Sometimes finding a solution starts with correctly defining the problem.
Some government activities, like attacks launched by governments against critical infrastructure and cyber espionage, are correctly classified as acts of “cyberwar”. Contrast these acts, however, against identity theft schemes sponsored by organized cybercriminal gangs. Both cyberwar and cybercrime are serious concerns, but they demand very different approaches and solutions. One is a military issue, the other is a law enforcement concern.
The security community today sometimes confuses cyber war with cybercrime. Some experts are broadly using the term “cyberwar” and applying a “one size fits all” label to malicious activity on the Internet. The result is that neither problem is successfully addressed.
Some governments make little effort to stop criminal gangs operating within their borders. However, this is not a unique problem that applies only to cybercrime. These same issues are generally persistent to some degree across all criminal activities. These countries are not necessarily supporting cybercrime any more than they are supporting other forms of crime. There is a law enforcement capability problem that must be resolved across all segments of crime.
To succeed in fighting cybercrime we must first properly define the problem. This requires identifying when there is a law enforcement capacity issue distinct from a military issue. The solution, in many cases, is continuing to support increased law enforcement capability to successfully find and prosecute cybercriminals.