Laptop Warriors: A British ‘Cyber Defence League’?

uk-keyboard-cyber.jpg

UK Cyber Reserve Army Sets to Batten Down Countries Against Cyber War

It is clear that cyber reserve forces (i.e. civilian groups) can make an important contribution to a nation's cyber security strategy. Given the current skills shortage in cyber security, those that possess the necessary skills tend to command high salaries that the government cannot afford. 

Yet a reserve force gives a government access to such skills in a cost-effective manner. In addition, it enables a flexible approach - the government can call upon additional support as and when it is required (typically in crisis situations when critical digital systems and national infrastructure are under attack). 

It has previously been suggested that the UK should follow Estonia's lead in creating a comprehensive cyber reserve force. The UK could certainly do more; as discussed below, the current cyber reserve force is severely limited in its scope. However, whilst the Estonian cyber reserve may be the envy of many developed states, it should be recognised that it cannot necessarily be duplicated elsewhere, given the importance of political and cultural factors. 

The Joint Cyber Unit (JCU) makes up the British cyber reserve force, consisting of individuals leaving the military, current reservists and even those without prior military experience. Those within the military have acknowledged that the JCU needs to be predominately civilian - Major General Jonathan Shaw, head of Britain's Cyber Security Programme from 2011 to 2012 claimed that 'We need a cyber reserve and that should be largely civilian...Don't think camouflage, short-back-and-sides and weapons training. It's ponytails, earrings and thick spectacles - that's what we need.' 

However, the JCU is limited in scope for two reasons: First, there is predominantly a focus on technical requirements, as opposed to the broader skills required in cyber security (including legal, strategic, etc.). Second, the JCU is responsible for just the protection of the MoD's own networks, giving the unit a largely militaristic tone.
 
By contrast, the Estonian Defence League Cyber Unit (popularly known as the Cyber Defence League - CDL) is more encompassing. Although also located within a military institution, the CDL is largely civilian in nature. The CDL contains a greater variety of specialists: lawyers, academics and risk management consultants all contribute in addition to computer scientists and cyber security specialists. The CDL's remit goes far beyond the protection of just military networks and includes critical national infrastructure more broadly. Indeed, CDL members were on standby during Estonia's 2011 election - with a significant number of Estonians voting online, an attack on the voting systems is an obvious target for potential aggressors. The CDL has also hosted tabletop simulation exercises for the Estonian Cabinet, ensuring preparedness for cyber crisis situations at even the highest levels of government. 

Whilst the UK should certainly aspire to have a more comprehensive reserve force, duplicating the Estonian model will be difficult for a number of reasons.

First, as a small state, Estonia inherently facilitates the formation of a reserve force. Small states have historically adopted Total Defence models - with limited resources, the security of a state is the responsibility of every citizen - as opposed to just the military. Estonia's military reserve force outnumbers it full-time military 13,000 to 3,800. 
In addition, Estonia enforces compulsory military service for all healthy male citizens. Therefore the CDL has built upon a pre-existing culture of reserve forces and civilian involvement in security. In addition small states foster trust: with shorter communication links in an everybody-knows-everybody society, there is a greater chance CDL members will be known and trusted by the wider population compared to the UK. 

Second, there is a greater sense of patriotism in Estonia. CDL members volunteer for free - only getting paid when they are formally called up. By contrast, JCU members in the UK are paid for training exercises they attend. Estonia is united by a common and imposing threat in its neighbour Russia; there is a sense of duty and the need to come together in order to defend against a significantly more powerful potential aggressor, whereas there is not such a perceived threat in the British national psyche. The UK is arguably more worried about issues such as cybercrime, estimated to cost the UK £27 billion a year yet unlikely to be within the remit of a reserve force.  

Third, cyber security is an issue higher up the political agenda in Estonia with greater buy-in from the government and citizens alike. With limited resources and budget constraints, Estonia has adopted technological solutions in order to overcome the legacy of the Soviet Union. 

This trend has continued today with Estonia one of the most connected states in the world: Estonians pay taxes and vote online, government ministers make decisions via e-Cabinet and concerned parents can access their children's exam results, class attendance and homework assignments via their smartphones.  The role of technology in the in the development of Estonia, combined with current levels of digital dependency, mean that protecting digital systems is regarded as critically important.  

The CDL demonstrates the increasing role civilian networks are playing in cyberspace. Compared to conventional security domains, the barriers to entry in the cyber domain are lower. Even those without sophisticated technical skills can still make a meaningful contribution - either in an offensive or defensive capacity. It is therefore increasingly inappropriate to view the cyber domain through a militaristic lens: instead an appreciation of the non-traditional and non-state actors that are empowered in cyberspace is required.

Yet although reserve forces can offer a number of advantages, the Estonian model cannot necessarily be duplicated in the UK. It shows that despite cyber attacks being largely technical in nature, the response required has significant political components and implications. Whilst states share many of the same challenges at a technical level, it is clear that there will be very different responses to the problem, given the importance of cultural and political variables in determining a state's strategy.
 
Jamie Collier : http://bit.ly/1L1uRFV

Jamie Collier is Cyber Security DPhil student at the University of Oxford 

 

« Terrorists’ Social Media Output Under Scrutiny
Use Threat Intelligence to Boost Mobile Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Trianz

Trianz

Trianz Cybersecurity Services are Powered by One of the World’s Largest Databases on Digital Transformation. We Understand Evolving Risks, Technologies and Best Practices.

Hayes Connor Solicitors

Hayes Connor Solicitors

Hayes Connor Solicitors is a specialist data breach and cybercrime law firm. We act for clients on individual data breaches and also where a group has been compromised as part of a targeted attack.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

SafeLiShare

SafeLiShare

SafeLiShare’s data security platform unifies encryption strategies for organizations with hybrid and multi-cloud infrastructures, ensuring data is secure regardless of its location.