Laptop Warriors: A British ‘Cyber Defence League’?

uk-keyboard-cyber.jpg

UK Cyber Reserve Army Sets to Batten Down Countries Against Cyber War

It is clear that cyber reserve forces (i.e. civilian groups) can make an important contribution to a nation's cyber security strategy. Given the current skills shortage in cyber security, those that possess the necessary skills tend to command high salaries that the government cannot afford. 

Yet a reserve force gives a government access to such skills in a cost-effective manner. In addition, it enables a flexible approach - the government can call upon additional support as and when it is required (typically in crisis situations when critical digital systems and national infrastructure are under attack). 

It has previously been suggested that the UK should follow Estonia's lead in creating a comprehensive cyber reserve force. The UK could certainly do more; as discussed below, the current cyber reserve force is severely limited in its scope. However, whilst the Estonian cyber reserve may be the envy of many developed states, it should be recognised that it cannot necessarily be duplicated elsewhere, given the importance of political and cultural factors. 

The Joint Cyber Unit (JCU) makes up the British cyber reserve force, consisting of individuals leaving the military, current reservists and even those without prior military experience. Those within the military have acknowledged that the JCU needs to be predominately civilian - Major General Jonathan Shaw, head of Britain's Cyber Security Programme from 2011 to 2012 claimed that 'We need a cyber reserve and that should be largely civilian...Don't think camouflage, short-back-and-sides and weapons training. It's ponytails, earrings and thick spectacles - that's what we need.' 

However, the JCU is limited in scope for two reasons: First, there is predominantly a focus on technical requirements, as opposed to the broader skills required in cyber security (including legal, strategic, etc.). Second, the JCU is responsible for just the protection of the MoD's own networks, giving the unit a largely militaristic tone.
 
By contrast, the Estonian Defence League Cyber Unit (popularly known as the Cyber Defence League - CDL) is more encompassing. Although also located within a military institution, the CDL is largely civilian in nature. The CDL contains a greater variety of specialists: lawyers, academics and risk management consultants all contribute in addition to computer scientists and cyber security specialists. The CDL's remit goes far beyond the protection of just military networks and includes critical national infrastructure more broadly. Indeed, CDL members were on standby during Estonia's 2011 election - with a significant number of Estonians voting online, an attack on the voting systems is an obvious target for potential aggressors. The CDL has also hosted tabletop simulation exercises for the Estonian Cabinet, ensuring preparedness for cyber crisis situations at even the highest levels of government. 

Whilst the UK should certainly aspire to have a more comprehensive reserve force, duplicating the Estonian model will be difficult for a number of reasons.

First, as a small state, Estonia inherently facilitates the formation of a reserve force. Small states have historically adopted Total Defence models - with limited resources, the security of a state is the responsibility of every citizen - as opposed to just the military. Estonia's military reserve force outnumbers it full-time military 13,000 to 3,800. 
In addition, Estonia enforces compulsory military service for all healthy male citizens. Therefore the CDL has built upon a pre-existing culture of reserve forces and civilian involvement in security. In addition small states foster trust: with shorter communication links in an everybody-knows-everybody society, there is a greater chance CDL members will be known and trusted by the wider population compared to the UK. 

Second, there is a greater sense of patriotism in Estonia. CDL members volunteer for free - only getting paid when they are formally called up. By contrast, JCU members in the UK are paid for training exercises they attend. Estonia is united by a common and imposing threat in its neighbour Russia; there is a sense of duty and the need to come together in order to defend against a significantly more powerful potential aggressor, whereas there is not such a perceived threat in the British national psyche. The UK is arguably more worried about issues such as cybercrime, estimated to cost the UK £27 billion a year yet unlikely to be within the remit of a reserve force.  

Third, cyber security is an issue higher up the political agenda in Estonia with greater buy-in from the government and citizens alike. With limited resources and budget constraints, Estonia has adopted technological solutions in order to overcome the legacy of the Soviet Union. 

This trend has continued today with Estonia one of the most connected states in the world: Estonians pay taxes and vote online, government ministers make decisions via e-Cabinet and concerned parents can access their children's exam results, class attendance and homework assignments via their smartphones.  The role of technology in the in the development of Estonia, combined with current levels of digital dependency, mean that protecting digital systems is regarded as critically important.  

The CDL demonstrates the increasing role civilian networks are playing in cyberspace. Compared to conventional security domains, the barriers to entry in the cyber domain are lower. Even those without sophisticated technical skills can still make a meaningful contribution - either in an offensive or defensive capacity. It is therefore increasingly inappropriate to view the cyber domain through a militaristic lens: instead an appreciation of the non-traditional and non-state actors that are empowered in cyberspace is required.

Yet although reserve forces can offer a number of advantages, the Estonian model cannot necessarily be duplicated in the UK. It shows that despite cyber attacks being largely technical in nature, the response required has significant political components and implications. Whilst states share many of the same challenges at a technical level, it is clear that there will be very different responses to the problem, given the importance of cultural and political variables in determining a state's strategy.
 
Jamie Collier : http://bit.ly/1L1uRFV

Jamie Collier is Cyber Security DPhil student at the University of Oxford 

 

« Terrorists’ Social Media Output Under Scrutiny
Use Threat Intelligence to Boost Mobile Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.