Biography: Raphael Perl is currently the head of the Action Against Terrorism Unit at the Organization for Security and Co-operation in Europe (OSCE). Prior to assuming his current position, Dr. Perl served as the senior analyst for terrorism policy with the Congressional Research Service of the Library of Congress in Washington, D.C. A graduate of Georgetown University's Foreign Service and Law Schools, he is the author of more than 100 congressional and academic publications on the topics of international terrorism, trends in terrorism, combating terrorism and related subjects. Mr. Perl speaks regularly at academic institutions and governmental policy fora. He also has testified before Congress on terrorism policy issues, including the 9/11 Commission Report recommendations and has addressed the U.N. General Assembly on the role of regional organizations in implementation of its global counterterrorism strategy. Under his leadership the OSCE Action against Terrorism Unit has redoubled its efforts in combating terrorist use of the Internet and has begun to explore options for comprehensively enhancing cyber security. As an Adjunct Professor at George Washington University, he taught a graduate course on global terrorism. As a fellow at the National Academies, he was project director for an interdisciplinary team involved in assessing terrorist risk. He is actively involved with the U.S. National Research Council and the U.S. National Academy of Engineering, as well as the Russian Academy of Sciences in projects to combat terrorism in Russia. He also serves on a “brain trust” advisory group to the United States National Counter Terrorism Center charged with making recommendations on monitoring terrorist trends.

Reflections on Emerging Cyber Threats and International Cooperative Responses
Abstract: Growing dependence on information and communication technology has made a secure cyberspace absolutely essential for the functioning of modern countries and the world economy. The Internet has also become a key instrument for terrorists and other criminals and is used for a variety of purposes such as fraud; child sexual exploitation; identity and data theft; identifying, recruiting and training new members of a terrorist group; collecting and transferring funds; organizing terrorist acts; and inciting terrorist violence. Experts are alarmed by the continuous growth and annual cost of dealing with cybercrime and by the potential threat of the use of computer systems and the Internet as weapons for cyber-attacks by terrorists. International and regional organizations such as the Organization for Security and Co-operation in Europe (OSCE) have a key role in combating this threat. Building on previous OSCE efforts, notably in the area of combating the use of the Internet for terrorist purposes, the Organization has started to explore a possible role in promoting a comprehensive approach to enhancing cyber security. Such a comprehensive approach to enhancing cyber security, involving and utilizing the strengths of all stakeholders from the public as well as the private sector, may be the best viable option for national authorities and the international community in order to ensure long-term and sustainable cyber security. Drawing on the aforementioned issues, this address will explore the potential role for regional organizations and specifically the OSCE in promoting such a comprehensive approach and will provide concrete policy options for decision makers. 29

Some people can hack it, others can't.

- Unknown

Those of us in security are very much like heart doctors - cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they will wnat a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn't their fault - it was genetics, or the tabacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?

But it doesn't have to be this way. We can do things better. We need to stop doing business as usual and start focusing on end-to-end quality. Security needs to be built in from the start - not slapped on after the fact.

- Gene Spafford