Cybersecurity exercises are not receiving strong participation from industry and some countries are falling behind in preparedness, a report on global cyber defence has revealed.
The report, based on interviews more than 300 representatives of government, business and academia in more than 30 countries, said although almost everyone believes that exercises are important, only 20% of those surveyed in the private sector have taken part in such exercises.
Commissioned by security firm McAfee and compiled by think-tank Security & Defence Agenda (SDA), the report also points to a low level of preparedness for cyber attacks in some countries.
China, Russia, Italy and Poland, fall behind Finland, Israel, Sweden, Denmark, Estonia, France, Germany, Netherlands, UK, Spain and the United States, the report said.
However, the state of cyber-readiness of the UK, US, Australia, China and Germany all ranked behind smaller countries such as Israel, Sweden and Finland.
The research revealed that 57% of global experts believe that an arms race is taking place in cyber space, 45% believe cybersecurity is as important as border security, 43% identified damage or disruption to critical infrastructure as the greatest single threat posed by cyber-attacks with wide economic consequences, and 36% think cybersecurity is more important than missile defence.
While many respondents believed that global treaties were an essential factor in the development of sound policy, some also suggested the establishment of cyber-confidence building measures as alternatives to global treaties, or as a stopgap measure, since treaties are seen as unverifiable, unenforceable and impractical.
Stewart Barker, the former Assistant Secretary of Homeland Security under President George W. Bush, stated that treaties “delude western countries into thinking they have some protection against tactics that have been unilaterally abandoned by other treaty signatories.”
Real-time sharing of global intelligence is a core recommendation of the report, which cites the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA) as examples of bodies that help build trust between industry stakeholders by sharing information and best practices.
“The core problem is that the cyber criminal has greater agility, given large funding streams and no legal boundaries to sharing information, and can thus choreograph well orchestrated attacks into systems,” said Phyllis Schneck, chief technology officer, global public sector, McAfee.
Experts interviewed agreed that developments like smart phones and cloud computing have led to the emergence of a whole new set of problems linked to inter-connectivity and sovereignty that require new regulations and new thinking.
The report highlights the need to address the shortage of people working in cyber defence, with 56% saying they foresee a skills shortage. The report recommends that all organisations should make information protection a priority and balance security with privacy by improving attribution capability.
The report goes on to provide top-level advice for governments to improve their cybersecurity response. The top 6 actions cited in the report are:
- Real-time global information sharing required
- Financial incentives for critical improvements in security for both private and public sectors
- Give more power to law enforcement to combat cross-border cyber crime
- Best-practice led international security standards need to be developed
- Diplomatic challenges facing global cyber treaties need to be addressed
- Public awareness campaigns that go beyond current programs to help citizens