National cyber perimeters are defined by websites of institutional, private companies and fundamental services and supply chain operating in a country or for the citizens of a country. The countries in this analysis: Turkey🇹🇷, Italy🇮🇹, India🇮🇳, Brazil🇧🇷, Argentina🇦🇷 and Indonesia🇮🇩, a total of ~3k websites was analyed.
The tools used include open source tools, like NMAP, custom Python code and AWS cloud based infrastructure for performing the data analysis.
Methodology to define a security score for the cyber perimeter of a country based on Key Performance Indicators
A comparison of national cyber security perimeters of different countries based on 18 Key Performance Indicators, which weighted are used to calculate the security score of a country. Each KPI is given a specific weight, can also be 0 if it is not influent in the definition of the security score, after the results are calculated and aggregated.
The first 5 KPIs identified and defined to compare different cybersecurity perimeters are specified as answers to the following questions:
| KPI Number | Key Performance Indicator |
| 1 | Which percentage of websites in cyber perimeters has HTTPS? |
| 2 | What percentage of websites in cyber perimeters has a verified HTTPS certificate? |
| 3 | What percentage of websites in cyber perimeter has an Extended Validation (EV) HTTPS certificate? |
| 4 | What are the top HTTPS certificate signer companies for websites in cyber perimeters? |
| 5 | What are the countries of the HTTPS certificate signer companies for websites in cyber perimeters? |
Each of these KPIs is assigned a weight and will be used to calculate the security score of the cybersecurity perimeter of a country to then have a global analytical, data and quantitative based index. The number of KPIs is always increasing alongside the number of websites and countries monitored. The monitoring occurs periodically and it is being improved in subsequent iterations.
The current global cybersecurity index is not based on objective technical data analysis of different cyber perimeters but rather on surveys being sent out to institutions. This sites analysis data based approach gives a more detailed picture of the real technological state of national cyber perimeters around the world.
In order to carry out this analysis, no site has been harmed. Even though only doing passive analysis might limit the breadth of information retrieved, it is a non intrusive way to gather data and still provides a clear picture of the current state of cyber perimeters globally.
1. Which percent of websites in cyber perimeters have HTTPS?
HTTPS or Hypertext Transfer Protocol Secure makes sure that communication between a server and a client are secure and cannot be easily eavesdropped for example with a MITM or Man in the Middle attack. The analysis carried out identifies which sites in the cyber perimeter of a country support the HTTPS protocol and hence enhance the confidentiality of communications for its users.
The results are tabulated for HTTPS in the following table as well.
| Country | Percentage of cyber perimeter URLs using HTTPS |
| Brazil🇧🇷 | 79% |
| Turkey🇹🇷 | 88% |
| Indonesia🇮🇩 | 77% |
| Argentina🇦🇷 | 85% |
| India🇮🇳 | 84% |
| Italy🇮🇹 | 90% |
| Average | 83% |
2. What percentage of websites in cyber perimeter has a verified HTTPS certificate?
Having a HTTPS certificate is important to keep communication between a web browser and a website secure and maintain integrity and confidentiality of the message, but a not verified HTTPS certificate is less secure than a verified HTTPS certificate signed by a reputable entity, is valid and signed correctly, ie has the minimum required information in it and its not corrupted.
The following table highlights which percentage of the websites that have an HTTPS certificate found in the cyber perimeter of a country are verified.
| Country | Percentage of cyber perimeter URLs using a verified HTTPS certificate |
| Brazil🇧🇷 | 78% |
| Turkey🇹🇷 | 87% |
| Indonesia🇮🇩 | 76% |
| Argentina🇦🇷 | 80% |
| India🇮🇳 | 82% |
| Italy🇮🇹 | 88% |
| Average | 81% |
3. What percentage of websites in cyber perimeter has an Extended Validation (EV) HTTPS certificate?
Websites with HTTPS certificates are good, better if the certificate is verified but for public institutions and sites within the cyber perimeter of a country the best is having an Extended Validation or EV certificate, which has all the fields filled in so its for sure that the site says who they are. It would be better and safer if all certificates for web sites in the cyber perimeter would be issued by an Italian Certificate Authority.
