Sharing information and best practices among government, industry and academia is crucial to nations shoring up their cyber security defenses, according to a report released yesterday.
Cyber-security: The Vexed Question of Global Rules, a joint report by security technology company McAfee [MFE] and the Belgium-based think tank Security & Defence Agenda, said to have a good picture of the risks and dangers on the internet, the private sector has to share information with the public and vice versa. For instance, the report cites, what if a series of cyber attacks directed at governments were somehow related to similar attacks aimed at financial institutions.
The next step would be to pass on this information to academia.
“We can’t have security and obscurity,” said Jesus Luna, a cyber security researcher for the Germany-based Deeds Group. “Academia can provide the algorithms and the techniques, but we are missing the data that validates our research. We need private and public information.”
Two examples of improved information sharing between the private and public sectors are the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA). According to its website, CSA is a non-profit, third-party organization that promotes the use of best practices for providing security assurance within cloud computing.
Unfortunately, many private companies are unwilling to share information with other companies in fear of a competitive disadvantage and are afraid to share the information with the government for fear it will be misused. But increased information sharing would benefit everyone, Costin Raiu, director for global research and analysis at Kaspersky Labs, said in the report.
“Governments and the military will see marked improvement in their security,” he said. “Academia will be able to develop new protocols and design new architectures, and if users are better protected, cyber crime will go down.”
The report also recommends increasing public awareness of how individuals can protect their own data. With the proliferation of easy-internet-access devices like smartphones, many people indiscriminately transfer sensitive information that could be accessible to criminals. Tim Scully, head of cyber security for BAE Systems in Australia, said in the report that people need to focus on protecting their most sensitive information rather than the system itself.
Oliver Caleff, a senior security consultant with CERT-DEVOTEAM in France, said in the report that educating and training users would be a big step.
“I would say that’s 80 percent of the solution,” he said.
A third suggestion is examining the opportunities and problems created with cloud computing and smart phones. According to the report, cloud computing is rapid, on-demand network access to a shared pool of computing resources. One issue with cloud computing is legal jurisdiction. The report cites Google [GOOG] having one-third of its cloud in Canada.
Other recommendations made in the report include: prioritizing information protection; improving cyber-confidence building measures as an alternative to global treaties; improving communication among policymakers, technological experts and business leaders both at the national and international levels; and finding ways of establishing trust between the private and public sectors.