Cyber Security - It's Not Just the Government's Responsibility

Cyber Security - It's Not Just the Government's Responsibility
|

In my line of work, I'm rarely surprised about anything and listening to the news this week was no different.

A new report by MPs states that UK forces are at risk of an attack on their information technology because of government complacency.

The Defence Select Committee said that UK forces are so reliant upon information and communication technology that they could be 'fatally compromised' by sustained cyber-attacks.

The Committee was told that forces which rely heavily on computers (and try and think of a regiment that doesn't), could be rendered completely dysfunctional by an attack. Warships, aircraft, tanks, rocket launchers, attack-drones, satellites all have the capability of being rendered useless or taken over in a targeted cyber-attack.

The report went on to say: "Should such systems suffer a sustained cyber-attack, their ability to operate could be fatally compromised."

I wonder how the Ministry Of Defence feels about a committee of MPs highlighting that it has a very high dependency on computers and that a vulnerability exploited could have dire consequences to the national security?

Putting aside my cynical hat for a moment, I am pleased that this serious issue has been raised. Not so much the news that there is a threat (all involved in our defence should already know that), but more the fact that we need further investment and increased attention into potential cyber-attacks.

The Committee's chairman, James Arbuthnot MP, said "It is our view that cyber security is a sufficiently urgent, significant and complex activity to warrant increased ministerial attention. The Government needs to put in place - as it has not yet done - mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities which cyberspace presents."

Wise words indeed, Mr Arbuthnot - particularly when you consider that in 2012 the UK suffered losses of over £27 billion due to cyber-attacks.

Mr Arbuthnot wants the Government to look at running a 'Cyber Health' campaign similar to the AIDS campaign of the 80s.

It may sound a little dramatic to compare AIDS and cyber security, however Mr Arbuthnot raises an interesting point - and there are similarities to people's perception of these two threats.

If we put to one side the obvious difference between cyber-attacks and AIDS, how people perceived the threat from AIDS in the 80s is very similar to how people perceive the threat of cyber-attack today -

•It's a problem for the Government

•It'll never happen to me - I'm not a target

•It's not as big a problem as people would have us believe

•I can avoid it. I take precautions

•If I am a victim, I'll hide the fact out of fear of what others might think or do.

I remember these comments being made on an all too frequent basis throughout the 80s about the AIDs - and I'm hearing them again now when I'm talking to people and businesses about the threat from cyber terrorism.

The figure of £27 billion lost in the UK last year due to cyber-attacks may seem large, but I believe it's merely the tip of the iceberg. Many organisations who suffer at the hands of cyber-attack are reluctant to come forward, for fear of what others might think or do. Statistics claim that every hour there are 1,000 attacks on computers. Is this an accurate figure? It could be, but I would put the figure much, much higher.

So how we begin to tackle this growing threat?

Raising Awareness

When helping businesses and organisations, I provide advice and guidance on cyber security alongside other issues including physical access controls to IT to destruction of confidential waste. Government should be doing the same.

Teach it to the kids

Teaching safe-sex is now standard practice. But how common is teaching safe-surfing? We all have a responsibility to protect ourselves from cyber-attack - whether we have grown up with the Internet or are 'silver surfers' who mistrust the Internet for all the wrong reasons.

We must change the perception that cyber-attacks 'will not happen to me' - the likelihood is that they will and indeed may have already happened.