Lightning talk at APC members meeting in Manila 28 March 2015 Cybercrime is an [undesired] activity. Cybersecurity is a [desired] state.

1. Cybercrime vs Cybersecurity
@bact
APC Meeting, Manila, 28 Mar 2015

2. Relationship
• Cybercrime - [Undesired] ACTIVITY
• Cybersecurity- [Desired] STATE
• Cybersecurity threats: criminals, terrorists, spies,
malicious cyber actors

3. Different “Cybercrime”
• Narrow sense: Computer crime
• “any illegal behaviour directed by means of electronic
operations that target the security of computer systems
and the data processed by them”
• Broader sense: Computer-related crime
• “any illegal behaviour committed by means of, or in
relation to, a computer system ornetwork, including such
crimes as illegal possession and offering or distributing
information by means of acomputer system or network”

4. Different “Cybercrime”
• Narrow sense: Computer crime
• Computer as TARGET
• Broader sense: Computer-related crime
• Computer as TOOL

5. Strengthen “Cybersecurity”
• Strategies/action plans aimed to strengthen
cybersecurity
• Government security
• Protection of critical information infrastructures
• Fight against cybercrime
• Awareness raising, Education
• Response (incident response team - CSIRT / CERT)

6. CII - Link to National Security
• Critical information infrastructures (CII)
• “interconnected information systems and networks, the disruption or
destruction of which would have a serious impact on the health, safety,
security, or economic well being of citizens, or on the effective functioning of
government or the economy” (OECD)
• National CII: Information components supporting critical infrastructures;
Information infrastructures supporting essential components of government
business; Information infrastructures essential to the national economy
• Critical infrastructure
• “systems and assets, whether physical or virtual, so vital to the United States
that the incapacity or destruction of such systems and assets would have a
debilitating impact on security, national economic security, national public
health or safety, or any combination of those matters” (US)

7. Resources
• [ITU] Understanding Cybercrime: Phenomena, Challenges and Legal Response http://
www.itu.int/ITU-D/cyb/cybersecurity/
• [OECD] Cybersecurity Policy Making at a Turning Point: Analysing a New Generation of
National Cybersecurity Strategies for the Internet Economy http://oe.cd/security
• [EU] Digital Agenda for Europe: Cybersecurity http://ec.europa.eu/digital-agenda/en/
cybersecurity
• [EU] EU International Cyberspace Policy http://eeas.europa.eu/policies/eu-cyber-security/
• [EU] Directive 2013/40/EU on attacks against information systems http://eur-
lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32013L0040
• [Council of Europe] Convention on Crime http://conventions.coe.int/Treaty/Commun/
QueVoulezVous.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG
• [NATO] Cyber Security Strategy Documents https://ccdcoe.org/strategies-policies.html

8. Resources (2)
• [US] US cybercrime: Rising risks, reduced readiness Key findings from the 2014 US
State of Cybercrime Survey http://www.pwc.com/cybersecurity
• [US] Executive Order (EO) 13636 Improving Critical Infrastructure Cybersecurity
• [US] Presidential Policy Directive (PPD)-21 Critical Infrastructure Security and
Resilience
• [US] Presidential Policy Directive (PPD)-28 Signals Intelligence Activities
• [US] U.S. Code Title 42 Section 2000ee Privacy and Civil Liberties Oversight Board
• [Singapore] National Cyber Security Masterplan 2018 http://www.ida.gov.sg/
Collaboration-and-Initiatives/Initiatives/Store/National-Cyber-Security-
Masterplan-2018
• ASEAN ICT Masterplan 2015 http://www.asean.org/resources/publications/asean-
publications/item/asean-ict-masterplan-2015