Most Sectors Not Prepared for Cyber Attack yet the Chinese are Best at Cyber Security?

This was written by Michael W. Cheek on Thursday, January 28, 2010, 17:49.

The US is perhaps the most networked nation in the world. We utilize information technology networks to conduct business, bank, shop and even conduct warfare. One of the greatest assets of the US infrastructure is the prevalence of IT networks. It allows us to access information rapidly and conduct essential transactions.

This absolute reliance on networks also serves as one of our nation’s greatest vulnerabilities. Previously, researchers demonstrated that a power generator could be destroyed by hacking the system and causing an overload.

With the majority of critical infrastructure held by the private sector, the US faces a series of unique challenges in defending domestic networks.

The New New Internet has learned that McAfee, a computer security company, recently commissioned a study conducted by CSIS on the threats to critical infrastructure in cyberspace. The study titled “In the Crossfire: Critical Infrastructure in the Age of Cyber War,” is the first of its kind to look at the problem globally.

The report contains a number of revealing findings regarding security throughout a variety of business sectors. There has been a marked increase in cyber attacks against companies and yet the global recession saw the slashing of funding at some IT departments.

Among the wide array of companies surveyed, 89 percent reported attacks involving malware, 60 percent reported theft-of-service attacks and over 70 percent reported a range of other attacks including phishing and pharming. Around 30 percent of the companies surveyed also said that they had little faith in their banks and telecom providers’ ability to withstand attack. In the Middle East, 95 percent of respondents said that their sector was not prepared to handle Ghostnet style attacks.

The report also highlighted some of the varied roles governments can and do play in cyber security. One aspect is partnering with the private sector.

Asha Mathew, senior council for the Senate Committee on Homeland Security and Governmental Affairs, said at the announcement of this report “without working in partnership with the private sector it would be very difficult for the federal government to achieve much of anything.”

The Department of Homeland Security has the lead role in handling partnerships with the private sector for critical infrastructure protection (CIP). Jenna Menna of DHS, said the department was “looking at ways to share that really meaningful information” with the private sector. Sue Armstrong, deputy assistant secretary for infrastructure protection at DHS, said “security is obviously a shared responsibility and I believe we need to push the public/private partnership.”

Nevertheless, only half of the respondents believe the laws in their country are adequate to respond to the threats in cyberspace.

In perhaps the strangest twist in the report, China received relatively high marks for ensuring that companies are implementing cyber security protocols. China has uniquely close cooperation with officials, high levels of regulation and auditing, robust confidence in government and higher adoption of security measures. Chinese companies also report a lower level of cyber incidents than their counterparts in other major developing nations like Brazil and India.

In China, around 80 percent of respondents said that the Chinese government had audited their security procedures. In another twist, the US is viewed as a greater threat by the companies surveyed than China was (36 and 33 percent respectively).

Dr. Phyllis Schneck, VP and director of threat intelligence for the Americas at McAfee, pointed to the importance of the report and what is at stake. “The bad guys right now are better than we are and they are winning this war,” she said. “They don’t need meetings to do bad things.”

The report from McAfee can be accessed here