Cyberconfidence

Cyberconfidence is a concept in the information security field that describes the ability of an organisation or individual to operate safely and effectively in today's online environment, or cyberspace. It allows an organisation to assess its status and performance as regards cybersecurity policies, processes and systems, as well as its associated levels of stakeholder trust and enterprise agility.
Confidence in cybersecurity
Confidence of individuals and organisations is increasingly being focused on as a vital aspect of cybersecurity. This reflects the growing economic importance of strengthening cybersecurity protection and preserving consumer trust in the internet.
High profile cybersecurity-related news stories, such as the WikiLeaks controversies of 2010-11, cyber attacks on the International Monetary Fund, and the 2011 Sony PlayStation Network outage after theft of customer data by hackers, have brought online confidence to the forefront of public attention.
Confidence and cybersecurity in the UK
Confidence online is an increasingly high profile issue in the UK. The UK Government’s 2009 ‘Digital Britain’ report commented: ‘At the individual level consumers must be able to communicate, trade and work online with confidence and assurance that their personal data is secure from misuse or fraud.’ It called for: ‘New models of identity management, security and privacy and new ways to design security and resilience into systems from the start, to help reinforce consumer confidence and trust in their privacy and security and hence their readiness to engage willingly with the new business models, applications and services. The report identified that: ‘Ensuring that the UK has a world class approach to digital security will bring significant benefits: Businesses using UK networks will gain a competitive edge in the global marketplace. UK citizens and business will prosper as the volume of business transacted securely online continues to increase. UK citizens will have greater confidence in public service transactions; thus yielding efficiencies and cost saving. And the businesses that have delivered secure functionality will have opportunities to sell their services globally on the back of UK success.’ The report's findings were used in the development of the subsequent Digital Economy Act 2010.
In October 2010, as part of its Strategic Defence and Security Review, the UK Government announced that it plans to spend £650m over four years on its new National Cyber Security Programme (NCSP), which aims to enhance security against cyber threats and improve confidence across government and the private sector. According to UK Prime Minister David Cameron: 'We need to fix the shortfalls in the critical cyber infrastructure on which the whole country relies.'
In May 2011, Prime Minister Cameron issued a 'US-UK Cyber Communique' affirming his close bilateral co-operation with US President Barack Obama on cybersecurity issues, and the importance of online confidence: ‘Cyberspace provides one of the essential foundations for opportunities and growth within any modern prosperous global economy: without it many of the economic advantages and technological benefits we have today would not be possible. President Obama and I agree on a shared vision for cyberspace which places at its heart fundamental freedoms, privacy and the free flow of information in a secure and reliable manner.'
In June 2011, Francis Maude, the UK Government's newly appointed Minister for Cybersecurity, urged business leaders to help protect the economic well being of the UK by investing in measures to improve confidence in cyberspace, including identity assurance. ‘Technology on its own is not enough; it needs to be underpinned by genuine confidence in its use. Confidence that it will work, confidence that it is resilient and confidence that it is secure. Furthermore this confidence has to be shared equally by the providers of these services - the Government - and the consumers of these services - industry and the general public.’
Confidence and cybersecurity in the US
A series of legislative bills have recently been introduced in the United States which proponents claim would improve confidence in cyberspace. The seeks to increase collaboration between the public and the private sector on cybersecurity issues, especially those private entities that own infrastructures that are critical to national security interests. The International Cybercrime Reporting and Cooperation Act seeks to make sure that the administration keeps Congress informed on information infrastructure, cybercrime, and end-user protection worldwide. The , dubbed the 'Kill switch bill' by the media, would grant the President emergency powers over the internet.
In June 2011, the US Department of Commerce released its report . According to the report, global online transactions are currently estimated by industry analysts at $10 trillion annually. As internet business grows, so has the threat of cybersecurity attacks. The number of internet malware threats is estimated to have doubled between January 2009 and December 2010. In 2010, an estimated 55,000 new viruses, worms, spyware and other threats were developed. The report states that: ‘Preserving innovation as well as private sector and consumer confidence in the security of the internet economy is important for promoting economic prosperity and social well-being.’ It proposes voluntary codes of conduct to strengthen the cybersecurity of organisations that increasingly rely on the internet to do business. US Commerce Secretary Gary Locke commented: 'Our economy depends on the ability of companies to provide trusted, secure services online. As new cybersecurity threats evolve, it's critical that we develop policies that better protect businesses and their customers to ensure the internet remains an engine for economic growth.'
Confidence and cybersecurity in Australia
Information has truly become ‘the currency of business’. The ability of organisations to access information across international and organisational borders is crucial in this new world. At the same time, protecting corporate information is critical as use of mobile devices becomes the norm, cyber threats increase exponentially, the use of the Internet booms and new business models become routine. In 2011 we have seen a dramatic increase in the number of articles in the Australian and global mainstream press warning of the risks of cybercrime, along with reports detailing cyber attacks on several household names such as Sony and Citibank. Several initiatives from government bodies such as the Australian Government's Office of the Attorney General have been published, and references to these are included below. These initiatives are intended to increase awareness of cybercrime and improve the ability of Australian business and individuals alike to protect themselves from these threats.
Such initiatives include the National Cyber Security Awareness Week and Cybersafety Summit, Stronger laws to tackle cybercrime, New measures to protect identity security, Key Allies focus on cyber crime at Sydney 'Quintet' and warnings from the department on Businesses and hacking risk. These are described in more detail below:

