Laptop Warriors: A British ‘Cyber Defence League’?

uk-keyboard-cyber.jpg

UK Cyber Reserve Army Sets to Batten Down Countries Against Cyber War

It is clear that cyber reserve forces (i.e. civilian groups) can make an important contribution to a nation's cyber security strategy. Given the current skills shortage in cyber security, those that possess the necessary skills tend to command high salaries that the government cannot afford. 

Yet a reserve force gives a government access to such skills in a cost-effective manner. In addition, it enables a flexible approach - the government can call upon additional support as and when it is required (typically in crisis situations when critical digital systems and national infrastructure are under attack). 

It has previously been suggested that the UK should follow Estonia's lead in creating a comprehensive cyber reserve force. The UK could certainly do more; as discussed below, the current cyber reserve force is severely limited in its scope. However, whilst the Estonian cyber reserve may be the envy of many developed states, it should be recognised that it cannot necessarily be duplicated elsewhere, given the importance of political and cultural factors. 

The Joint Cyber Unit (JCU) makes up the British cyber reserve force, consisting of individuals leaving the military, current reservists and even those without prior military experience. Those within the military have acknowledged that the JCU needs to be predominately civilian - Major General Jonathan Shaw, head of Britain's Cyber Security Programme from 2011 to 2012 claimed that 'We need a cyber reserve and that should be largely civilian...Don't think camouflage, short-back-and-sides and weapons training. It's ponytails, earrings and thick spectacles - that's what we need.' 

However, the JCU is limited in scope for two reasons: First, there is predominantly a focus on technical requirements, as opposed to the broader skills required in cyber security (including legal, strategic, etc.). Second, the JCU is responsible for just the protection of the MoD's own networks, giving the unit a largely militaristic tone.
 
By contrast, the Estonian Defence League Cyber Unit (popularly known as the Cyber Defence League - CDL) is more encompassing. Although also located within a military institution, the CDL is largely civilian in nature. The CDL contains a greater variety of specialists: lawyers, academics and risk management consultants all contribute in addition to computer scientists and cyber security specialists. The CDL's remit goes far beyond the protection of just military networks and includes critical national infrastructure more broadly. Indeed, CDL members were on standby during Estonia's 2011 election - with a significant number of Estonians voting online, an attack on the voting systems is an obvious target for potential aggressors. The CDL has also hosted tabletop simulation exercises for the Estonian Cabinet, ensuring preparedness for cyber crisis situations at even the highest levels of government. 

Whilst the UK should certainly aspire to have a more comprehensive reserve force, duplicating the Estonian model will be difficult for a number of reasons.

First, as a small state, Estonia inherently facilitates the formation of a reserve force. Small states have historically adopted Total Defence models - with limited resources, the security of a state is the responsibility of every citizen - as opposed to just the military. Estonia's military reserve force outnumbers it full-time military 13,000 to 3,800. 
In addition, Estonia enforces compulsory military service for all healthy male citizens. Therefore the CDL has built upon a pre-existing culture of reserve forces and civilian involvement in security. In addition small states foster trust: with shorter communication links in an everybody-knows-everybody society, there is a greater chance CDL members will be known and trusted by the wider population compared to the UK. 

Second, there is a greater sense of patriotism in Estonia. CDL members volunteer for free - only getting paid when they are formally called up. By contrast, JCU members in the UK are paid for training exercises they attend. Estonia is united by a common and imposing threat in its neighbour Russia; there is a sense of duty and the need to come together in order to defend against a significantly more powerful potential aggressor, whereas there is not such a perceived threat in the British national psyche. The UK is arguably more worried about issues such as cybercrime, estimated to cost the UK £27 billion a year yet unlikely to be within the remit of a reserve force.  

Third, cyber security is an issue higher up the political agenda in Estonia with greater buy-in from the government and citizens alike. With limited resources and budget constraints, Estonia has adopted technological solutions in order to overcome the legacy of the Soviet Union. 

This trend has continued today with Estonia one of the most connected states in the world: Estonians pay taxes and vote online, government ministers make decisions via e-Cabinet and concerned parents can access their children's exam results, class attendance and homework assignments via their smartphones.  The role of technology in the in the development of Estonia, combined with current levels of digital dependency, mean that protecting digital systems is regarded as critically important.  

The CDL demonstrates the increasing role civilian networks are playing in cyberspace. Compared to conventional security domains, the barriers to entry in the cyber domain are lower. Even those without sophisticated technical skills can still make a meaningful contribution - either in an offensive or defensive capacity. It is therefore increasingly inappropriate to view the cyber domain through a militaristic lens: instead an appreciation of the non-traditional and non-state actors that are empowered in cyberspace is required.

Yet although reserve forces can offer a number of advantages, the Estonian model cannot necessarily be duplicated in the UK. It shows that despite cyber attacks being largely technical in nature, the response required has significant political components and implications. Whilst states share many of the same challenges at a technical level, it is clear that there will be very different responses to the problem, given the importance of cultural and political variables in determining a state's strategy.
 
Jamie Collier : http://bit.ly/1L1uRFV

Jamie Collier is Cyber Security DPhil student at the University of Oxford 

 

« Terrorists’ Social Media Output Under Scrutiny
Use Threat Intelligence to Boost Mobile Security »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

Jerusalem Venture Partners (JVP)

Jerusalem Venture Partners (JVP)

JVP’s Center of Excellence in Be’er Sheva aims to identify, nurture and build the next wave of cyber security and big data companies to emerge out of Israel.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

Symptai Consulting

Symptai Consulting

Symptai Consulting is a leading Cyber Security, Digital Transformation and Anti-Money Laundering firm serving the Caribbean and the wider world.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Crisis24

Crisis24

Crisis24 is a leading integrated risk management, crisis response, consulting, and global protective solutions firm.

Emergence Insurance

Emergence Insurance

Emergence is an insurance underwriting agency, focused on providing insurance solutions to help protect businesses and families against their cyber risks.