Stewart Baker, former assistant secretary for policy DHS, and Phyllis Schneck, chief technology officer at McAfee, present "Cyber-security: The vexed question of global rules." (McAfee)
- Filed Under
The U.S. ranked behind Finland, Israel and Sweden in a new report analyzing the ability of countries to defend themselves against cyber attacks. The report pointed to information-sharing limitations as one of the key stumbling blocks for U.S. security, giving the country four out of a possible five stars.
“Government only inhales, it never exhales,” said Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council. He was part of a panel assembled for the release of the report Jan. 30. “It will take all the information, but it will find any excuse to not share.”
The reputational rankings appeared in “Cyber-security: The vexed question of global rules,” a report based on surveys with 250 leaders in 35 countries that rated 23 countries. Produced by the Security & Defense Agenda, a Brussels-based think tank, and the cybersecurity company McAfee, the report used a methodology developed by Robert Lentz, former deputy assistant secretary of defense for cyber, that measures preparedness based upon a country’s technology and available pool of expertise.
While ranked as even with Germany, France and the United Kingdom, among others, the United States was ahead of China and Russia, which only received three stars. The two countries are often cited as the source of the vast majority of cyber attacks, with those emanating from China appearing to be state-sponsored espionage and those from Russia likely financial crime related.
Although information-sharing was cited as the best technique for combating cyber attacks, the details can be difficult to figure out, experts said.
“If we made information-sharing perfect tomorrow, we would help the companies that probably need the help the least,” said Jeff Greene, counsel for the Senate Homeland Security and Governmental Affairs Committee.
Greene has been working on a cybersecurity bill that is expected to be brought to the floor of the Senate some time in the next three weeks, he said.
“It is our intention that there is a strong information-sharing provision in whatever bill we pass soon, but I think it’s important to recognize that it is just a piece of what needs to be done, and probably isn’t going to reach some of the industries and some of the individual entities that need help the most.”
Attribution remains a tricky problem, experts said, but that doesn’t mean that companies aren’t getting better. Tim McKnight, a chief information security officer at Northrop Grumman, indicated that the company had been able to pinpoint a collection of groups that have been waging attacks.
“We track about 26 different gangs that have been attacking our company for the last seven years,” he said.
