The UK, US, China and others: 5 national cyber security agencies investing in online defence – Computer Business Review
List: How nation states are investing in their cyber defence capabilities.
With cyber security rising up the corporate agenda as high-profile attacks on big companies escalate, it is clear governments are now seeing the importance of taking an active interest in the subject.
As an increasing amount of sparring between nation states is expected to take place online, cyber security investment could be increasingly important in the geo-politics of the future.
Economically, the strength of a country’s policies on cyber security could also become an increasingly key factor in the decision of where to base a business.
CBR examines the national cyber security organisations of major countries around the globe.
China launched its first cyber security organisation in March, called the CyberSecurity Association of China, in Beijing.
It comprises academic institutes, internet companies and individuals, according to the report in the Global Times.
Major Chinese companies involved in the initiative include Tencent and Qihu 360.
The main focus of the organisation is to promote self-discipline in the industry.
The launch follows the establishment of a special fund for cyber security in February, worth roughly $46 million.
The Office of Cyber Security & Information Assurance (OCSIA) leads the UK government’s National Cyber Security programme.
It works with cabinet ministers such as Sir Francis Maude, the national security council, Home Office, Ministry of Defence and GCHQ to provide strategic direction and coordinate the Government’s cyber security programme.
Initiatives include supporting education and training around cyber security, such as Get Safe online and the Cyber Security Challenge. It also engages with private sector companies and international partners to exchange information and promote best practice.
The government has allocated £860 million until 2016 to establish a National Cyber Security Programme. OCSIA distributes this fund to government departments, agencies and some other non-governmental organisations.
The Office of Cybersecurity and Communications (CS&C) is part of the department of Homeland Security, within the National Protection and Programs Directorate.
It is led by the Assistant Secretary for Cybersecurity and Communications in 2006, which was created as an office in 2006 under the Bush administration. Currently the office is held by Dr. Andy Ozment.
The agency has responsibility for enhancing the “security, resilience, and reliability of the Nation’s cyber and communications infrastructure.”
It aims to prevent or minimise disruptions to critical information infrastructure, protecting the .gov domain of civilian government networks.
Within the agency, the National Cybersecurity and Communications Integration Center serves as a 24/7 cyber monitoring, incident response and management centre.
CS&C also comprises the Office of Emergency Communications, Stakeholder Engagement and Cyber Infrastructure Resilience, Federal Network Resilience and Network Security Deployment.
4. New Zealand
The New Zealand National Cyber Security Centre aims to protect government agencies and critical infrastructure providers. It is part of the NZ Cyber Security Strategy, released in December 2015.
This involves partnering with industry, non-government entities and academia to improve New Zealand’s infrastructure.
Its roles include protecting government systems and information, planning for and responding to cyber incidents, and working with providers of critical national infrastructure to improve the protection and computer security of such infrastructure against cyber-borne threats.
The agency regularly publishes reports and news about current cyber threats.
The agency has discovered malware packages targeting significant organisations in the country and detecting large-scale targeting of organisations as part of a global campaign.
The Cyber Security Agency of Singapore (CSA) oversees security strategy, education, outreach and industry development, reporting directly to the Prime Minister’s Office.
Part of its role is nurturing ties with local and global industry, which has included recently signing memoranda of understanding with Singtel, Check Point Software Technologies and FireEye to work together on key areas of interest.
It has also partnered with other national governments, including the UK. The partnership with the UK will see the two countries collaborating on research and skills development.
In March, the agency mounted a multi-sector exercise called Exercise Cyber Star. This comprised a series of scenario planning sessions, workshops and table-top discussions about managing cyber incidents. 100 participants took part in the final exercise, from industries such as finance, government and energy.
The scenario covered incidents such as web defacement, wide-spread data exfiltration malware infections, large-scale DDoS attacks and cyber-physical attack.