Private sector is endangering national cyber security says UK report
London, September 14, 2011 -- The UK’s critical national infrastructure is at huge risk of attack and the companies that own them must take greater responsibility in securing their systems, according to a leading think tank report.
Chatham House, in conjunction with BAE Systems Detica, confirmed the findings after interviewing many of those involved in the protection of utilities, communications networks, health services, food services, banks, and power grids.
Although considered to be on the front-line of the threat, CNIs had shown a "haphazard" implementation of security practices, and "need to look further ahead to identify potential threats and to develop anticipatory responses to the potential cyber risks."
The study concludes that there is "a marked lack of uniformity and consistency in policy and practice, such that it would be very difficult to describe the UK as possessing anything approaching a society-wide response to cyber vulnerabilities and threats."
The findings were announced this week as leading thinkers gathered at a London defence exhibition to share their thoughts on the issues at hand. Broad consensus was made on the fact that CNIs are the most likely target in the scenario of a national cyber security crisis emanating from either state or individual actors, as well as on the fact that the lexicon related to the cyber domain must first be understood before beneficial discussion can truly begin.
However, experts were found to have vastly differing understandings and predictions in several areas of concern, including whether online banking is safe enough to use, whether ‘absolute’ cyber security can be achieved on a technological level, and whether the world is likely to witness a ‘digital disaster’ on the scope of a serious terrorist attack.
Aside to the criticism levelled at the private sector, the present government was acknowledged by most to have taken the threat seriously and to have demonstrated progress. Last year’s Strategic Defence and Security Review (SDSR) raised the importance of cyber security to a Tier One threat-level and allocated £650 million to the pursuit of better protection. It is expected to further raise awareness among the public with initiatives akin to the ‘Get Safe Online’ campaign which aims to educate the public on basic digital security.
Despite this, the report states that ministers must be more open to sharing information with CNI firms if positive change is to be made. A revised official cyber policy is due to be released in October.
Prior to the release of the report, the Institute for Security & Resilience Studies at University College London published a ‘Cyber Doctrine’, in an effort to put in place a "coherent evolutionary framework for learning resilience", having recognised in the nature of the cyber domain to transform at a faster pace than academic publishing can keep up with.