back to article America tops ITU's Global Cyber Security Index, UK in tie for second with Saudi Arabia

The United Nations International Telecommunication Union (ITU) published its 2020 Global Cyber Security Index on Tuesday, and listed the US first in overall ranking, followed by a tie for second place tie between the UK and Saudi Arabia. The index ranks nations using 82 questions developed by a panel of experts. ITU members …

  1. Aquineas

    Yeah, just in case Americans didn't already have a "come hack me bro" bullseye on their collective shirts, there's this.

  2. Sabot

    Putting Israel in the Europe region makes this report and the ITU a bit questionable.

    To avoid having a Middle East or West Asia section, where Israel belongs to, they created an Arab States region. Well, Tunisia is not an Arab state, and neither is Morocco.

    1. Pascal Monett Silver badge

      I wondered about that myself

      Is there some sort of anathema around the words Middle East ?

      Is it because the news has been referring to conflicts in the Middle East for the past fourty years (if not more) ?

      Like it or not, it's the Middle East. Isreal is not part of Europe. It's not even guaranteed that the movements of tectonic plates will ever make that happen.

      1. Xalran


        Tectonically Israel is in Africa... as is a good part of Italy.

        Most of Turkey and a good chunk of what is called Middle East is on the Arabian Plate

        Tectonic, when you look at boundaries can be a mess of broken chunks of some plate or another that moved away from their main plate ( another example : Corsica and Sardigna are pure European, but they did drift away because of that Italian chunk of Africa. )

        1. CommanderGalaxian

          Re: Tectonically

          A good part of Sicilly - not Italy - is on the African plate. And Turkey is mostly part of the Eurasian plate - not the Arabian plate.

          1. MiguelC Silver badge

            Re: Tectonically

            In reality, most of Turkey is on the Anatolian Plate (the name might be a giveaway, it's also known as the Turkish Plate)

  3. Pete 2 Silver badge

    All about policies

    The questions that this survey is based on asks questions about whether countries have plans and organisations in place.

    For example, the first question about Technical measures is "Is there a National/Government CIRT/CSIRT/CERT?" and follow-ups are in the form of "Are the above mentioned CIRTs (CSIRT or CERT) affiliated with FIRST?"

    There is no requirement for any of these processes or bodies to actually be effective. Just that there is a office door with a title on it.

    As thereport is nothing more that an administrative exercise full of YES/NO questions. It does not address any realistic issues about the actual security of internet users or the number of hacks that succeeded or tried.

    You get the impression that if these people were surveying national health services, they would be asking questions like "Do you have hospitals?" rather than inquiring about the diseases that affect people or the ages that they die.

    1. Anonymous Coward
      Anonymous Coward

      Re: All about policies

      I also get the impression that they've looked at how the US handles the issues and this is to check how like America's strategy the rest of the world is.

      The proof of the pudding is usually in the eating so there should also be stats about the number of successful attacks/intrusions but I doubt most governments would be truthful about those....

    2. HildyJ Silver badge

      Re: All about policies - just like ISO 9001

      They have a checklist. You check the boxes. Bingo, you're compliant.

      I wonder if they outsourced it to Gartner?

  4. amanfromMars 1 Silver badge

    El Dorado.... King Solomon Mines Minings Sourcing Leads in COSMIC Travel/Magical AIMystery Tours

    IT's a Novel and Noble Wild West out there, with Injuns and Cowboys Morphed into Code Junkies and SMARTR Cookies Presenting Future Tested ProVision for Current Supply of Live Realisations for Universal Hosting.

    Please note that is not a question requiring an answer or futile denial.

  5. Captain Hogwash

    "Estonia, for example, ranked third"

    Fourth surely?

    1. Pascal Monett Silver badge

      They decided to give countries with the same score the same rank, so no, Estonia ranks 3rd because both the UK and Saudi Arabia rank 2nd.

      Then you have Korea, Singapore and Spain that all rank 4th.

      Once you understand the process, it becomes logical.

      How would you rank the difference between the UK and Saudi Arabia given that they have the same score of 99.54 ?

      1. Graham Cobb Silver badge

        Uhhh... you count the number of countries that have a higher score and add one. That is what the words "Estonia is 4th" mean: they mean there are 3 countries with a higher score. Whether some of those three have the same score or not is irrelevant - how could the ranking of Estonia change if the ITU discovered they had got the Saudi score wrong and added 0.01 to it?

        Is this misunderstanding of ranking the reason the median appears to have increased?

      2. Captain Hogwash

        Re: "How would you rank the difference between the UK and Saudi Arabia given that they have the same score of 99.54 ?"

        In the same way as it is customary to rank two sprinters, horses or match anglers who came in at exactly the same time or weight behind the winner. That is why Estonia is fourth.

        1. Pascal Monett Silver badge

          You're not answering the question.

          Is Saudi Arabia ahead of the UK or not and why ?

          1. amanfromMars 1 Silver badge

            The Virus of Jealous Envy .... A Worm Granting Open Source Access to the Base Root of the Condition

            You're not answering the question.

