Laptop Warriors: A British ‘Cyber Defence League’?

Uploaded on 2015-07-15 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

uk-keyboard-cyber.jpg

UK Cyber Reserve Army Sets to Batten Down Countries Against Cyber War

It is clear that cyber reserve forces (i.e. civilian groups) can make an important contribution to a nation's cyber security strategy. Given the current skills shortage in cyber security, those that possess the necessary skills tend to command high salaries that the government cannot afford. 

Yet a reserve force gives a government access to such skills in a cost-effective manner. In addition, it enables a flexible approach - the government can call upon additional support as and when it is required (typically in crisis situations when critical digital systems and national infrastructure are under attack). 

It has previously been suggested that the UK should follow Estonia's lead in creating a comprehensive cyber reserve force. The UK could certainly do more; as discussed below, the current cyber reserve force is severely limited in its scope. However, whilst the Estonian cyber reserve may be the envy of many developed states, it should be recognised that it cannot necessarily be duplicated elsewhere, given the importance of political and cultural factors. 

The Joint Cyber Unit (JCU) makes up the British cyber reserve force, consisting of individuals leaving the military, current reservists and even those without prior military experience. Those within the military have acknowledged that the JCU needs to be predominately civilian - Major General Jonathan Shaw, head of Britain's Cyber Security Programme from 2011 to 2012 claimed that 'We need a cyber reserve and that should be largely civilian...Don't think camouflage, short-back-and-sides and weapons training. It's ponytails, earrings and thick spectacles - that's what we need.' 

However, the JCU is limited in scope for two reasons: First, there is predominantly a focus on technical requirements, as opposed to the broader skills required in cyber security (including legal, strategic, etc.). Second, the JCU is responsible for just the protection of the MoD's own networks, giving the unit a largely militaristic tone.
 
By contrast, the Estonian Defence League Cyber Unit (popularly known as the Cyber Defence League - CDL) is more encompassing. Although also located within a military institution, the CDL is largely civilian in nature. The CDL contains a greater variety of specialists: lawyers, academics and risk management consultants all contribute in addition to computer scientists and cyber security specialists. The CDL's remit goes far beyond the protection of just military networks and includes critical national infrastructure more broadly. Indeed, CDL members were on standby during Estonia's 2011 election - with a significant number of Estonians voting online, an attack on the voting systems is an obvious target for potential aggressors. The CDL has also hosted tabletop simulation exercises for the Estonian Cabinet, ensuring preparedness for cyber crisis situations at even the highest levels of government. 

Whilst the UK should certainly aspire to have a more comprehensive reserve force, duplicating the Estonian model will be difficult for a number of reasons.

First, as a small state, Estonia inherently facilitates the formation of a reserve force. Small states have historically adopted Total Defence models - with limited resources, the security of a state is the responsibility of every citizen - as opposed to just the military. Estonia's military reserve force outnumbers it full-time military 13,000 to 3,800. 
In addition, Estonia enforces compulsory military service for all healthy male citizens. Therefore the CDL has built upon a pre-existing culture of reserve forces and civilian involvement in security. In addition small states foster trust: with shorter communication links in an everybody-knows-everybody society, there is a greater chance CDL members will be known and trusted by the wider population compared to the UK. 

Second, there is a greater sense of patriotism in Estonia. CDL members volunteer for free - only getting paid when they are formally called up. By contrast, JCU members in the UK are paid for training exercises they attend. Estonia is united by a common and imposing threat in its neighbour Russia; there is a sense of duty and the need to come together in order to defend against a significantly more powerful potential aggressor, whereas there is not such a perceived threat in the British national psyche. The UK is arguably more worried about issues such as cybercrime, estimated to cost the UK £27 billion a year yet unlikely to be within the remit of a reserve force.  

Third, cyber security is an issue higher up the political agenda in Estonia with greater buy-in from the government and citizens alike. With limited resources and budget constraints, Estonia has adopted technological solutions in order to overcome the legacy of the Soviet Union. 

This trend has continued today with Estonia one of the most connected states in the world: Estonians pay taxes and vote online, government ministers make decisions via e-Cabinet and concerned parents can access their children's exam results, class attendance and homework assignments via their smartphones.  The role of technology in the in the development of Estonia, combined with current levels of digital dependency, mean that protecting digital systems is regarded as critically important.  

The CDL demonstrates the increasing role civilian networks are playing in cyberspace. Compared to conventional security domains, the barriers to entry in the cyber domain are lower. Even those without sophisticated technical skills can still make a meaningful contribution - either in an offensive or defensive capacity. It is therefore increasingly inappropriate to view the cyber domain through a militaristic lens: instead an appreciation of the non-traditional and non-state actors that are empowered in cyberspace is required.

Yet although reserve forces can offer a number of advantages, the Estonian model cannot necessarily be duplicated in the UK. It shows that despite cyber attacks being largely technical in nature, the response required has significant political components and implications. Whilst states share many of the same challenges at a technical level, it is clear that there will be very different responses to the problem, given the importance of cultural and political variables in determining a state's strategy.
 
Jamie Collier : http://bit.ly/1L1uRFV

Jamie Collier is Cyber Security DPhil student at the University of Oxford 

 

« Terrorists’ Social Media Output Under Scrutiny
Use Threat Intelligence to Boost Mobile Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

IABG

IABG

IABG offer independent, product-neutral consulting as well as technical and scientific services for the use of safety-relevant systems and technologies.

National Information Technology Development Agency (NITDA) - Nigeria

National Information Technology Development Agency (NITDA) - Nigeria

The National Information Technology Development Agency (NITDA) is committed to implementing the Nigerian National Information Technology Policy.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

DataViper

DataViper

DataViper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.