New cyber-readiness report places Finland, Israel and Sweden ahead of the United States

McAfee and the Security & Defence Agenda, a Brussels-based security and defense policy forum, revealed on Jan. 30 the findings from a new report, Cyber-security: The Vexed Question of Global Rules, that paints a global snapshot of current thinking about the cyber-threat, identifies measures that should be taken to defend against them, and assesses the way ahead.

The SDA interviewed leading global security experts to ensure that findings would offer usable recommendations and actions, says a press release issued on Jan. 30 by both organizations. The report was created to identify key debate areas and trends, and to help governments and organizations understand how their cyber defense postures compare to those of other countries and organizations.

Here are some noted findings:

• --  57% of global experts believe that an arms race is taking place in cyber space;
• --  36% believe cyber-security is more important than missile defense;
• --  43% identified damage or disruption to critical infrastructure as the greatest single threat threat posed by cyber-attacks with wide economic consequences;
• --  45% of respondents believe that cyber-security is as important as border security;
• --  The state of cyber-readiness of the United States (which earned 4 stars), Australia, UK, China and Germany ranked behind smaller countries, such as Israel, Sweden and Finland (which earned four-and-a-half stars each). Twenty-three countries were ranked altogether.

“The U.S. has a government CERT, takes part in the informal CERT communities, and has a new cyber-security strategy since 2011,” says the introduction to the section that assesses the United States. “It has a contingency plan for cyber-incidents and is an active player in cyber-security exercises. The Pentagon has a cyber-command (USCYBERCOM) that defends American military networks and can attack other countries’ systems.”

McAfee asked the SDA, as an independent think-tank, to produce the most informed report on global cyber defense available. The SDA conducted in-depth interviews with some 80 world-leading policy-makers and cyber-security experts in government, business and academia in 27 countries and anonymously surveyed 250 world leaders in 35 countries. As the only specialist security and defense think-tank in Brussels, SDA has become one of the world’s leading forums for the discussion of international defense and security policies, said the news release.

The methodology used for rating various countries’ state of cyber-readiness is that developed by Robert Lentz, president of Cyber Security Strategies and former deputy assistant secretary of defense for cyber, identity and information assurance.

Top six actions cited in report:

• ( 1 )  Real-time global information sharing required;
• ( 2 )  Financial incentives for critical improvements in security for both private and public;
• ( 3 )  Give more power to law enforcement to combat cross-border cyber crime;
• ( 4 )  Best practice-led international security standards need to be developed;
• ( 5 )  Diplomatic challenges facing global cyber treaties need to be addressed;
• ( 6 )  Public awareness campaigns that go beyond current programs to help citizens.

Real-time sharing of global intelligence was a core recommendation of the report, which cited the building of trust between industry stakeholders by setting up bodies to share information and best practices, such as the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA).

“The core problem is that the cyber criminal has greater agility, given large funding streams and no legal boundaries to sharing information, and can thus choreograph well-orchestrated attacks into systems,” says Phyllis Schneck, vice president and chief technology officer for McAfee’s global public sector. “Until we can pool our data and equip our people and machines with intelligence, we are playing chess with only half the pieces.”

Experts interviewed also agreed that developments, such as smart phones and Cloud computing, mean we are seeing a whole new set of problems linked to inter-connectivity and sovereignty that require new regulations and new thinking. Last year, McAfee issued a Q3 threat report that stated that the total amount of malware targeted at Android devices jumped 76 percent from Q2 of 2010 to Q2 of last year, to become the most attacked mobile operating system.

To read the complete report, click here.