A global cyberwarfare arms race is in full swing, a majority of cybersecurity and policy experts surveyed worldwide agrees.
Such a finding may not be entirely surprising given that news reports of such an arms race have been popping up like mushrooms over the past year.
But the 2011-2012 survey – conducted by the Security & Defence Agenda (SDA) of Brussels, a specialist security and defense think-tank, and McAfee, a cybersecurity company – was purportedly of 250 of the world’s top policy wonks in 27 countries, a group presumably less likely to be whipsawed by media reports. If so, it may indicate that the reported rise in nation-state cyberthreats is not just news gatherers run amok.
Either way, efforts to get a grip on how big and diverse the cyberthreat facing the world really is are generally welcome for whatever might be gleaned, cyberexperts say. In that vein, the new survey released Jan. 30 found that:
• 57 percent of global experts believe an arms race is taking place in cyberspace.
• 36 percent say cybersecurity is more important than missile defense.
• 43 percent identified damage or disruption to critical infrastructure as the greatest single threat posed by cyberattacks with wide economic consequences – a jump from 37 percent in McAfee’s 2010 Critical Infrastructure Report.
• 45 percent say cybersecurity is now as important as border security.
A number of countries are developing plans to “respond more aggressively” to cyberattacks and funding major investments in offensive systems, said a number of the more than 80 cybersecurity experts in government, companies, international organizations, and academia who were interviewed in depth for the survey.
One example, Britain in late 2011 released a cyberstrategy that promoted the idea of both companies and the military taking strong defensive action.
“Instead of writing off losses, [companies] should invest into actively targeting those organizations that have been attacking them,” William Beer, director of information and cybersecurity practice at PricewaterhouseCoopers, based in London, told the survey.
David Marcus, director of advance research and threat intelligence at McAfee Labs says it was necessary this time for the company's annual global survey to focus on the world's drift toward offensive cybertechnologies.
“Everybody only discusses offensive cyber strategy via veiled references to the Russians and the Chinese without any strong, public, quantifiable proof,” he says in the survey report. “No one has stepped back and said, let's take the 30 or so countries we think have offensive cyber capabilities and grade what they are and how they differ.”
To try to do that, the survey rated countries with one-to-five stars, five stars being the highest level of cyberpreparedness – offensive and defensive. In that ranking, the US received four stars while Israel received 4.5 stars. China and Russia both received three stars – but survey respondents said both were formidable threats beyond their stars rank.
In its 2011 report, the office of the National Counterintelligence Executive for the US accused both China and Russia of persistent cyberespionage against America that represented “a persistent threat to US economic security.”
But Russian and Chinese experts say they are victims, too, and are united in trying to bring nations together to combat cyberthreats, from espionage to cyber weapons. Terrorism and social networking are considered major threats by both governments.
“We've been a target of terrorist attacks,” says Vladimire Chizhov, the Russian Federation's Ambassador to the EU told the survey, noting his country's longstanding call to develop an international agreement on cyberthreats. “This type of crime can only be successfully fought through international cooperation.”
But one nation’s cyberterrorist may be another nation's cyber freedom fighter. Which leaves the US and other Western nations warily edging into international discussions, leery about any agreement that would provide a rationale for regimes to clamp down on freedom of speech on the Internet. Yet the need for some international understanding to rein in the growing threat is acknowledged.
“In order to make a difference, all countries have to take responsibility for what's happening in their own infrastructure, and the only way to achieve that is through international organizations,” says Melissa Hathaway, a former adviser on cybersecurity issues to the Obama administration. “We have to agree in the G20, NATO, and the UN about what is acceptable.”