Feeds

Cisco suggests new economic metric: Gross Domestic P0wnage

Count the cost of cybercrime to understand if government tech investments deliver

High performance access to file storage

Cisco has hosted the launch of a new “Cyber Readiness Index” and endorsed its author's belief that nations need to measure the impact of online crime if they are to understand the true impact of technology on their economies and societies.

The author of the Index is Melissa Hathaway, a former security advisor to President Barack Obama's and George W Bush's administrations. Now head of an eponymous consultancy firm, Hathaway is also a senior security advisor to Cisco.

The Index notes the many upsides that flow from technology, asserting that “governments and businesses that embrace the Internet and ICTs recognize it will enhance their long-term competitiveness and societal wellbeing, and potentially contribute up to eight percent of gross domestic product”. But the document says it can find only occasional assessment or quantification of negative economic impacts brought on by technology, citing data on the cost in money and jobs of intellectual property theft.

The study also considered publicly available data on adoption of technology and “network readiness”, before a five-point assessment of whether a nation is “Cyber Ready” was constructed. Those five points are:

  1. Articulation and publication of a National Cyber Security Strategy
  2. Does the country have an operational Computer Emergency Response Team (CERT) or Computer Security Incident Response Team (CSIRT)?
  3. Has the country demonstrated commitment to protect against cyber crime?
  4. Does the country have an information sharing mechanism?
  5. Is the country investing in cyber security basic and applied research and funding cyber security initiatives broadly?

Full results are available in this PDF, but here's the top 20 nations from the league table of the most “Cyber-Ready” nations:

  1. South Korea
  2. Sweden
  3. Iceland
  4. Denmark
  5. Finland
  6. Norway
  7. Netherlands
  8. United Kingdom
  9. Luxembourg
  10. Hong Kong
  11. Australia
  12. Japan
  13. Switzerland
  14. Macau
  15. Singapore
  16. New Zealand
  17. United States
  18. France
  19. Germany
  20. Canada

Hathaway, and Cisco chief security officer Jon Stewart both suggested the study should be a a wake-up call to governments, for the usual reason that the internet is a snake pit but also because without an attempt to count the negatives that come with wide technology adoption their policies aren't well-directed or designed.

Hathaway's rationale for such studies are as follows:

“Measuring the declining gains may force governments to align their digital agenda and economic vision with their cyber security strategy and invest in the derivative value of both. Bringing transparency to the economic losses may spark national and global interest in addressing the economic erosion. Cyber security initiatives, therefore, can enable and preserve the promise of the ICT dividend and help countries realize the full potential of the Internet economy.”

It's a rare day on which a Reg hack somewhere in the world is not offered a study on just how bad things are online and the terrible consequences that await if businesses, governments and you, dear readers, don't offer more time, attention and currency to security. This study has plenty of that thinking behind it, along with some contestable and contentious assertions like the idea counterfeiting and piracy cost jobs.

The study's proposed remedy is more and more serious policy responses to the dangers of the internet, along with more and better implementations of the ideas and institutions listed in the five points above.

Interestingly, before the event started Cisco said it would not entertain questions related to recent Snowden-related revelations.

Our question about pone response to Snowden-instigated action, the IETF's recently-announced plan to harden the internet and bake encryption into HTTP 2.0, saw Hathaway respond that “things happening in international venues are quite emotional.”

“When we enabled encryption for e-commerce we made it easy for criminals to hide their money,” she said. “We need to think about what we enable on the other side of the coin and third or fourth order effects.” ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.