TagsAI Alignment Apple application management Atos Themes Big Data Business Models BYO Changing Customer Cloud Collaboration Connected World Current Affairs data Delivery Models downturn Economy Education enterprise architecture Facebook generation y Google information security Innovation J2016 Knowledge and Craftmanship London2012 media Microsoft mobile Mobility open innovation open source Oracle recession SaaS Security semantic web social media Social networking Sustainability The Future! Tracks Transformation trends Twitter virtualisation web White Papers Working in IT
UK Cybersecurity strategy leaves the rest of us in the cold
Mark N Jones >> Why does the state get cyber security when we don’t?
But why? … Put simply, over the last 10 years the frequency, intensity and impact of cyber attacks on the UK has grown exponentially.
On the 25th of June 2009 the Prime Minister and Lord West (the UK’s newly publicly appointed Minster for Cyber Security) announced the national Cyber Security Strategy. Its objective to increase the levels of both awareness of and protection from ICT enabled threats.
The announcement was made in parallel with public statements concerning the cyber attacks of ‘other countries’. The statements named the specific ‘other countries’ who are recognised as marshalling attacks against the UK.
Further statements announced that the UK has its own cyber attack capability.
In reality for those amongst the various flavours of the risk management and security community of the UK (InfoSec, Information Risk, Information Assurance professionals) the content of the statements has been a matter of privately acknowledgment for some time.
So what does this really mean for UK PLC and the balance of concerns owned by the state and the individual?
For UK PLC
The announcement of the cyber security strategy must signal the end of an all too common covert and complacent attitude toward providing adequate investment into the protection and secure management of corporate information and data…
The senior exec attitude of “this is an issue on which we must say the right things but we don’t need to invest” must die.
Cyber security for a company or significant state organisation is now as important if not more important than all others forms of traditional security applied in large organisations combined.
For the state and individuals
The UK is in the privileged position of marshalling some of the world’s leading
and most respected assets concerning the security of information BUT, and it is a big BUT, the vast majority of these assets are focused on traditional ‘high threat club’ challenges – “How do we protect the battle plans of our Helmand based military assets from prying eyes?”, “How do we demonstrate that those other countries who attack us in cyber space should expect a counter attack?”.
There is, in my view, far less focus from this community on “How do we ensure that 25 million tax payer records don’t get lost?” because the true impact for the British State of the compromise of the battle plans of our Helmand based military assets is obviously of greater concern to them than the loss of 25 million tax payer records even though the loss of 25 million tax payer records is of considerable interest and indeed concern to the individual.
The real questions are two fold
Firstly “How do we leverage the excellence of expertise present in the teams in GCHQ/CESG and apply it to lower threat environments?” and secondly “How do we redefine the term high threat club?” – for example if the SCADA systems (electronic control systems) which control London’s power grid are successfully attacked and London is blacked out for 2 days is the impact on UK PLC really less important than the disclosure of battle plans in Helmand?
“How do we set the priorities of technology security in a world in which everything is connected?”
Our quest in this cyber age in my view is that Britain needs the best cyber security for us all not just the state and not just the traditional “high threat club”. From your and my home computer, through the fabric and infrastructure of our society, to our battle plans, we need the best protection across the lot. Increasingly we are all woven into the same unifying digital patchwork, a patchwork which unites us and our data whether we like it or not.