The threat of cyber attacks on individuals, businesses and governments is now so large and so serious that participants at the 2013 World Economic Forum in Davos are talking about the need for a global agency that would serve as a kind of center for disease control, gathering information about viruses that pose a threat to the health of the global economy. (see related story about the darker side of cyberspace on Informilo’s home page.)
On January 25 government officials and executives from a variety of industries, including tech, oil, financial services and travel, gathered in a closed private session at a hotel located in this snowy Alpine resort to talk about the formation of a center for type of disease control and other steps that could be used to combat cyber crime. Already over 85 companies and organizations have signed up to join the Forum’s “cyber resilience” effort. The UK government is the latest to join. Foreign secretary William Hague, who participated in the workshop, signed the document in Davos, shortly after the workshop ended.
While governments are making efforts to combat cyber crime on their own, the size of the problem requires a global approach. That is where the Forum comes in. Working from the principle that a “locked down economy is a frozen economy”, the Forum in 2011 partnered with Deloitte to evaluate the cyber risk landscape and work with companies and governments on combat plans. The goal is to maximize the benefits of the digital age and an open Internet while smartly implementing security measures. There is no other choice, said one participant, as a return to doing things manually is no longer an option.
At the WEF work shop participants talked about how companies need to be encouraged to be open about hacking attempts and share best defense practices while boards and top management become educated about their companies’ vulnerability to attack.
But that won’t be enough. IT security companies will need to get agreement from their boards to contribute open source solutions or a global CDC center will fail, predicted workshop participant Michael Fertik, a Silicon Valley Internet entrepreneur who founded Reputation.com, which specializes in protecting reputation and digital privacy for individuals.
In a world in which the everything from the locks of the doors of our homes and offices to our most sensitive business information and our credit cards are all controlled from our mobile phones, the dangers are escalating, requiring increased vigilance and better solutions.
The reason that the forum called its initiative “ cyber resilience” and not cyber security is that no matter how many firewalls are built there will be failures so governments and companies need to know how to bounce back.
The UK and the EU have already separately launched a number of cyber initiatives. The UK, for example, has formed a coalition with the governments of Australia and New Zealand to provide funding for the UK-based Global Centre For Cyber Security Capacity Building, designed to support global collaboration on cyber issues. And, the European Commissioner responsible for the Digital Agenda Neelie Kroes, a speaker at WEF 2013 and a participant in the workshop, has been working with the European Commissioner for Home Affairs Cecilia Malmström and EU High Representative Catherine Ashton to come up with an EU-wide cyber security strategy which is expected to be made public Feb. 2.
The EU Cybersecurity strategy is expected to be accompanied by a proposal for a directive on network and information security across the EU region. The European Network and Information Security Agency (ENISA), is expected to play a central role in that initiative.
The increase in the number and type of cyber attacks has prompted the creation of the European Cybercrime Centre, at the European Police Office, Europol, in the Hague, which officially opened for business in January. The center’s focus is on illegal online activities carried out by organized crime groups — especially attacks targeting online financial activities, online child sexual exploitation and crimes that affect the critical infrastructure and information systems in the European Union.
The forum’s approach seeks to leverage these existing efforts and help fill in the gaps. For example, workshop participants discussed whether a fund comprised of public and private monies should be set up to help governments in developing markets to come to grips with cyber security.
“We are not going to be the thing that fixes everything,” says Alan Marcus, senior director of information and communication technologies at the World Economic Forum. “We want to be the network of networks so that people can learn from each other much faster.”