Russians are confident in their cyber-defences, most other countries are less sure

In the face of a cyberwar arms race, being pessimistic may be the wisest approach.
Written by Steve Ranger, Global News Director

Most people think their country's vital infrastructure, elections and government secrets are going to be targeted by hackers; what varies is how ready they believe their nation is to deal with such an attack.

While the majority of the people surveyed said they thought it likely their nation's secrets would be stolen, that their public infrastructure would be damaged and their elections tampered with at some point by a cyberattack, across the 26 countries surveyed by the Pew Research Center, the public is evenly split between those who think their country is well-prepared to handle a major cyberattack, and those who do not.

But attitudes vary widely by country; of the 26 countries surveyed, the US was among the most likely to say cyberattacks will happen. More than eight out of ten in the US said public infrastructure will be damaged (83 percent), national security information will be accessed (82 percent), or elections will be tampered with (78 percent) via cyberattack.

Despite this, US respondents were more confident that the country was prepared to deal with such an attack than Europeans, who were generally pessimistic about whether their countries can deal with a large-scale cyber hack: only in France did more than half say it is well-prepared to deal with a cyber incident.

That people in the US are among the most worried about attacks on national security information, critical infrastructure or their election systems isn't actually that surprising. After all, the US has recent experience of attempts to compromise all these types of systems by hackers working for foreign powers.

What's perhaps more surprising is that people surveyed in Russia were much more optimistic, where 67 percent of respondents thought the country was well-prepared and only 19 percent thought it not well-prepared (another outlier was Israel, where 73 percent said the country was well-prepared and only 20 percent disagreed).

It might seem strange that Russia -- blamed by US intelligence for meddling in the US presidential election and more -- should seem so unconcerned about cyberattacks itself.

SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | download the PDF version

The threat, after all, is not entirely theoretical. Last year The Washington Post reported that, after the Russian hacking during the 2016 presidential elections, President Barack Obama authorised a covert operation to deploy "implants" in important Russian networks that could be triggered remotely in retaliation to any future cyber aggression by Moscow.

Pew noted that in many cases, views about a country's preparedness are shaped in part by partisanship and attitudes toward the party in power. In the US, over half (61 percent) of Republicans and Republican-leaning independents believe the US is well-prepared to deal with a major cyber incident. Fewer than half of Democrats and Democratic-leaning independents agree. In Russia, three-quarters of Russians who support President Vladimir Putin's United Russia party are optimistic that their country could handle an attack, compared with 61 percent among those who do not support the party.

In truth, asking the general public about the level of viable cyber-defensive capability deployed by governments and the various businesses that make up the national critical infrastructure was unlikely to give you an entirely accurate answer.

The most advanced economies are now almost entirely dependent on computer systems, not just to function effectively but simply to function at all.

Even reasonably trivial and accidental outages can cause chaos and unexpected problems. Rarely do we have back-up plans in place; we simply assume the systems will work.

Most governments are now very worried about what would happen in the event of a serious cyberattack. It's pretty much impossible to absolutely secure systems against attack; even when spending vast amounts to plug all the gaps, new holes have a habit of springing open.

And, of course, few governments and fewer businesses (which own most of that critical national infrastructure) have lots of spare money to spend on securing systems against an attack by super-spies that may never come. The people who think that their country would struggle to contain a cyberattack are almost certainly right; it's unlikely that any country could deal with a sustained attack without significant damage to its economy.

In that case, worrying more about cyberattacks might be a good idea. If the general public is at least concerned about the idea of a cyberattack, that may give their leadership a reason to pause before launching an attack on a foreign rival.

If the people in a country are aware of the fragility of their own infrastructure, they might take a less positive view of their own leaders authorising cyberattacks that can cause huge and unexpected consequences. Attacks like the NotPetya malware, which -- according to Western intelligence agencies -- was unleashed by Russia against Ukraine and then spread uncontrollably causing billions in damage.

In the face of an ongoing cyber-arms race, adopting that pessimistic view -- that nobody will win a cyberwar -- may be the wisest course of action for all nations


Governments and nation states are now officially training for cyberwarfare: An inside look

Europe, Canada, USA, Australia, and others are now running training exercises to prepare for the outbreak of cyberwar. Locked Shields is the largest simulation and TechRepublic takes you inside.

Devastating attacks to public infrastructure 'a matter of when' in the US

Cybercriminals are focusing on public infrastructure to disrupt services and cause mayhem as new targets are emerging and expanding throughout the world.

Understanding the military buildup of offensive cyber weapons

Over the past few years, offensive cyberweapons have risen in prominence as a part of international military efforts. The full impact of these weapons remains to be seen, however.

3 ways to kick-start your organization's cybersecurity training (TechRepublic)

Only 45% of organizations offer mandatory cybersecurity training, according to a Mimecast report. Here's how to boost your employees' security education.

Cybercrime Inc: How hacking gangs are modeling themselves on big business

Over the past few years, offensive cyberweapons have risen in prominence as a part of international military efforts. The full impact of these weapons remains to be seen, however.

Why ransomware is exploding, and how your company can protect itself

Ransomware attacks on businesses grew exponentially in the past year. Here's what you need to know and how you can prepare.

Inside the boot camp reforming teenage hackers (CNET)

A UK program offers young cybercriminals an alternative to detention and hopes to turn them into legit tech professionals.

Editorial standards