National Cyber Security Awareness Week and Cybersafety Summit - Helping protect Australians online - 30 May 2011
Minister for Broadband, Communications and the Digital Economy Senator Stephen Conroy and Attorney-General Robert McClelland today launched National Cyber Security Awareness Week 2011. As part of the Awareness Week, Senator Conroy today announced the development of a cybersafety guide to help protect children online, including while using social networking sites.
Stronger laws to tackle cybercrime - 22 June 2011
The Gillard Government will today introduce legislation to strengthen cyber security laws and enhance Australia’s ability to combat international cybercrime. Attorney-General Robert McClelland said the Government’s Cybercrime Legislation Amendment Bill 2011 sets the legislative framework to enable Australia’s accession to the Council of Europe Convention on Cybercrime - the only binding international treaty on cybercrime.
New research shows identity theft affects one in six people - 3 July 2011
Attorney-General Robert McClelland today released new research which shows nearly one in six Australians have been a victim or known somebody who has been a victim of identity theft or misuse in the past six months. Mr McClelland said the survey of 1,200 people - which will be used to help develop a new [http://www.ag.gov.au/Identitysecurity#q1 National Identity Security Strategy] - also revealed nine in ten people are concerned or very concerned about identity theft and misuse
New measures to protect identity security - 9 July 2011
Attorney-General Robert McClelland today announced new national measures to protect Australians against identity fraud will soon be in place with Victoria and Western Australia signing on to the Document Verification Service (DVS). Mr McClelland said the DVS - a key initiative of the Council of Australian Governments’ National Identity Security Strategy - allows authorised government agencies to cross-check identity documents to prevent identity theft or fraud.
Commonwealth discusses greater cooperation on cyber crime - 13 July 2011
Attorney General Robert McClelland and Minister for Home Affairs Brendan O’Connor today discussed Australia’s experience in combating cyber crime with First Law Officers from more than 40 countries at the Commonwealth Law Ministers Meeting (CLMM) being held in Sydney.
Key Allies focus on cyber crime at Sydney 'Quintet' - 15 July 2011
Attorneys-General from the United States, United Kingdom, Canada, New Zealand and Australia today met in Sydney to develop a joint action plan to combat the growing threat of cyber crime.

Businesses alerted to hacking risk - 27 July 2011
Attorney-General Robert McClelland and Minister for Justice Brendan O’Connor today said the arrest of a man over hacking charges should serve as a reminder to Australian business to protect themselves from cyber crime. The Australian Federal Police yesterday in connection with attempts to hack into the security systems of a number of Australian IT company networks. The AFP will today allege in court that the man infiltrated the companies’ security systems causing significant financial and reputational damage.

Confidence and cybersecurity worldwide
The improvement of online confidence was a key issue at the first E-G8 Forum in May 2011, a global summit of leaders in government and industry focusing on the internet in the context of global public policy. It was convened by French President Nicholas Sarkozy in Paris prior to the 37th G8 summit.
In June 2011, the Australian government launched a public consultation which will culminate in its . The paper ‘will outline the roles and responsibilities of government in ensuring Australia can connect with confidence’ and affirms government commitment to ‘helping all Australians to go online with confidence and to take advantage of the benefits of the digital economy’.
Measuring and improving cyberconfidence
Organisations are increasingly seeking ways to boost their security, effectiveness and confidence in cyberspace. The concept of cyberconfidence is a convenient way of encompassing these issues. Cyberconfidence can be characterised as a quantifiable positive attitude possessed by an organisation with strong end-to-end cybersecurity policies, processes and systems. For both private companies and public sector organisations, this is closely associated with building stakeholder trust and improving enterprise agility. The term is also used by security industry experts as a useful metric in improving cybersecurity. Assessment techniques have been developed to give organisations a simple initial evaluation of their cyberconfidence, by considering the three key areas of information security, stakeholder trust and enterprise agility:
Security: Do the technical and process aspects of the organisation’s cybersecurity solutions meet and exceed industry standards? Efforts to improve agility and engagement should not compromise the strength of enterprise IT security. Assessment of cyberconfidence considers security factors such as:
:
Trust: Is the organisation able to engage simply and securely with customers, partners and suppliers, maintaining mutual trust? Improvements in security and business agility should also strengthen stakeholder trust in the organisation. A cyberconfidence assessment examines an organisation’s level of trust with:
:
Agility: Can the organisation react to any contingency with speed and agility, transforming risk into opportunity? Advances in security and risk management should not restrict the organisation’s ability to evolve and grow. A cyberconfidence assessment examines aspects of enterprise agility such as:
:
Once an organisation has assessed itself, it can take proactive steps to rebalance risk and improve cyberconfidence, including the following:
# Prioritise the critical assests that represent the organisation's greatest risk.
# Determine the vulnerabilities in those critical assets to detemine the level of risk.
# On a 24/7 basis, establish continuous monitoring of any change of risk to those critical assets.
 
< Prev   Next >