An example of an EV certificate is the following, followed by a non EV certificate (missing some properties), both are valid HTTPS certificates:
| HTTPS EV certificate | HTTPS non-EV certificate |
 |  |
The following table shows the percentage of EV certificates in the cyber perimeters of the countries analysed.
| Country | Percentage of URLs with a HTTPS EV certificate |
| Brazil🇧🇷 | 24% |
| Turkey🇹🇷 | 66% |
| Indonesia🇮🇩 | 36% |
| Argentina🇦🇷 | 42% |
| India🇮🇳 | 40% |
| Italy🇮🇹 | 46% |
| Average | 42% |
4. What are the top HTTPS certificate signer companies for websites in cyber perimeter?
An HTTPS certificate is made of a public key with a corresponding private key, these certificate is issued by a trusted reputable third party organisation also named Certificate Authority. If the CA charges a fee for issuing the certificate it usually means that not only the domain ownership is checked, but also the organisation behind it.
The following table shows what are the 3 top CA’s in the cyber perimeter of the countries analysed.
| Country | Top 3 Certificate Authorities signing HTTPS certificates |
| Brazil🇧🇷 | Let’s Encrypt GlobalSign nv-sa Sectigo Limited |
| Turkey🇹🇷 | GlobalSign nv-sa Sectigo Limited DigiCert Inc |
| Indonesia🇮🇩 | DigiCert Inc Sectigo Limited Let’s Encrypt |
| Argentina🇦🇷 | Sectigo Limited Let’s Encrypt DigiCert Inc |
| India🇮🇳 | DigiCert Inc Let’s Encrypt Sectigo Limited |
| Italy🇮🇹 | Let’s Encrypt Actalis S.p.A. DigiCert Inc |
It’s important to note that Let’s Encrypt is a free SSL certificate issuer which provides less liability and knowledge of the true owners of the sites using it. Let’s Encrypt being a free HTTPS certificate issuer does not validate anything about the site owners or trustworthiness, except the domain. So for sites in the national perimeter of a country it would be better to use a paid SSL service.
5. What are the countries of the HTTPS certificate signer companies for websites in cyber perimeter?
The companies signing and issuing HTTPS certificates for web sites in the cyber perimeter of a country are trusted entities and are from the following countries detailed in the below table.
| Country | Top 3 top to bottom Certificate Authorities signing HTTPS certificates |
| Brazil🇧🇷 | United States of America (USA) Belgium United Kingdom (UK) |
| Turkey🇹🇷 | Belgium United Kingdom (UK) United States of America (USA) |
| Indonesia🇮🇩 | United States of America (USA) United Kingdom (UK) United States of America (USA) |
| Argentina🇦🇷 | United Kingdom (UK) United States of America (USA) United States of America (USA) |
| India🇮🇳 | United States of America (USA) United States of America (USA) United Kingdom (UK) |
| Italy🇮🇹 | United States of America (USA) Italy United States of America (USA) |
Data origin source
An initial comparison of ~2350 websites for 6 countries has been carried out. These countries have been initially chosen due to the availability of cyber perimeter urls for that specific country.
The list of sites has been gathered both manually and from different sources and includes websites in the public administration, defence, news, health and other categories vital to the functioning of a state and providing essential services to its citizens. The list of websites is ever increasing and it spans different categories. The list size will be considerably increase with the introduction of NIS2 directive which will include in the cyber perimeter of a country all companies with more than 50 employees or 10M Euros in revenue.
| Country | Number of cyber perimeter URLs analysed |
| Brazil🇧🇷 | 408 |
| Turkey🇹🇷 | 130 |
| Indonesia🇮🇩 | 793 |
| Argentina🇦🇷 | 159 |
| India🇮🇳 | 510 |
| Italy🇮🇹 | 340 |
| Total | 2340 |