            Is Saudi Arabia ahead of the UK or not and why ? ..... Pascal Monett

            If the answer is on a par with the UK raises the question as to whether it is perceived as vital virile competition in feats to excel in, or troubled and troubling opposition to be vilified and belittled too constantly with a wilful persecution, which is a dastardly deed indeed, worthy of successful prosecution and extinction by Almighty IntelAIgent Virtual Defence Forces and Sources.

            In such very novel and only just now really unfolding and expanding fields of cybersecurity, to imagine that anyone is leading the field rather than realise all are just following SMARTR tales imparted/imported and exported via ITs Fields, has everyone at similarly advanced levels of greater understanding and facility.

            You'd have real trouble at believing what is created for y'all to Play Greater IntelAIgent Games in from those Rare Raw Spaces ..... Surreal Sp00Key Places.:-) ..... hence the need for Programs and Projects to present them daily for your very own eyes and ears/brains and intelligence to realise/see and hear. The Secret then when on that trail of a tale is to travel back along it to find the source beginning which has resulted in the destination you have arrived at with a whole host of other plans vying for presentations tomorrow.

          2. Captain Hogwash

            I have. There is no difference. They are ranked equally.

  6. Binraider Bronze badge

    Given the enormous farce that was the Aramco hack; and comes out a high-scoring country; really, this index serves no purpose. It is little more than an acknowledgement that some areas are more dreadful than others.

    I would hazard a guess the results reflect those that have been on the receiving end of cyber attacks; and a therefore minimal number of outfits have reactively responded to them at a low level.

    In industry I still see every major consumer OS launched from 1990 onwards in widespread circulation. Default passwords being used on industrial computers, routers and managed switches; and god knows what else.

    The malpractise won't end until something is hit people really give a hoot about. Clever "theoretical" attacks like the side channel stuff causing so much consternation are great for academics, but until basic hygiene is dealt with it's rather redundant when there are much easier things to hit.

  7. _andrew
    Thumb Down

    Sloppy report, worth the paper it's printed on.

    Looked up the local country (AUS): the scatter-plot of the results is clearly buggy, so what else is wrong? We were pipped on "Technical Measures" by Mauritius, Khazakstan and Azerbaijan, so that's making a lot of sense, especially since we have essentially the same sorts of CERT bodies and reporting schemes as all of the other early-internet players. Scroll down a bit further and by the time you get to Serbia they've stopped bothering to score their dimensions out of 20, and are just making the numbers up. Reading a bit more deeply, it seems that the person in Australia who answered their questionnaire was someone at ASPI, a defense-industry funded think-tank who were among the loudest voices shouting down Huawai's role in 5G, not an actual government body or representative of any sort.

    In short: don't bother. And treat anyone who makes reference to it in any forum with deep suspicion.

    On the other hand, perhaps they're paying attention to our nationally-legislated ability to overrule mathematics and decrypt messages by official fiat.

  8. albaleo

    A good read

    Indices ranking national cybersecurity are like buses: none for ages, then two at once

    As long as there's some interesting stuff to read at the bus stop while waiting, it shouldn't be a problem.

  9. Anonymous Coward
    Anonymous Coward

    Funny isn't it that the piece in El Reg...and maybe the report itself......doesn't mention.........

    ........snooping on citizens! You know....the STASI in Cheltenham and Ford Meade, MD.


    Fantastic "cyber capabilities" to read everyone's email and snoop on phone metadata!!


    Fantastic backdoors embedded in Cisco Systems kit!!


    Fantastic software from our "friends" at NSO, Israel.....dedicated to hacking so called "end-to-end encryption" on any iPhone on the planet!!


    Yes......the PRIMARY enemy is REALLY private citizens who are living honest, law-abiding lives....................


    ..........and maybe the spooks -- once in a while -- get to worry about Russia, China, Iran.....and other "second tier" problems!!


    Democracy and privacy and security......all undermined using our taxpayer dollars....and taxpayers are the ones attacked by their own governments. Go figure!!

  10. Xalran

    ITU... as in Internationnal Union of Telecommunications

    Basically the Telecom kit vendor and Telecom operator union... so that long ago all the country operators had protocols to talk to each other.

    They went for a broader range, but that's still at the heart a standardization body, not an expert group on cybersecurity.

    ( even if they did branch out in that domain along with a few other )

  11. Scott 1

    So the U.S. ranked number 1

    Yet we have issues with hackers creating chaos far too frequently.

    1. DS999 Silver badge

      Re: So the U.S. ranked number 1

      Hacking is asymmetric warfare. The defenders have to get it right 100% of the time, the attackers have to get it right only once.

      There's also more incentive to attack richer countries, so while they are the "most secure" they are also more desirable and thus are targeted more often.

  12. Clausewitz 4.0

    Bias, anyone?

    QUOTE: "earlier this week British think tank The International Institute for Strategic Studies published its own assessment"

    I think I will create a Somalian Think tank to declare Somalia is the sole galaxy cyber superpower, and wait for the Aliens to contest that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021