Rally the troops for war on cyber crime

The success or failure of the government’s plan will depend entirely on the authority and accountability vested in CSOC

“Divide and conquer” is a battle plan that probably goes back further than the Romans, and it is one on which e-criminals and cyber saboteurs have been all too happy to rely in the UK.

The government’s new Cyber Security Strategy not only sets up two new organisations to help protect the country against the growing digital threats we face, but identifies 16 other bodies that already have responsibility for dealing with such attacks.

Nobody is trying to pretend that cyber defence is easy, and perhaps there is a very good reason why we need 18 different organisations working together –­ or at least, trying to.

But as most IT security experts know, it is human factors that the best hackers target, and even with the best will in the world, 18 different groups with 18 different priorities and prejudices mean an exponential increase in the potential for gaps through which cyber criminals can attack.

In theory, the new Cyber Security Operations Centre (CSOC) to be set up at GCHQ will be responsible for co-ordinating all these organisations in a coherent way. Good luck with that.

But what this means is that the success or failure of the government’s plan will depend entirely on the authority and accountability vested in CSOC. The centre’s location at the government’s top-secret communications monitoring site rather suggests its focus will be on high-level cyber espionage and terrorism ­ – somehow it seems unlikely it will be that bothered about the sort of low-level, frustrating hacking activity that is the daily bane of most businesses’ life.

It would be churlish to criticise the Cyber Security Strategy because it has so plainly been needed for so long, and its arrival is to be welcomed, even though it is belated. But to counter the increasingly sophisticated threats the UK faces, we need a simple, streamlined, co-ordinated operation that has the real teeth needed to take action.

If one does not emerge, those gaps will loom ever larger for both the casual hacker and the malicious cyber attacker.