A new Public Accounts Committee report has said the UK government faces “a real struggle” to fight the threats of cyber security.
Cyber threats have been considered one of the top four risks to national security since 2010, yet the committee believes the government takes too long to consolidate and coordinate the agencies that are supposed to protect Britain.
Timeline for Cyber security
- October 24, 2017
- September 25, 2017
Meg Hillier, Labour MP for Hackney South and Shoreditch, and chair of the PAC said:
“Government has a vital role to play in cyber security across society but it needs to raise its game.
“Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks.
“The threat of cyber crime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure.”
The broadening use of the internet, particularly using insecure Internet of Things (IoT) devices, is often linked to the growth in the threat from cyber attacks.
However, the recent launch of the National Cyber Security Centre (NCSC), which is dedicated solely to protecting the UK from the threats in cyber space demonstrates an attempt by the UK government to take control of these threats.
This isn’t the only way to solve problems cyber security poses. Resources are one thing, but there needs to be the infrastructure in place to handle the sophisticated nature of these attacks.
Chris Dye, vice president of marketing and communications at Glasswall, a security solutions company, told Verdict about how the attacks have changed and developed over the past few years.
“Even five or six years ago, the attacks weren’t as coordinated, structure or so advanced as they are now. It’s a race – you have the hackers who are really accelerating their availability fast and the availability of tools.”
Dye said that government needs to turn to innovation, as well as tackling the skills shortage in cyber security, in order to face down the hackers.
“There is innovation out there, and we are one of these innovators and we’re not the only ones out there who find it incredibly difficult to engage at government level.
“If you start to look for innovation that closes off some of the attack vectors [and] then the dependency on skills becomes less because there is the technology out there.”
This is something Richard Parris, chief executive at cyber security company, Intercede agrees.
He told Verdict: “There is a gross skill shortage in the area and so we need to change our approach to securing critical data and infrastructure in the public and private sector.
“Highly secure, user friendly and cost effective alternatives are available that would dramatically reduce the number of security breaches, approximately 75 percent of which originate at the point of user authentication. All we need is the political, regulatory and corporate will to make it happen.”
Yesterday, the UK defence secretary Sir Michael Fallon said Russia is attempting to carry out a sustained campaign of cyber attacks to target the critical infrastructure in the West.
In a speech at St Andrews University, he said:
“Russia is clearly testing Nato and the West. It is seeking to expand its sphere of influence, destabilise countries and weaken the alliance.
“It is undermining national security for many allies and the international rules-based system.”
In particular, the leaking of the Democratic National Committee’s emails via the website WikiLeaks have been linked to Russian state-sponsored hacking, suggesting that Russia purposefully intervened in the US election to ensure Trump won.
“Theoretically, it could [happen in the UK],” said Dye. “But I think the UK punches above its weight in most things – I think we’re doing pretty well in cyber [defence].”
“The Russian attacks, the affect on the election and the latest stories, that’s just bringing to the forefront of everybody’s mind that we’re not dealing with someone in their bedroom in a hoodie. That’s not the major threat anymore.”
“The formation of the NCSC is a focus – they’re just dealing with cyber. And that will hopefully give us the acceleration we need to combat those threats.”