Ahead of the launch of the government's cyber security strategy, former security minister Baroness Pauline Neville-Jones has argued that unlike traditional military defences, outdated cyber defences could actively aid the people they are trying to keep out
Cyber security and defence are complex and growing areas, taking up more and more time in the minds of the military and wider public sector alike. Who the main actors are, what are their targets and weapons of choice and what can be done to protect against cyber threats are questions without a single, convenient answer. Government, then, in coming up with its updated Cyber Security Strategy, must be prepared to develop a full understanding of the risks cyber-attacks present as well as a flexible way of dealing with a growing number of attacks against its own systems, and those of industry and private individuals.
At the Royal United Services Institute's cyber conference, former security minister Baroness Pauline Neville Jones said that the country was very much at the beginning of its development in terms of being cyber secure.
"These are the foothills of a long journey where the world which we're inhabiting is changing extremely rapidly around us," she said, "and one of the features of the landscape is both its volatility and the rapidity of change, which makes it hard to handle."
Only "top-rate performance" will do in aiming for cyber security, said Neville-Jones, with mediocrity leaving systems open to all the risks associated with being out-of-date. Even slipping slightly behind the times in one area of cyber defence - not patching a critical security flaw in time, for example - would mean hackers may be able to turn those defences against their owners.
"Whereas it's not optimal to have a second rate gun in service, which will reduce capability, you wouldn't normally find yourself in a situation where that gun by its inferiority posed an active threat to you," she said. "That's perfectly possible, however, in cyber.
"An inadequately secure system which has been penetrated has not only had its integrity destroyed but it may be actively aiding the enemy. And another unusual feature of cyber, one we must take account of, is that you may be unaware its happening."
The breach of RSA's SecurID tags in March this year was agreed by many at the conference to be a 'game changer' for cyber security. The attack eventually led to around 40 million of the ubiquitous tags being replaced, but the damage had already been done and was said to have led to further attacks on systems that used SecurID, including an attempted breach of Lockheed Martin's computer systems in May.
"We are dealing in cyber with a revolutionary technology which overcomes the constraints of time and distance and which is quite clearly the base of globalisation," said Neville-Jones. "It flattens hierarchies and it transfers power in hierarchical societies from ruler to ruled; and it enables economies to leapfrog stages of development and each other in the world of competition for wealth creation.
"In this high stakes world, middling performance will not do. You cannot be half-secure."
See more at: http://www.defencemanagement.com/feature_story.asp?id=18177
I'm not a hacker or even a genius with a PC, merely interested in the 'growth industry' of cyber, or information, security and will share any stories and news items I find on the subject.
No comments:
Post a Comment