Security vendor McAfee and a think tank called theSecurity and Defence Agenda(SDA) today revealed the findings from a new global study Cyber-security: The Vexed Question of Global Rules that claims to present a global snapshot of current thinking about the cyber-threat and the measures that should be taken to defend against them, and assesses the way ahead.

The SDA, a defense and security group based in Brussels, interviewed leading global security experts to ensure findings would offer usable recommendations and actions. The report was created to identify key debate areas and trends and to help to governments and organisations understand how their cyber defense posture compares to those of other countries and organisations.

Key findings:

•  57% of global experts believe that an “arms race” is taking place in cyberspace
• 36% believe cybersecurity is more important than missile defense
• 43% identified damage or disruption to critical infrastructure as the greatest single threat posed by cyber-attacks with wide economic consequences
• 45% of respondents believe that cybersecurity is as important as border security
• The state of cyber-readiness of the United States, Australia, UK, China and Germany all ranked behind smaller countries such as Israel, Sweden and Finland (23 countries ranked in report).

The SDA conducted in-depth interviews some 80 world-leading policy-makers and cybersecurity experts in government, business and academia in 27 countries and anonymously surveyed 250 world leaders in 35 countries to get these findings. As a result, it recommends:

• Real-time global information sharing required
• Financial incentives for critical improvements in security for both private and public sectors
• Give more power to law enforcement  to combat cross-border cyber crime
• Best-practice led international security standards need to be developed
• Diplomatic challenges facing global cyber treaties need to be addressed
• Public awareness campaigns that go beyond current programmes to help citizens

Real-time sharing of global intelligence is a core recommendation of the report, citing that the building of trust between industry stakeholders by setting up bodies to share information and best practices, like the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA).

“The core problem is that the cybercriminal has greater agility, given large funding streams and no legal boundaries to sharing information, and can thus choreograph well orchestrated attacks into systems,” says Phyllis Schneck, Vice President and Chief Technology Officer, Global Public Sector, McAfee. “Until we can pool our data and equip our people and machines with intelligence, we are playing chess with only half the pieces.”

Other key report findings from the SDA report include the following:

•  A clear need to address expected shortage of cyber workforce: More than half (56%) of the respondents highlight a coming skills shortage
• Low level of preparedness for cyber attacks: China, Russia, Italy and Poland fall behind Finland, Israel, Sweden, Denmark, Estonia, France, Germany, Netherlands, UK, Spain and the United States
• Cybersecurity exercises are not receiving strong participation from industry: Although almost everyone believes that exercises are important, only 20% of those surveyed in the private sector have taken part in such exercises
• Risk assessment: Prioritise information protection, knowing that no one size fits all. The three key goals that need to be achieved are confidentiality, integration and availability in different doses according to the situation.
• Balance between security and privacy: Improve attribution capability by selectively reducing anonymity without sacrificing the privacy rights.

While many respondents believed that global treaties were an essential factor in the development of sound policy, some also suggested “the establishment of cyber-confidence building measures as alternatives to global treaties, or as a stopgap measure, since treaties are seen as unverifiable, unenforceable and impractical”.

All the latest Public Sector ICT news, views and analysis provided by Publictechnology.net