In order to build a weapon, a blueprint and the means to manufacture it are required.
As a result, laws have been created to control the widespread use and availability of guns by regulating who can manufacture them. Obtaining a blueprint for an M16 is easily accomplished. Manufacturing one is not.
A similar approach is required for fighting cybercrime — we need to limit the availability of the tools required to carry out attacks.
While physical weapons are difficult to manufacture, cyber attack tools, including malware, exploits, etc., are not. Therefore, we need to try to limit the availability and sharing of blueprints used to build cyber crime weapons. This is not easily done.
Read complete commentary here in the Oct/Nov 2015 Homeland Security Today.
Guy Wertheim is CTO of Comilion and a consultant with McKinsey & Company. He served several years in the elite intelligence unit of the Israel Defense Forces.