Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/30/2012
12:11 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

McAfee and Security & Defence Agenda Release Global Cyber Defense Report

Fifty-seven percent of global experts believe that an arms race is taking place in cyberspace

Brussels, Washington DC - JANUARY 30, 2012 - McAfee and the Security & Defence Agenda (SDA) today revealed the findings from a report; Cyber-security: The Vexed Question of Global Rules that paints, for the first time, a global snapshot of current thinking about the cyber-threat and the measures that should be taken to defend against them, and assesses the way ahead. The SDA, the leading defense and security think-tank in Brussels, interviewed leading global security experts to ensure that findings would offer usable recommendations and actions. The report was created to identify key debate areas and trends and to help to governments and organizations understand how their cyber defense posture compares to those of other countries and organizations.

Here are some noted findings:

57% of global experts believe that an arms race is taking place in cyber space. 36% believe cybersecurity is more important than missile defense. 43% identified damage or disruption to critical infrastructure as the greatest single threat posed by cyber-attacks with wide economic consequences (up from 37% in McAfee’s 2010 Critical Infrastructure Report). 45% of respondents believe that cybersecurity is as important as border security. The state of cyber-readiness of the United States, Australia, UK, China and Germany all ranked behind smaller countries such as Israel, Sweden and Finland (23 countries ranked in report).

McAfee asked the SDA, as an independent think-tank, to produce the most informed report on global cyber defense available. The SDA had in-depth interviews with some 80 world-leading policy-makers and cybersecurity experts in government, business and academia in 27 countries and anonymously surveyed 250 world leaders in 35 countries. As the only specialist security and defense think-tank in Brussels, SDA has become one of the world’s leading forums for the discussion of international defense and security policies. The methodology used for rating various countries’ state of cyber-readiness is that developed by Robert Lentz, President of Cyber Security Strategies and former Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance. [see here for infographic on rankings]

Top 6 Actions Cited in Report

Real-time global information sharing required Financial incentives for critical improvements in security for both private and public sectors Give more power to law enforcement to combat cross-border cyber crime Best practice-led international security standards need to be developed Diplomatic challenges facing global cyber treaties need to be addressed Public awareness campaigns that go beyond current programs to help citizens

Real-time sharing of global intelligence was a core recommendation of the report, citing the building of trust between industry stakeholders by setting up bodies to share information and best practices, like the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA). “The core problem is that the cyber criminal has greater agility, given large funding streams and no legal boundaries to sharing information, and can thus choreograph well-orchestrated attacks into systems,” says Phyllis Schneck, Vice President and Chief Technology Officer, Global Public Sector, McAfee. “Until we can pool our data and equip our people and machines with intelligence, we are playing chess with only half the pieces.”

Experts interviewed also agreed that developments like smart phones and cloud computing mean we are seeing a whole new set of problems linked to inter-connectivity and sovereignty that require new regulations and new thinking. Last year, McAfee issued a Q3 threat report that stated that the total amount of malware targeted at Android devices jumped 76 percent from Q2 of 2010 to Q2 of last year, to become the most attacked mobile operating system.

Other key report findings from the SDA report include the following:

Need to address expected shortage of cyber workforce: More than half (56%) of the respondents highlight a coming skills shortage. Low level of preparedness for cyber attacks: China, Russia, Italy and Poland fall behind Finland, Israel, Sweden, Denmark, Estonia, France, Germany, Netherlands, UK, Spain and the United States. Cybersecurity exercises are not receiving strong participation from industry: Although almost everyone believes that exercises are important, only 20% of those surveyed in the private sector have taken part in such exercises. Risk assessment: Prioritize information protection, knowing that no one size fits all. The three key goals that need to be achieved are confidentiality, integration and availability in different doses according to the situation. Balance between security and privacy: Improve attribution capability by selectively reducing anonymity without sacrificing the privacy rights.

While many respondents believed that global treaties were an essential factor in the development of sound policy, some also suggested the establishment of cyber-confidence building measures as alternatives to global treaties, or as a stopgap measure, since treaties are seen as unverifiable, unenforceable and impractical. Stewart Barker, the former Assistant Secretary of Homeland Security under President George W. Bush, stated that treaties “delude western countries into thinking they have some protection against tactics that have been unilaterally abandoned by other treaty signatories.”

About the report: McAfee asked the Security & Defence Agenda (SDA) as an independent think-tank to produce the most extensive report on Cyber Defense. The report stack ranks the degree to which governments are prepared to withstand cyber attacks. This SDA report sets out to reflect the many different views on what cyber-security means, and how to move towards it. To build up a multi-faceted picture of opinion worldwide, SDA interviewed world leaders to highlight what they see as the key issues.

To download “The Cyber Defense Report” report please visit www.mcafee.com/

About McAfee

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe.

About SDA The Security & Defence Agenda (SDA) is Brussels' only dedicated security and defence think-tank. The SDA raises awareness by anticipating the political agenda and focusing attention on European and transatlantic policy challenges related to security and defence. Its activities include roundtables, lunch and evening debates, policymakers’ dinners, international conferences and a range of publications. The SDA brings together experts and policymakers from the EU institutions, NATO, national governments, industry, the media, think-tanks, academia and NGOs. This diversity, and a reputation for thought-provoking debate, has kept the SDA at the heart of the defence and security community.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15151
PUBLISHED: 2019-08-18
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
CVE-2019-15149
PUBLISHED: 2019-08-18
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected.
CVE-2019-15145
PUBLISHED: 2019-08-18
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15146
PUBLISHED: 2019-08-18
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.
CVE-2019-15147
PUBLISHED: 2019-08-18
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.