Forty-five percent of legislators and cybersecurity experts representing 27 countries think cybersecurity is just as important as border security, according to a report by McAfee and the Security Defense Agenda that was released this week.
The organizations surveyed 80 professionals from business, academia and government to gauge worldwide opinions of cybersecurity issues and revealed the findings in a report called Cyber-Security: The Vexed Question of Global Rules.
Researchers found differing views on what cybersecurity means and how to approach it. They also analyzed the steps countries are taking to handle national cybersecurity.
The executive summary highlights the following findings: 57 percent believe an arms race is taking place in cyberspace; 36 percent believe cybersecurity is more important than missile defense; 43 percent felt that damage to critical infrastructure was the greatest threat cyberattacks posed, with massive economic consequences; and
America, Australia, the United Kingdom, China and Germany rank behind less populous countries when it comes to cyber-readiness.
The report noted an interesting paradox in the area of national cyberhealth. The largest countries with the most sophisticated Internet access are the most at-risk but also are the most “cyberliterate,” and thus the best prepared to react if attacked. Countries with less sophisticated Internet connections generally are less vulnerable to cyberattacks.
Twenty-three countries were ranked on a scale of 1 (lowest) to 5 (highest) on their cyberdefense: Finland, Israel and Sweden scored the highest at 4.5. Eight countries — Denmark, Estonia, France, Germany, Netherlands, Spain, the UK and America — scored 4. Australia, Austria, Canada and Japan scored 3.5; China, Italy, Poland and Russia scored 3; Brazil, Romania and India scored 2.5; and Mexico scored 2.
It’s no secret that nation-states are potential culprits of cybercrime, not just the targets. David Marcus, director of advanced research and threat intelligence at McAfee Labs, feels that the IT community needs to develop a way to prove if a foreign government is behind an infiltration.
“No one has said, ‘Let’s take the 30 or so countries we think have offensive cybercapabilities and grade what they are and how they differ,’” he said. Marcus wants a country-by-country rating methodology for offensive capabilities as well as defensive scores.
Interestingly enough, the report revealed disagreement between cyberexperts on how to view international cyberterrorism. Twenty-six percent of the respondents felt that the term “cyberwar” was inaccurate or scaremongering, but 45 percent felt it was accurate.
Sixty-two percent consider cyberspace a common global field, like sea or space. “The people who pooh-pooh cyberwar do so mainly by saying that no war takes place in cyberspace only. That’s like saying air wars only took place in the air, when air warfare is always part of a larger battle,” said Stewart Baker, former assistant secretary of homeland security under President George W. Bush.
The executive summary offers recommendations as well. Suggestions include improving communication between influential groups, like technology experts, business leaders and legislators, at national and international levels, and setting up bodies to share cybersecurity best practices.