Despite recent efforts to bolster cyber security at a national level within Australia, it lags behind smaller countries at a time when most security professionals believe there's a cyber arms race going on.
According to McAfee, which sponsored a study by Belgian-based think tank, Security & Defence Agenda, 57 per cent of security experts believe a cyber arms race is taking place today.
The study canvassed the views of “80 world-leading policy-makers and cyber-security experts in government, business and academia in 27 countries and anonymously surveyed 250 world leaders in 35 countries”, according to McAfee.
Respondents included staff from security and enforcement agencies such as Interpol, the UN and NATO, as well as academics and service providers.
Israel, Sweden and Finland were ranked as the world's leaders with near perfect digital fortresses, according to the study, which will form a talking point at the think tank's cyber-governance conference Monday, looking at regulating the internet, for example, through potential sanctions against ‘wrongdoers’.
Australia was given middle of the road "3.5" (out of 5 star) rating, based on a methodology developed by Robert Lentz, a former chief information security officer for the US Department of Defence, that takes "cyber-maturity" to mean "predictive cyber-readiness and agility in one’s own area and with partners", covering "supply chain risk management, and comprehensive education and training, starting with the ordinary user to the core group of cyber-defenders."
On par with Australia were Austria, Canada and Japan, while Denmark, Estonia, France, Germany, the Netherlands, Spain, the UK and US were ahead with four stars,
The study ranked 23 counties, including China and Russia (ranked behind Australia), which were named by several participants as the source of most attacks that were causing world leaders to rethink cyber security strategies.
One of the Australian respondents, Ed Dawson, a senior advisor at Queensland University of Technology's Information Security Institute, suggested Australia's private sector tended to shrug off cyber security.
"With electricity for instance we'll have the distributor saying that cyber security is the responsibility of the power generators. It's like they're waiting for an accident to happen."
Australia's voluntary ISP anti-botnet code came under fire from another respondent, Tim Scully, head of cyber security at BAE Systems and chief of its security company, stratsec.
"The problem with voluntary codes is their uneven application," he said, but commended the Australian government for attempting to tackle it.
He added that “Governments tend to move slowly, but with cyber-security we need to move fast. Cyber-security is a social problem, not just a military problem. We talk in terms of national security, but we should talk in the context of national interest.”
However, Australia's involvement in coordinated cyber defense activities such as Cyber Storm, under the "Five Eyes" alliance with other English speaking nations, including the UK, New Zealand, the US and Canada, was seen as a plus, according to Rafal Rohozinski, chief of Canadian security outfit, The SecDev Group.