Time to tear down cyber walls
A purely national approach to fighting cyber attacks will fail
Published 14:03, 02 February 11
In a blog post back in November, I commented about dealing with cyber threats and the progress we are seeing at the national level, especially here in the UK. The UK government elevated cyber to a Tier One threat, promised an additional £650 million of investments and established the Cyber Security and Operations Centre (CSOC).
These are all good initiatives, but we need to make sure they are followed by concerted efforts to bring down the walls: the walls between countries who are building individual defences, those put up by companies not sharing critical information with each other, and those between the public and private sectors. Cyber attacks are borderless; cyber defence needs to be as well.
Cyber attacks on PayPal, Amazon and other organisations targeted by WikiLeakshactivists as part of “Operation Payback” aimed at organisations in various parts of the world. If one of the engines of the European economy were targeted the way Estonia or Georgia were attacked in recent years, the effect would be felt beyond its borders. For example, if Germany, one of the biggest exporters, was targeted in a cyber attack, the impacts could be felt by many of its trading partners and those trading on the German stock exchange.
The same attacks that are carried out in one country are often used in another. The same attack that infiltrated a corporation can be used against a government agency. The effects of these attacks could be minimised if greater coordination and cooperation were in place.
Whilst a lot needs to be done, we have seen some positive signs of progress. Late last year, the first pan-European exercise, Cyber Europe 2010, took place involving 30 European countries working on a cyber attack simulation scenario. The simulation was based on a scenario where Internet connectivity between European countries would be gradually lost or significantly reduced so that citizens, businesses and public institutions would find it difficult to access essential online services (similar to what happened to Estonia in 2007).
The preliminary report described the exercise as successful, but also pointed to one key omission - 2010 Cyber Europe did not include private organisations. With so many critical activities in private hands (e.g. electricity, banking systems, telecommunications, utilities), it is absolutely essential that corporations are involved - and thankfully, this is the plan for Cyber Europe 2011. The full report on the 2010 exercise is due within the early part of this year.
Cooperation is also taking place at the NATO level. In fact, this week officials from the U.S., NATO and the EU are meeting to discuss enhanced cooperation strategies following a NATO summit in Lisbon in November of last year. It was encouraging to hear U.S. Deputy defence Secretary William J. Lynn acknowledge that a lot of this transatlantic cooperation will have to be with organisations that are not part of the government. According to a senior defense official, “Some 80 to 90 percent of what we are doing rides on the private infrastructure.”
The Digital Agenda for Europe, published by the European Commission, presented a vision of Europe where citizens can enjoy commercial services and cultural content across borders, where information and communication (ICT) products are open and interoperable and by 2020 all European citizens have access to Internet speeds of 30 Mbps or above.
If we are to reap the benefits without leaving ourselves exposed to greater cyber threats, we all need to become more serious about working together and bringing down the barriers for international and private/public sector cooperation. The initial work is being done, but we need to do much more and the integration needs to be much deeper. It’s time to tear down the cyber walls.
Iain Chidgey is general manager, EMEA, of ArcSight, an HP company