Feeds

Cyberwar report: Israel, Finland best prepared for conflict

Do GCHQ and the NSA have some catching up to do?

High performance access to file storage

Analysis Israel, Finland and Sweden are more prepared than larger nations to fight a conflict in cyberspace, according to a McAfee-backed cyber-defence study.

The cyber-security report (click to enlarge)

The study, Cyber-security: The Vexed Question of Global Rules, is based on interviews with experts in the nascent field by by McAfee and Security & Defence Agenda, a defence think-tank. No metrics are involved in the study, which even McAfee admits is largely subjective. Brussels-based SDA based its conclusions on "in-depth interviews with some 80 world-leading policy-makers and cyber-security experts" in government, business and academia in 27 countries as well as an anonymous survey of 250 world leaders in 35 countries.

For the record, among the key findings of the report are the contention that the state of cyber-readiness of the US, Australia, UK, China and Germany all rank behind that of smaller countries such as Israel, Sweden and Finland. The methodology used for rating various countries’ state of cyber-readiness was developed by Robert Lentz, former US Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance.

Hmmm.

Without knowing the capabilities of GCHQ and the NSA, and the cyber-warfare pundits quizzed by McAfee would be honour-bound not to disclose this if they did know, it is hard to even begin to understand where this conclusion comes from. Certainly the UK government's very public commitment to boost cyber-security – with an additional budget of £650m over the next four years on improved electronic defences, mostly earmarked for GCHQ and the intelligence agencies – would suggest it's no laggard when it come to repelling hacker attacks.

The UK and US, rated with four castles, are only just behind the top-ranked nations, which earn four-and-a-half castles. China and Russia get three castles, ahead of India (on two-and-a-half), and Mexico (two castles – the lowest rating of the 23 countries accessed).

Frankly the whole thing is like rating footballers after a match, which sports journalists routinely assign in a great hurry on the way to the boozer - only to find their musings are taken quite seriously by the players.

In other findings, the report found that most (57 per cent) global experts believe that an arms race is taking place in cyber-space. More than a third (36 per cent) reckon cyber-security is more important than missile defence. Nearly one half of them (43 per cent) identified damage or disruption to critical infrastructure as the greatest single threat posed by cyber-attacks. A similar percentage (45 per cent) of respondents said that "cyber-security is as important as border security" (try telling that one to border agents trying to keep Mexican drug traffickers from further encroaching into the US).

Cloud cast shadows over cyber-security picture

Experts quizzed by SDA agreed that greater use of cloud-based technologies and smartphones are complicating the already muddled cyber-security picture. The study highlights a looming skills shortage in cyber-security and a lack of private-sector involvement in cyber-security exercises as potential problems. Striking the difficult balance between maintaining security and protecting individuals' freedoms is also seen as a puzzler best achieved by "selectively reducing anonymity without sacrificing privacy rights".

The report goes on to list a series of recommendations including greater global information sharing; financial incentives for improvements in security for both private and public sectors; more powers to law enforcement in order to combat cross-border cybercrime; the formulation of best practice-led international security standards; and diplomatic efforts to resolve mediocre take-up of existing global cyber treaties. Some respondents advocated the establishment of cyber-confidence building measures as alternatives to global treaties.

Finally the report recommended the development of improved public awareness of cyber-security campaigns. Schemes such as Get Safe Online, in the UK, have enjoyed a greater push from security, financial sector firms and government over recent years so it's hard to see what more can be done in the area of eduction anytime soon.

The report's authors point to the need for improved real-time sharing of global intelligence as the single most important recommendation of the report.

"The core problem is that the cyber criminal has greater agility, given large funding streams and no legal boundaries to sharing information, and can thus choreograph well-orchestrated attacks into systems," said Phyllis Schneck, Vice President and CTO of global public sector at McAfee, in a statement. "Until we can pool our data and equip our people and machines with intelligence, we are playing chess with only half the pieces." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.