A new report finds that the ‘bad guys’ are winning, and that most nations are ill-prepared for crippling cyber attacks.
The report, by Security & Defence Agenda (SDA), was commissioned by the security firm McAfee. It concluded that friendly nations around the globe are losing out in an arms race with cyber criminals, spies and saboteurs, and that far greater international cooperation is needed to begin to turn the tide of attacks.
SDA surveyed 250 “leading authorities” and 80 cybersecurity experts in the public and private sectors, as well as academics and those working for international organizations. It also evaluated the cyber readiness of 21 countries, conducting “stress tests” in late 2011.
A lack of international cooperation is the biggest challenge to countries that want better protection from cyber crime, hacktivism and cyber warfare, the report concluded. Nations that are leaders in the cyber arena, including the U.S., UK, Germany and Israel, as well as emerging nations like China and Russia need to build formal and informal trust relationships that will make sophisticated, nation-backed attacks less likely and encourage cooperation in pursuing common enemies, like cyber criminal groups.
But a lack of communication, international cooperation and of useable information makes cooperation difficult. Even critical terms like “cyber war” aren’t clearly defined or agreed upon by the international community, creating uncertaintly about what kinds of cyber actions constitute cyber war and what kinds of retaliation might be expected.
Though every nation is developing its cyber offensive capabilities, there’s no commonly recognized measure of the cyber offensive capabilities of different countries, according to Dave Marcus, Director of Advance Research and Threat Intelligence at McAfee Labs.
Discrepancies between national codes and laws make cooperation on law enforcement difficult, with many nations lacking the proper legal codes or international agreements to prosecute cyber crime within their borders.
Beyond that, the world’s nations hold very different views about the role of the Internet and of individual freedoms. Whereas western nations support the notion of the Internet as a platform for free expression, China, Russia and other nations consider Internet access and online expression to be things that governments can and should control within their borders, the report notes.
That doesn’t bode well for the future, especially as the advent of Internet connected mobile devices and cloud computing stand ready to transform the Internet and introduce new avenues for attack.
The report recommends that stake holders need to break down walls that separate different cyber communities and constituencies. That includes generational divides, professional sectors and countries.
“Cyber security is a social problem, not just a military problem,” said Tim Scully, the CEO of Stratsec and head of Cyber Security at BAE Systems in the report. “We talk in terms of national security, but we should talk in the context of national interest.”