Outdated laws failing the cyber security fight

Current laws and organisational policies are outdated and ill-designed for the digital age, and actively prevent law enforcers effectively fighting cyber crime, according to a former FBI chief information officer.

Zalmai Azmi explained at a TechNet conference run by the Armed Forces Communications and Electronics Association that there are three main challenges for those tasked with tackling cyber crime.

"Our laws are 100 to 200 years old, and don't apply to the digital world," he said. "They are slowing us down."

Azmi gave the example of being forced to spend a whole year trying to work with lawmakers to insert a provision allowing the FBI to monitor VoIP communications.

"Our laws are really old and need to be revamped," he said. "There are 47 bills on the Hill that have been waiting for two years."

Azmi argued that the internal government procurement processes can be frustratingly slow, typically taking 1,000 days before a request for proposal can even be sent out.

"In cyber space we don't have time for that. We need things to happen quickly, in legislation, in policy and in acquiring," he said.

Chief information officers need to start the whole process earlier, having plans in place to act quickly if and when money becomes available.

Azmi also warned the assembled crowd of military technologists that the current cyber security workforce is woefully undermanned to deal with the scale and level of modern threats.

"There are not enough people who really understand security," he said. "We need to perform due diligence on a daily basis because the technology can't do it all."

Finally, Azmi highlighted the need for greater partnerships between law enforcement agencies and the international community, and between the intelligence community and the private sector.

"We're making all the decisions without engaging with the private security sector, despite 90 per cent of the infrastructure being there," he said.