History of Computer Crime
According to Donna Batten, "computer crime is the use of a computer to take or alter data or to gain unlawful use of computers or services" ("Computer Crime"). With the increasing prevalence of the computer and other technological devices, the amount of computer crimes has skyrocketed.
Prior to 2000
The very first legislation on a federal level regarding computer crime was the Counterfeit Access Device and Computer Fraud and Abuse Act in 1984. This Act made obtaining financial or credit information through a computer a misdemeanor. Before this Act was put in place, there was not much that could be done for computer fraud. Not only did this Act help fight against computer fraud, but it also acted against the use of computers as a means of inflicting damage on other computing systems. Note that this was a Federal Act, and about half of the states passed similar statutes for greater enforcement. It was around this time in 1984 that there was an organized effort to try to define what exactly constitutes "computer crime" ("Computer Crime").
Despite the new laws, in 1987, a report by Ernst and Whinney found that approximately $3-5 billion is lost each year due to computer crime ("Computer Crime"). The increased money loss can be attributed to the growing accessibility of the Internet, for Internet service providers were starting to develop large customer bases.
A few years later, the Computer Emergency and Response Team at Carnegie-Mellon university found that between 1991 and 1994, the percent of intrusions in the United States increased by a whopping 498%. They also found that the number of individual homes and office locations affected by computer crime went up 702% ("Computer Crime").
To help combat the exploding amount of computer crimes, a new team was formed under the FBI--the National Computer Crime Squad. This team worked exclusively on cases involving computer crime, and between 1991 and 1997, it investigated over two hundred individual cases ("Computer Crime").
One of the most prominent events in the history of computer crime was the terrorist attack of September 11, 2001. Though this attack was not directly related to computer crime, it led to the creation of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act--the USA PATRIOT Act ("Computer Crime"). This Act gave government agencies an increased ability to crack down on computer crime in the name of intercepting and obstructing terrorism.
In 2002, a survey by the Computer Security Institute found that over 90% of large corporations, including government agencies, reported having security breaches. This data alone demonstrates just how commonplace and effective computer crimes were becoming. The survey also found that in 2002 alone, there was a loss of $455 million attributed to computer crime ("Computer Crime").
2012 and Beyond
By 2012, a large computer security company, Symantec, found that computer crime was costing companies $114 billion per year, a significant increase from that of $455 million from ten years prior. In addition, $274 billion was wasted in lost time due to interferences caused by computer crime (Smith).
With the astonishing amount of money going down the drain, a Bloomberg Government study was performed to figure out how much money would be needed to prevent the cyber security attacks. The study found that big organizations would have to increase the money allotted for computer security from $5.3 billion to $46.6 billion per year. Even then, only 95% of the attacks would be prevented, leaving 5% of attacks entirely unavoidable (Smith). Because of the daunting amount of money required, many companies simply turn a blind eye on investing more in security.
As Joe Lieberman from ID-Conn. has said, "Government has to be able to say, 'You're not doing enough.'" (Smith) Unfortunately, because the majority of networks are owned by private businesses, the government has little control over the implementation of cyber security practices.
To help illustrate the growing problem, Figure 5 shows the spread of how compliant industries currently are in the security of web applications. Notice that Aerospace and Defense, perhaps the most important industry to national security, has the lowest compliance rate as of 2012.
Luckily, a new act, known as the Cybersecurity Act of 2012, has been proposed. This Act would allow the Homeland Security Department to work with organizations to develop security standards. Some companies, however, are demanding that Congress give out rewards and incentives in exchange for increasing security. Other companies do not want any government departments obtaining authority over them (Smith).
Another Act has been proposed, the Secure IT Act, which is very similar to the Cybersecurity Act of 2012. This Act varies in that it does not give Homeland Security any extra authority over the security practices of companies. Instead, the companies would be able to spend money the way they want to for the security practices that work best for them (Smith).