to-date or relevant on the extent of cybercrime or computer security.

The AIC concedes the figures for 2010 may not be representative as few police agencies identify cybercrimes separately.

Instead the AIC opted to summarise the results of Australian surveys of computer crime and security by AusCERT, Microsoft and the Australian Competition and Consumer Commission (ACCC) to generate an understanding of cybercrime in Australia.

While it's useful to reprise statistics that trojans were the most common type of malware present on computers and that 62 percent experienced some malware infections in 2008, there should be more comprehensive and up-to-date numbers in a publication issued by the AIC.

CSOC data not included for reasons of "space"

iTnews Canberra correspondent,
John Hilvert

Why, for example, does the new publication not include data collected by the Department of Defence’s Cyber Security Operations Centre (CSOC) which was launched with some fanfare by the Government in January 2010?

According to Defence Minister John Faulkner, the CSOC employs around 130 highly-skilled information technology experts, engineers and analysts drawn from the DSD as well as representatives from the Attorney-General’s Department, ASIO and the AFP.

The CSOC was designated by the Attorney-General to provide information to the national CERT that can be packaged into products for consumption by business.

AIC’s principal criminologist Russell Smith informed ITnews that reasons of "space" meant the publication could not reproduce all of the available sources of data from government, police, business and IT security organisations.

But why should AIC prefer Microsoft's data as against DSD’s high-powered computing resources and advanced analytic techniques if space was the issue?

No official statistics on IP crime

Likewise the contentious areas of the extent online IP crime is not covered in the statistics at all, notwithstanding an interest for pressing ahead with Treaties such as ACTA and TPPA.

AIC’s own earlier report on IP crime called for better understanding of the impact of IP crime through monitoring and intelligence gathering, research into enforcement and prosecution activities, and econometric cost modelling, using educational, good practice and legislative reform initiatives.

“Unless we receive funding to undertake a new project in the IP crime area, we don’t have plans to explore this further at present.” Smith said.

If the Government is truly serious about cybercrume and security, it might want to spend less on roadshows and more on quantitative evidence.