Laptop Warriors: A British ‘Cyber Defence League’?

uk-keyboard-cyber.jpg

UK Cyber Reserve Army Sets to Batten Down Countries Against Cyber War

It is clear that cyber reserve forces (i.e. civilian groups) can make an important contribution to a nation's cyber security strategy. Given the current skills shortage in cyber security, those that possess the necessary skills tend to command high salaries that the government cannot afford. 

Yet a reserve force gives a government access to such skills in a cost-effective manner. In addition, it enables a flexible approach - the government can call upon additional support as and when it is required (typically in crisis situations when critical digital systems and national infrastructure are under attack). 

It has previously been suggested that the UK should follow Estonia's lead in creating a comprehensive cyber reserve force. The UK could certainly do more; as discussed below, the current cyber reserve force is severely limited in its scope. However, whilst the Estonian cyber reserve may be the envy of many developed states, it should be recognised that it cannot necessarily be duplicated elsewhere, given the importance of political and cultural factors. 

The Joint Cyber Unit (JCU) makes up the British cyber reserve force, consisting of individuals leaving the military, current reservists and even those without prior military experience. Those within the military have acknowledged that the JCU needs to be predominately civilian - Major General Jonathan Shaw, head of Britain's Cyber Security Programme from 2011 to 2012 claimed that 'We need a cyber reserve and that should be largely civilian...Don't think camouflage, short-back-and-sides and weapons training. It's ponytails, earrings and thick spectacles - that's what we need.' 

However, the JCU is limited in scope for two reasons: First, there is predominantly a focus on technical requirements, as opposed to the broader skills required in cyber security (including legal, strategic, etc.). Second, the JCU is responsible for just the protection of the MoD's own networks, giving the unit a largely militaristic tone.
 
By contrast, the Estonian Defence League Cyber Unit (popularly known as the Cyber Defence League - CDL) is more encompassing. Although also located within a military institution, the CDL is largely civilian in nature. The CDL contains a greater variety of specialists: lawyers, academics and risk management consultants all contribute in addition to computer scientists and cyber security specialists. The CDL's remit goes far beyond the protection of just military networks and includes critical national infrastructure more broadly. Indeed, CDL members were on standby during Estonia's 2011 election - with a significant number of Estonians voting online, an attack on the voting systems is an obvious target for potential aggressors. The CDL has also hosted tabletop simulation exercises for the Estonian Cabinet, ensuring preparedness for cyber crisis situations at even the highest levels of government. 

Whilst the UK should certainly aspire to have a more comprehensive reserve force, duplicating the Estonian model will be difficult for a number of reasons.

First, as a small state, Estonia inherently facilitates the formation of a reserve force. Small states have historically adopted Total Defence models - with limited resources, the security of a state is the responsibility of every citizen - as opposed to just the military. Estonia's military reserve force outnumbers it full-time military 13,000 to 3,800. 
In addition, Estonia enforces compulsory military service for all healthy male citizens. Therefore the CDL has built upon a pre-existing culture of reserve forces and civilian involvement in security. In addition small states foster trust: with shorter communication links in an everybody-knows-everybody society, there is a greater chance CDL members will be known and trusted by the wider population compared to the UK. 

Second, there is a greater sense of patriotism in Estonia. CDL members volunteer for free - only getting paid when they are formally called up. By contrast, JCU members in the UK are paid for training exercises they attend. Estonia is united by a common and imposing threat in its neighbour Russia; there is a sense of duty and the need to come together in order to defend against a significantly more powerful potential aggressor, whereas there is not such a perceived threat in the British national psyche. The UK is arguably more worried about issues such as cybercrime, estimated to cost the UK £27 billion a year yet unlikely to be within the remit of a reserve force.  

Third, cyber security is an issue higher up the political agenda in Estonia with greater buy-in from the government and citizens alike. With limited resources and budget constraints, Estonia has adopted technological solutions in order to overcome the legacy of the Soviet Union. 

This trend has continued today with Estonia one of the most connected states in the world: Estonians pay taxes and vote online, government ministers make decisions via e-Cabinet and concerned parents can access their children's exam results, class attendance and homework assignments via their smartphones.  The role of technology in the in the development of Estonia, combined with current levels of digital dependency, mean that protecting digital systems is regarded as critically important.  

The CDL demonstrates the increasing role civilian networks are playing in cyberspace. Compared to conventional security domains, the barriers to entry in the cyber domain are lower. Even those without sophisticated technical skills can still make a meaningful contribution - either in an offensive or defensive capacity. It is therefore increasingly inappropriate to view the cyber domain through a militaristic lens: instead an appreciation of the non-traditional and non-state actors that are empowered in cyberspace is required.

Yet although reserve forces can offer a number of advantages, the Estonian model cannot necessarily be duplicated in the UK. It shows that despite cyber attacks being largely technical in nature, the response required has significant political components and implications. Whilst states share many of the same challenges at a technical level, it is clear that there will be very different responses to the problem, given the importance of cultural and political variables in determining a state's strategy.
 
Jamie Collier : http://bit.ly/1L1uRFV

Jamie Collier is Cyber Security DPhil student at the University of Oxford 

 

« Terrorists’ Social Media Output Under Scrutiny
Use Threat Intelligence to Boost Mobile Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Findcourses.com

Findcourses.com

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Jacobs

Jacobs

Jacobs is at the forefront of the most important security issues today. We are inspired to be the best and deliver innovative, mission-focused outcomes that matter to our clients.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

Cyber Suraksa

Cyber Suraksa

We make security simple and hassle-free by offering a sustained and secure IT environment with next-gen cybersecurity solutions through a scalable security-as-a-service model.