It is hard to dispute that cyber security — and maintaining the information systems that sustain our vital services and global economy — is a serious priority of governments around the world. But the technologies that can protect or damage the cyber domain are overwhelmingly in private hands, instead of with governments.
In fact, the sheer size of the task and the costs involved mean that the private sector is the only viable frontline for national cyber security.
On the face of it, Western governments appear to be extremely capable cyber security actors. These states all have national cyber security strategies which include increasingly active computer emergency response teams (CERTs) for responding to incidents.
However, appearances can be deceiving. These state-led efforts are dedicated to dealing only with attacks on core state functions – such as the military, intelligence or government systems. They seek to mitigate the effects of dedicated denial of service (DDOS) attacks on state functions – such as those which afflicted Estonia in 2007.
Yet when it comes to the wider functions of the internet – a domain that is owned and operated by the private sector – governments have little real clout.
The reason is a matter of sheer scale. For instance, the Department of Defense – whose Cyber Command is arguably the most well-funded state cyber agency in the world – will spend up to $3.1 billion on cyber security in 2012. This is a drop in the ocean of global cyber security. By 2018, it is anticipated that global cyber security needs will require $80 billion a year.
As government budgets can only hope to help secure their own networks, wider cyber security threats are completely beyond their reach. For instance, one of the principal tools of cyber attacks – botnets – are propagated by unsecured personal computers. In 2010 alone, 84 million new internet capable PC’s were sold into the market. Assuming each will need anti-virus software worth $50 to avoid it becoming part of a botnet network, this yearly influx alone requires $4.1 billion of private money.
So the tools of cyber security are not only overwhelmingly in private hands – but impose costs governments cannot dream of fulfilling.
Luckily, the private sector is well placed to fill this demand. As Microsoft Chief Research and Strategy Officer Craig Mundie has explained — the basic lessons of business continuity have already furnished industry actors with today’s cyber security tools. In the future, we can expect the private sector to continue to develop solutions to new threats.
After all, whilst threatening national security, cyber attacks simultaneously threaten market activity and the reputation of ICT providers. This is a built-in incentive to innovate. So the private sector is not only our frontline in the cyber security fight — it will also turn a profit.
It could even, in difficult financial times, generate a substantial number of jobs.
Photo Credit: miguelphotobooth