US Highlights Need For Global Cyber Security Strategy

A top US official has warned that a global response is needed to tackle the increasingly sophisticated cyber threat.

Speaking to reporters in Vienna, Austria where she is to address an international security conference, US Secretary of Homeland Security Janet Napolitano also warned that sovereign nations are struggling to cope with the rising amount of cyber threats.

“Most countries don’t even have a legal framework that really governs cyber. It is such a new phenomenon in that regard so the legal systems – both domestic and international – have not kept pace with the technological advances we have seen,” Homeland Security Secretary Napolitano was quoted as saying by Reuters.

Quicker Response

“And that is just the plain fact of it. We need to accelerate that in response,” she added.

Her warning comes amid a rising tide of cyber attacks against soveriegn nations and governments, as well as strategically important companies and organisations. This includes recent attacks that have hit the the International Monetary Fund, the Central Intelligence Agency (CIA) and companies such as  Citigroup and Lockheed Martin.

Napolitano also warned that many countries need to accelerate their security procedures as well as their ability to co-operate.

“I would have to say that we are still at the nascent stage. There is no comprehensive international framework,” for approaching the issue, she told reporters. She also added that the situation was no better in the European Union.

“We are all scrambling but we are scrambling with some of the best minds in the world and we are confident that from a technological point of view we are going to get to a satisfactory resolution of some of these difficult problems,” she is quoted as saying. “Right now there needs to be some sort of international legal framework to address those and that does not yet exist.”

Threat Levels

There is little doubt as to the seriousness of the threat out there at the moment. This week the UK Ministry of Defence created a new joint force command unit, that will integrate the MoD’s cyber warfare and military intelligence units.

Earlier this month defence secretary Dr Liam Fox warned that Britain is under constant attack from hackers, and that last year 1,000 potentially serious offensives were blocked. And in May the British government also acknowledged it had begun work on a “toolbox” of offensive cyber-weapons to complement its existing defensive capabilities.

This followed the comments from Armed Forces Minister Nick Harvey last November, when he said that the UK must have the ability to launch its own attack against those carrying out cyberwarfare against this country and its infrastructure.

The ongoing cyber warfare threat has also led to the European Union recently creating its own taskforce to counter the growing threat of cyber attacks.

Mass Spam Decline

Meanwhile a new security report from Cisco has revealed that cyber criminals have made a fundamental shift in strategy, abandoning traditional mass spam attacks in favour of personalised attacks which result in a greater financial impact on targeted organisations.

The Cisco report shows the trend toward increased targeted attacks featuring highly customised threats containing malware that are directed at a specific user or group of users for intellectual property theft.

This comes as its research found that financial returns from mass email-based attacks declined by more than 50 percent from $1.1 billion (£687m) in June 2010 to $500 million (£312m) in June 2011.

It also found that mass spam volumes plummeted from 300 billion daily spam messages to just 40 billion between June 2010 and June 2011.

“Personalised and targeted attacks that focus on gaining access to more lucrative corporate bank accounts and valuable intellectual property are on the rise,” said Nick Edwards, director of Cisco’s Security Technology Business Unit. “Law enforcement efforts are making mass spam attacks less appealing to cybercriminals, who are thus spending more time and effort focusing on different types of spearphishing and targeted attacks.”