Cyber crime is big business. In 2013, the global profits from cyber crime rose to $3 trillion, surpassing even the international drugs trade in marijuana, cocaine and heroin combined. The increase in the frequency, magnitude, and sophistication of cyber-attacks has become a significant security threat, prompting the NATO allies to recently agree to an upgrade of their combined strategy.
Yet how much can governments do, given that most of the infrastructure of cyberspace – from software, to hardware, to cloud services – is operated and supplied by the private sector? At the 2014 NATO Summit in Wales, allied governments adopted a NATO Industry Cyber Partnership (NICP) in order to enhance cooperation between the public and private sectors.
Twelve months on, what progress has been made on turning this commitment to public-private cooperation in cyber defence into reality? How can information-sharing between public and private sector partners be improved? Should NATO and the EU work towards a common framework for cooperation with the private sector in cyberdefence?
Want to learn more about some of the high-profile cyber attacks that have taken place recently? Check out our infographic below (click for a bigger image).
We had a comment sent in from Catherine, arguing that the Edward Snowden revelations about the extent of NSA spying and the collusion of European intelligence agencies have seriously damaged trust in private-public cooperation in cyberspace. What impact did the Snowden leaks have on the cyber security debate in Europe? Particularly in terms of cooperation between the US and Europe, and in terms of public trust about what governments are doing in cyberspace to protect us?
To get a response, we spoke to Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges. What would he say to Catherine?
[…] The real impact is that there is now a massive demand for more encryption by individual consumers with the new generation of computing and 4G mobile phones. And companies like Google, Apple, and others feel the pressure to introduce that encryption. And, as we heard from the head of MI5 in my country, Andrew Parker, this week in a speech he gave in London, this is making the lives of intelligence services difficult if they can no longer monitor terrorist suspects because the communications are so well encrypted that code breakers cannot deal with it.
So, the big debate now is to what degree should the private sector, while recognising the need for privacy, nonetheless cooperates with governments where there is really a need to have access, because we are dealing with people, as Andrew Parker said, who really are seeking to harm us.
How else can governments and private companies cooperate on dealing with threats in cyberspace? Twelve months after the NATO Wales Summit, what progress has been made on turning the commitment to public-private cooperation in cyber defence into a reality? We asked Jamie Shea for his opinion:
It’s always a work in progress, as you know, particularly when you are dealing with people who perhaps didn’t have the same degree of interaction or cooperation 30 years ago when we were dealing with tanks, or aircraft, or missiles, rather than electrons. But we are moving towards the creation of the NICP (NATO-Industry Cyber Partnership), whereby we’re engaging industry in a much more intensified discussion on threats, intelligence, system configuration, how to build more resilient systems, how industry can put security into the product at the beginning – rather than as an afterthought when the product has been launched on the market, and involving industry in our training and exercises…
Should private companies work with governments to fight threats online? Should encrypted communications be banned online? Let us know your thoughts and comments in the form below, and we’ll take them to policymakers and experts for their reactions!