UK cyber security 'becoming more consolidated', says ENISA
Dr Vangelis Ouzounis says government is trying to fix issue of 'lack of cohesion' that has left UK lagging behind
Attempts to consolidate all the various bodies that have some responsibility for the UK's cyber security are making steady progress, according to the European Network and Information Security Agency (ENISA).
Former head of the GCHQ and CESG, Nick Hopkinson, told Computing last year that there was a need for rationalisation between the organisations, as co-ordinating a policy and strategy would be a challenge when dealing with the numerous bodies involved.
But a year on from Hopkinson's comments, ENISA's head of unit, resilience and CIIP, Dr Vangelis Ouzounis, has said that every country including the UK, is trying to consolidate their own strategy.
"In every member state there are different distributions which have been developed for different purposes, now they all have slightly different responsibilities around cyber security and of course there are overlaps. Every country is trying to consolidate their national strategy and ENISA does not intervene because although we recommend the simplification and avoidance of overlaps, it is up to the member states [to take action]," he told Computing at ISACA Insights World Congress 2013, in Berlin.
"The [different bodies in the UK] have been developing from the bottom up over the years, that is why there is this situation but I believe that the UK cyber security strategy is now trying to consolidate the agencies - things like the Cyber Security Centre will help it to do this," he added.
Ouzounis admitted that the lack of cohesion was a problem but said that on a positive note, the problem had been identified and the government was trying to fix the issue.
He also said that while the US is "advanced" in its cyber security strategy, he did not consider the country's strategy as a template for European countries to follow, stating that some European countries may even be more advanced, without specifying which countries he was alluding to.
"There are other countries that are doing equally as well [as the US] or even better, having developed other concepts that are working well," Ouzounis said.
As for the UK, Hopkinson was not the only expert to criticise the bodies involved in the UK cyber strategy for a lack of cohesion.
Former US cyber intelligence officer at the Department of Defence, Bob Ayers, told Computing that "people seem to be getting resources in the absence of a cohesive plan and an ability to force compliance with that absent plan, [the UK] seems to be doing a lot, but never confuse activity for achievement".
While Mark Brown, director of information security at Ernst & Young, added: "I think there are 27 ministers of the state who have part of security in their job title, can anyone tell me who the actual person is who is solely accountable? The answer that always comes back from government is ‘no'".