25 Nov 2011
The government has today released its new cyber security strategy, promising greater collaboration with the private sector and improved cyber expertise across the UK's police forces, among other things.
And this is just one of several high-profile government initiatives around the subject.
In July this year the science and technology parliamentary select committee began an inquiry into malware and cyber crime. Towards the end of the year it intends to publish its advice to the government.
In early November, Foreign Secretary William Hague MP held the London Conference on Cyberspace, where more than 700 delegates from 60 countries gathered to discuss an international approach to countering cyber threats.
And with the £650m pledged to the cyber cause by David Cameron last year, clearly cyber security is high on the government's agenda.
But is the government asking the right questions, and is it all happening quickly enough?
Dr Richard Clayton of the University of Cambridge computer laboratory was one of the experts called in to give evidence to the select committee.
He is not certain that the right questions were asked during the government's select committee hearing (the committee is due to release a report in the next four weeks).
"Malware is an enabler for the majority of e-crime – the questions were mostly about e-crime itself, he said.
"The competence of the people replying would have told them about malware, not e-crime more generally."
He says the committee will only be able to conclude that it needs to hold further inquiries and ask more questions when it comes to making its conclusions to parliament.
In Dr Clayton's view the committee, and by extension the government, should be asking how much effort we should put into stamping out cyber crime.
"We tend to put up with a certain level of burglary. We understand that in order to go to a zero-impact of burglary, we'd have to spend a lot of resources and make large changes to society.
"Conversely, we don't put up with bank robbery. The banks and the police have made changes over the years to make it relatively rare. And when it does occur a lot of effort is put into catching the people who did it and making sure they don't repeat it."
He argues that the government needs to decide into which of those categories e-crime should fall, and not let it fall into a category simply by virtue of how much resource we pour into it.
David Cameron and certain members of his cabinet have become fond of quoting the figure of £27bn, an estimate of the loss to the UK economy as a result of cyber crime.
Dr Clayton doubts this figure is an accurate measure of the true cost.
"The government has come up with this £27bn figure, but no one really believes that's an accurate measure of e-crime – the dominant proportion of that comes from industrial espionage."
So is it true then that the government and its advisory bodies don't really know what questions to ask around cyber issues, as well as being either ignorant or duplicitous about its cost?
Andrew Miller is chairman of the select committee looking into malware and cyber crime. He disagrees with Clayton and says the select committee has asked the right questions of the right people.
"While malware is in the title of the inquiry, it's not about malware as a code writer's art. It's about the impact of malware on society, so naturally you drift on to cyber crime."
He says he is seeing a shift in attitudes in Westminster, and a recognition that cyber crime must be tackled differently from traditional crime.
So if the government is still a bit naive around cyber security, it is doing its best to learn quickly.
"There is now a recognition of the role of civil society in problem-solving here. Internet governance is not a top-down state-to-state issue. It needs a different model, a multi-stakeholder engagement process."
The government hopes the London Conference on Cyberspace will have gone some way towards engaging international public and private organisations into this process, but some commentators were disappointed there was no new agreement from the conference itself.
In fact, when asked for his key takeaway from the conference, Hague responded only that, "It catalyses things."
"I'm not surprised there wasn't some great statement from Hague. He now has a grasp of the problem, but of course he's out of his depth in terms of the technology," says Miller.
His hope for the future is that the approach to the cyber threat will survive changes in government.
"I hope we can try to develop a consensus on a cross-party basis so the framework of both legislation and the amount of resource directed at different agencies is something that happens irrespective of parties, or changes of government," he said.
I think govt has a good understanding of the threat and it knows that the majority of attacks can be thwarted if only people and organisations would implement the protection that is already at their disposal. The key factor is education.
Posted by: Prof Alan Woodward 25 Nov 2011
Have your say on this article
Newsletters
Latest stories from Security
You may also like
Security jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
