Do hackers have the advantage in cyber space? Currently the odds appear to be stacked in their favour as they are able to use all the benefits of operating on the internet:
- They collaborate very quickly to share knowledge on the latest vulnerabilities and develop malware
- They can achieve massive multiplication effects through the use of botnets
- They can shift their operations very quickly to avoid detection and attribution
Consequently, the forces for good often appear one or two steps behind. What can we do to rebalance the odds in our favour?
The key is collaboration. And, like our adversaries, this collaboration needs to break new ground, involve a wider community — of public and private sector bodies — and operate at internet speed.
Why is collaboration important?
Firstly, there is a multiplicity of companies, organisations, government bodies who have an interest in making the internet a safe place to operate collectively possess a wealth of information and intelligence on the activities of hackers.
This includes information on vulnerabilities, the latest malware, attack techniques, the targets of attacks, the IP addresses and ISPs used by attackers.
A massive quantity of data is being collected daily across the globe and analysed.
Yet, much of this information is not shared or flows very slowly due to a variety of constraints. In some cases these constraints are technical because the infrastructure is not in place to support rapid dissemination of information and threat intelligence.
More significant are the commercial and legal sensitivities which constrain corporate willingness to release information.
Commercial pressures are still the most significant obstacle to achieving better security as tight budgets lead to the descoping of security over functional requirements.
In competitive situations bidders are often pressed into diluting the security aspects of their proposal; this behaviour has been reinforced by the fact that the security elements of a proposal have not hitherto been subject to the same degree of scrutiny or carried the same weight as other aspects.
Many commentators argue that free market mechanisms require some regulation if we are to achieve the strategic effect of better security.
Application of agreed common standards in key sectors, such as public sector, defence industry and finance sector will drive up the overall quality of our defences and ensure a more level playing field in competitive situations.
Real collaboration can make a big difference but there are also significant obstacles to overcome: sensitivity about the sources of the information, commercial and legal issues all potentially stand in the way but are soluble if the collective will is there.
We need to establish new structures for sharing knowledge and taking collective action which avoid the bureaucracy and delay of traditional approaches and utilise the same technology exploited by our adversaries for rapid, real time tip-off and response.
Effective collaboration also requires leadership by those in a position to effect change: we need governments and industry bodies to take the initiative and provide the initial stimulus for action.
Nick Hopkinson was formerly CIO at GCHQ. He is now cyber security director at CSC: an IT services company providing cyber security solutions for business