Fight Against Cybercrime Goes GlobalA new treaty between the United States and more than two dozen other nations will help multinational companies stop cybercriminals?but this help will come at a cost. Corporate IS departments will have to spend more money on network surveillance technology for evidence gathering and on support staff to assist foreign governments chasing international hackers. Also, the treaty does nothing to guarantee companies that any confidential data they give foreign officials in the course of an investigation will be kept private.The Convention on Cybercrime calls for law enforcement officials in 29 participating countries to establish uniform rules for cooperating on international cases, such as when a U.S. company\u2019s servers in another country are used to commit a crime or are hacked by an overseas criminal. Jeffrey Pryce, an attorney at Steptoe & Johnson in Washington, D.C., says that to solve such cases, law enforcement officials need help from the corporate victims.When a company helps investigators, it can end up spending tens of thousands of dollars on tools for gathering evidence and on dedicating staff for the inquiry, says Pryce. At home, the U.S. government helps companies defray these costs, but that\u2019s not always going to be the case when a foreign government investigates, says Bruce McConnell, president of McConnell International, a business and technology consultancy in Washington, D.C.Also missing from the treaty is a guarantee that companies sharing information with foreign governments to solve cybercrimes will have their privacy protected, as it is in the United States. That means CIOs need to think ahead about how a foreign country\u2019s privacy laws affect how much they\u2019ll cooperate with investigations.The U.S. Senate needs to ratify the treaty, but the Senate Foreign Relations Committee headed by Sen. Joseph Biden (D-Del.) had not announced any action on it at press time. However, many countries, including the United States, will start cooperating on computer crime investigations based on the treaty even before it\u2019s officially ratified, says McConnell. -Stephanie ViscasillasGovernment-Approved SecurityUnder a law passed by Congress last fall, the government will make its future reviews of information security products available to the public, and CIOs can use these assessments to make purchasing decisions.The law, sponsored by Rep. Connie Morella (R-Md.), orders the Commerce Department to set information security standards for the government\u2019s civilian agencies and list hardware and software products that meet those standards. Product tests conducted by independent labs will be rigorous, says Tony Stanco, senior policy analyst at George Washington University\u2019s Cyberspace Policy Institute, because government agencies are tired of being embarrassed by security breaches.CIOs in the private sector have a hard time getting neutral information about the capabilities of security products because analysts and consultants haven\u2019t succeeded in deflating vendors\u2019 marketing hype. The competition for a good rating from the government will keep security vendors honest, says Stanco.The law doesn\u2019t give the government a deadline for getting its product reviews out to the public, but an aide to Morella, who asked not to be named, expects the information to be available within six months to a year.