National authorities specializing in the protection of cyberspace claim more budget to face Internet threats
Cybercrime complaints in Spain increased by 22.3% in the first quarter of 2017 compared to the same period last year and attacks on state strategic infrastructures have multiplied by seven in two years, according to data from the National Institute of Cybersecurity (Incibe). 25% of all users have suffered some form of cyberattack, slightly higher than the European average (21%), Eurostat says. Despite the alarming data, some national authorities on the issue have warned Thursday during a conference on Internet security held in Madrid that Spain does not have the appropriate budget to deal with such threats. Three out of four companies have been attacked in the last five years, according to the Incibe.
Enrique Cubeiro, chief of operations of the Joint Cyber Defense Command, has lamented during the meeting that the country invests in physical security, but not in cyberspace. “They invest more in fences than in cybersecurity, where do they think the next attack, the fence or a firewall will come?” There is no response to that threat, either with the agility or with the forcefulness that is needed. Waiting for something more serious, “he lamented recalling the attack on Estonia in 2007, when a group of Russian hackers paralyzed the basic services of the country.
With 116,000 incidents registered by the Incibe in 2016, Spain is the third country to suffer more cyber attacks, behind the United States and the United Kingdom. The British government allocates approximately 2.3 billion euros for Internet security programs, according to the data for 2016, and the current US budget to combat that threat is 1.5 billion dollars. The draft General Budget for the State of 2017 indicates that the Government intends to dedicate 24.3 million euros to the Incibe and 161 million euros to the National Intelligence Center (CNI) to reinforce cybersecurity, as stated last Tuesday in Plenary Of the Congress the vice president of the Government and minister of the Presidency, Soraya Sáenz de Santamaría.
The Secretary of Security of the Ministry of the Interior, José Antonio Nieto Ballesteros, who also participated in the conference, said that he does not know an exact figure of how much the country invests in cybersecurity, because it is “an issue that is dispersed in several games” And has emphasized the quality of the work done by the Incibe and the National Cryptological Center (CCN), under the CNI. “Even if we do not have a billion-dollar budget, like the UK, we will continue to do our best,” he said.
The management of WannaCry
Despite the criticism of the lack of resources, experts have highlighted the actions of the competent institutions in Spain in the face of the global attack caused by the virus caused by WannaCry on 12 May, a ransomware (hacking) that affected 180 Countries. Nieto Ballesteros said that the reaction was “quick and agile”, which prevented “the same happened in the United Kingdom”, where cyberattack paralyzed 16 hospitals.
Luis Jiménez Muñoz, deputy director of the CCN, has warned, however, that part of the success was due to WannaCry was “easy” malware. “We were able to make a pseudovacuna against that virus in a few hours to limit the impact, but if it was [a malicious software] more complex, Spain would have suffered more. We have survived, but we have to invest more resources on that issue,” he said.
For Cubeiro, who believes that cyber-defense is “essential for the survival of the nation,” WannaCry served to visualize the problem of Internet threats. “A lot of people in top management still see the issue as a Chinese tale, but cybersecurity is one of the most critical capabilities for a state today,” he said. The military chief has called on the authorities to stop seeing experts on that issue as “the freaky types of the fourth basement” and has argued that this area requires economic resources and more qualified personnel.