SDA cyber-security report

31/01/2012

In the scope of its evening debate on "Improving global cyber-governance", the SDA launched its flagship report "Cyber-security: The vexed question of global rules", based on over 80 interviews with senior specialists and policy makers and a survey of 250 experts from around the world.

SDA Director Giles Merritt and report author Brigid Grauman welcomed a panel of high-level experts to discuss the complex challenges of global governance in cyber-space.

As Grauman explained, “The report is aimed at political decision makers who are increasingly aware of the threat, but do not understand the details and implications of that threat.” The report is particularly provocative in this regard, by attempting to rank various case-study nations in terms of cyber-preparedness. While obviously inherently subjective, Grauman vindicated this choice. “Every country has its strengths and weaknesses, and some have reacted much sooner to these challenges than others.”

Taking up these themes, the issue of public private partnerships (PPP) was taken up by Demosthenes Ikonomou, Head of Secure Services & Project Support Activities for the European Network Security Agency. Avowing that “we are not dealing with a national problem, it is a pan-European problem”, Ikonomou expressed some concern about the success of PPP as a governance model in Europe. “Many who come to these PPP meetings do not come with an idea of collaboration in mind, they come wanting to see what the governments are saying… they see a damage control exercise.”

Next, Vice President and Chief Security Officer of the Internet Corporation for Assigned Names and Numbers (ICANN), Jeff Moss, gave the perspective of his global internet management agency. He advocated engaging with the communities of hackers that are out pushing the boundaries of cyber-space. “It’s hackers who show us what is actually possible. They are our view into what is achievable in the online world”, he explained.

Raj Samani, Vice President and CTO of McAfee Europe, Middle East and Africa, cautioned that you cannot ever completely remove our vulnerability to threats.” We have to be realistic, people produce code, and as they do this, there are bound to be vulnerabilities within this code”. Consistency in advice may thus be more achievable than total security in global governance, he explained. “It is important that we collaborate to provide one consistent voice to tell people how to stay safe.”

Finally, NATO’s Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges, engaged with the challenges of cooperating in governance between his organisation and the EU. For him, a distinct delegation of roles may be less important than simply agreeing on a common standard. “The problem is that in cyber-space we have not identified the minimum standards – too much of it is voluntary, and self-certification rarely stands up to stress tests.”

Moreover, the NATO official was confident that NATO and the EU were finding the right balance in their relationship. “I’d argue this is an area where we’ve done rather well. Frankly, NATO has something in cyber which the Commission sees as useful.”

Indeed, all panellists agreed that with the range of challenges posed by governance in cyber-space, simply being useful, rather than an active hindrance to attacks, was a tactical victory in this difficult struggle.

Download the report.