Governance & Risk Management , Risk Assessments
Which Nation is Most Feared in Cyberspace?Study Shows Concerns, Preparedness of Global IT, Security Executives
According to a survey of 600 IT and security executives from 14 countries and seven industrial sectors, the nation most feared is the U.S.
When asked which country "you worry is of greatest concern in the context of network attacks against your country/sector," 36 percent of the respondents answered the United States, 33 percent China and 12 percent Russia, the survey conducted by the public policy institute Center for Strategic and International Studies for IT security provider McAfee reveals.
Even from the longtime American ally Germany, 45 percent of respondents named the U.S. as their top concern compared with 34 percent chose China. And that's despite the Germany government's public rebuke of China for conducting computer network intelligence operations on key national assets.
The survey - entitled In the Crossfire: Critical Infrastructure in the Age of Cyberwar - was conducted in September, so the results don't reflect the recent publicity surrounding attacks on Google emanating from China. Still, those who conducted the survey say they weren't surprised by the finding. "That may reflect the amount of coverage that U.S. preparation for cyber warfare has received," Stewart Baker, a CSIS visiting fellow who oversaw the survey, said in a briefing on the study.
Respondents from Brazil, Mexico, Russia and Spain by margins of 2-to-1 expressed concerns about cyber attacks originating from the United States. "I'm not sure that's entirely a realistic view of the landscape but it is accurate reflection of the opinions provided to us in the report."
Former CIA director Michael Hayden, quoted in the report, agreed the result might be less shocking than it seems. "It might simply be a reflection of the raw capabilities and frankly the raw size of U.S. intelligence agencies."
Hayden said the American government has also engaged in a series of public, drawn out and largely unresolved policy debates about how to organize its network defense and attack capabilities. He said the continuing public dialogue may have created "an echo chamber" for concern about America's capabilities.
The study also revealed that 40 percent of respondents expected a major cybersecurity incident in the next year with 80 percent believing such an incident - defined as one causing a 24-hour or longer outage, loss of life and/or failure of a company - would occur within five years.
Among other key findings of the study:
- 89 percent were infected by viruses and/or other malware;
- 70 percent-plus reported wide range of other attacks, including phishing, pharming;
- 60 percent reported theft of services;
- 29 percent fell victim to multiple large scale denial of service attacks each month with nearly two-thirds saying it had an adverse impact on their operations; and
- 20 percent reported extortion via network attacks.