Feeds

Cyberwar report: Israel, Finland best prepared for conflict

Do GCHQ and the NSA have some catching up to do?

The Power of One eBook: Top reasons to choose HP BladeSystem

Analysis Israel, Finland and Sweden are more prepared than larger nations to fight a conflict in cyberspace, according to a McAfee-backed cyber-defence study.

The cyber-security report (click to enlarge)

The study, Cyber-security: The Vexed Question of Global Rules, is based on interviews with experts in the nascent field by by McAfee and Security & Defence Agenda, a defence think-tank. No metrics are involved in the study, which even McAfee admits is largely subjective. Brussels-based SDA based its conclusions on "in-depth interviews with some 80 world-leading policy-makers and cyber-security experts" in government, business and academia in 27 countries as well as an anonymous survey of 250 world leaders in 35 countries.

For the record, among the key findings of the report are the contention that the state of cyber-readiness of the US, Australia, UK, China and Germany all rank behind that of smaller countries such as Israel, Sweden and Finland. The methodology used for rating various countries’ state of cyber-readiness was developed by Robert Lentz, former US Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance.

Hmmm.

Without knowing the capabilities of GCHQ and the NSA, and the cyber-warfare pundits quizzed by McAfee would be honour-bound not to disclose this if they did know, it is hard to even begin to understand where this conclusion comes from. Certainly the UK government's very public commitment to boost cyber-security – with an additional budget of £650m over the next four years on improved electronic defences, mostly earmarked for GCHQ and the intelligence agencies – would suggest it's no laggard when it come to repelling hacker attacks.

The UK and US, rated with four castles, are only just behind the top-ranked nations, which earn four-and-a-half castles. China and Russia get three castles, ahead of India (on two-and-a-half), and Mexico (two castles – the lowest rating of the 23 countries accessed).

Frankly the whole thing is like rating footballers after a match, which sports journalists routinely assign in a great hurry on the way to the boozer - only to find their musings are taken quite seriously by the players.

In other findings, the report found that most (57 per cent) global experts believe that an arms race is taking place in cyber-space. More than a third (36 per cent) reckon cyber-security is more important than missile defence. Nearly one half of them (43 per cent) identified damage or disruption to critical infrastructure as the greatest single threat posed by cyber-attacks. A similar percentage (45 per cent) of respondents said that "cyber-security is as important as border security" (try telling that one to border agents trying to keep Mexican drug traffickers from further encroaching into the US).

Cloud cast shadows over cyber-security picture

Experts quizzed by SDA agreed that greater use of cloud-based technologies and smartphones are complicating the already muddled cyber-security picture. The study highlights a looming skills shortage in cyber-security and a lack of private-sector involvement in cyber-security exercises as potential problems. Striking the difficult balance between maintaining security and protecting individuals' freedoms is also seen as a puzzler best achieved by "selectively reducing anonymity without sacrificing privacy rights".

The report goes on to list a series of recommendations including greater global information sharing; financial incentives for improvements in security for both private and public sectors; more powers to law enforcement in order to combat cross-border cybercrime; the formulation of best practice-led international security standards; and diplomatic efforts to resolve mediocre take-up of existing global cyber treaties. Some respondents advocated the establishment of cyber-confidence building measures as alternatives to global treaties.

Finally the report recommended the development of improved public awareness of cyber-security campaigns. Schemes such as Get Safe Online, in the UK, have enjoyed a greater push from security, financial sector firms and government over recent years so it's hard to see what more can be done in the area of eduction anytime soon.

The report's authors point to the need for improved real-time sharing of global intelligence as the single most important recommendation of the report.

"The core problem is that the cyber criminal has greater agility, given large funding streams and no legal boundaries to sharing information, and can thus choreograph well-orchestrated attacks into systems," said Phyllis Schneck, Vice President and CTO of global public sector at McAfee, in a statement. "Until we can pool our data and equip our people and machines with intelligence, we are playing chess with only half the pieces." ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.