Should the UK follow the US in cyber security?

Should the UK and others be the sheep to America's shepherd when it comes to cyber security?

By Tom Brewster, 18 May 2011 at 08:30

ANALYSIS Often people in the security industry compare the UK and the US’ stance on cyber security and who can learn what from who.

This month, the US has made some strong statements in the cyber crime sphere.

Last week, the White House put forward a range of legislative proposals, outlining ideas designed to bolster the nation’s security.

The new rules would allow Government intervention in private companies who need help bolstering defences, as well as a data breach notification requirement for businesses.

This week, the US released its first International Strategy for Cyberspace, outlining its approach to the digital challenges the country and indeed the world faces.

What has emerged is that the US is taking a strong stance on cyber crime/warfare, bringing real-world concepts into the digital arena. President Obama, in the introduction to the strategy report, was clear about this.

“While offline challenges of crime and aggression have made their way to the digital world, we will confront them consistent with the principles we hold dear: free speech and association, privacy, and the free flow of information,” Obama said.

In the report itself, there were numerous indications that the US is taking cyber threats as seriously as real-world dangers.

“When warranted, the US will respond to hostile acts in cyberspace as we would to any other threat to our country,” the report read.

“We reserve the right to use all necessary means - diplomatic, informational, military, and economic - as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners, and our interests.“

Essentially, the US is saying “try to DDoS us and we'll launch

missiles at you,” according to Mikko Hypponen, chief research officer at F-Secure.

The strategy report outlined how cyber attacks on the US could lead to genuine, terrestrial warfare.

“We will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible,” the report read.

“We will seek to encourage good actors and dissuade and deter those who threaten peace and stability through actions in cyberspace.”

The right approach?

Is the US taking the right approach? Should other nations learn from America’s ideas and actions in the security space, particularly those outlined in the past seven days?

Earlier this week, Rob Cotton, chief executive of NCC Group, said the Government should look across the pond for inspiration. “We should be looking at the US and following suit as they face the problem head on,” he said.

Hypponen praised the US for taking a strong stance. "We're never going to curb cyber crime if we don't do a better job in catching cybercriminals and putting them behind the bars," Hypponen said.

"I'm glad to see the US is making here a clear commitment to help international law enforcement in this regard."

The notion of following in the US' footsteps does not wash with everyone, however.

Chris Boyd, senior threat researcher at GFI Software, questioned the actual applicability of the way the US said it would retaliate to cyber attacks.