Intelligent thinking - well, any sort of thinking, really - is fairly rare in Westminster but we have an excellent example of it today in the form of a report from the Defence Committee as reported in The Telegraph:
James Arbuthnot, committee chairman, said: “"It is our view that cyber
security is a sufficiently urgent, significant and complex activity to warrant
increased ministerial attention.
"The Government needs to put in place – as it has not yet done – mechanisms,
people, education, skills, thinking and policies which take into account both
the opportunities and the vulnerabilities which cyberspace presents."
The catastrophic shambles that would ensue across the country if a cyber attack was only partially successful hardly bears thinking about. I don't believe many of us are even aware of the huge complexity of the networks which support almost all aspects of our lives and daily business. It is only when one breaks down, usually due to human error, that we are momentarily shocked, like that recent bank 'snafu' when suddenly cheques and money transfers failed. Imagine if, say, 50% of our networks across a whole range of activities were damaged or destroyed - what then? Even more to the point would be the effect on our armed forces:
The defence committee report concluded: “The armed forces now so dependent on
information and communications technology, should such systems suffer a
sustained cyber attack, their ability to operate could be fatally compromised,"
the committee said.
It said there was an “inevitable inadequacy of the measures available to
protect against a constantly changing and evolving threat” and that it was not
enough for armed forces just to “do their best” to prevent an effective attack.
The extent of information and communication technology in weapons, satellite
and intelligence systems means “many more points of vulnerability”.
Currently, there are some major cuts slashing away at our armed services, and quite right, too, in my opinion, but some serious money should be spent on the creation of a joint military and civil agency to combat cyber warfare. This will not be cheap - the top people in 'computeronics' (there, a little neologism just for you!) demand and receive top money but it has to be done and done quickly. It's no good depending on the generals and admirals, they don't understand it any more than you or I, and frankly, if it doesn't go bang they are not very interested! What we need is a leader from the computer/software industry, provided with a massive budget to set up an entirely new agency. It needs the Prime Minister to get behind the project and push it through as a matter of urgency - oh dear, why do I suddenly feel depressed?
I have to say I disagree.
There's a whole lot of weapons-grade bollocks talked about "cyber attacks", much of it by people like these MP's, most of whom probably wouldn't know whether they had a laptop or an etch-a-sketch (H/T Dilbert).
And as for "...a massive budget to set up an entirely new agency..." I really do hope that was sarcasm.
The very last thing we need is a government agency poking its nose into the IT industry or infrastructure. It's hard to imagine the sclerosis and bureaucracy that would result, but whatever your worst nightmares can imagine, for sure the reality would be worse.
Leave it to those who know (ie not politicians) and - most importantly - to those with a real stake in the matter, either financial or reputational.
End of rant. Sorry.
Posted by: Andrew Duffin | Wednesday, 09 January 2013 at 12:24
Agree with AD. There are seriously competent folk having a go all the time - and equally seriously competent folk preventing them all the time - c'est la vie. There is no problem that government busybodies or the mil would not make much worse. The WEB is mainly a private enterprise operation. Government and military should keep their noses right out. Government + the mil = boondoggle with pork.
Anyway, would it not be a good thing if the WEB were the new Doomsday Machine - for everyone. Perhaps that is what rankles the most - "the big red button is not my own and I am not sure it would not kill me as well". Suits me fine.
Posted by: rogerh | Wednesday, 09 January 2013 at 14:28
I think, Mr Duff, you are being a bit pessimistic here. The West has multiple redundancies in its digital networks and we have an awful lot of people who know what they are doing. Countries like China have a centrally controlled system, they are very vulnerable. As to the 3rd World, half of them don't even have a telephone system. We could, if we wished, just lop them off the global network.
Posted by: backofanenvelope | Wednesday, 09 January 2013 at 16:45
Shock, horror indeed.
I could miss out on my daily dose of Duff!
Posted by: Sam | Wednesday, 09 January 2013 at 17:05
"there are some major cuts slashing away at our armed services, and quite right, too"
I'd question this opinion in the light of current and probable future threats (Mrs Kirchner? Gib? Obama?). The US has less interest in our.. interests. The only Euro power which apparently hasn't cut, but increased, the size of its military is Germany. I'd suggest the world is a considerably less stable place than it was for some time (Iran, Syria, Egypt, etc.). So is it really a sensible time to further cut and already decimated military so as to be able to fund a 'not fit for purpose' NHS, ever increasing 'benefits', ever increasing immigration, Brussels incompetence, ......
I view the military (external security) as one of the few things government is there to do - and ours is patently destroying its ability to provide that 'service' (and the expertise once lost won't be easily replaced).
As such, since we'll end up with one sailor in a rowboat as a navy, a season ticket holder with British Airways as an RAF, and a couple of G4 guards as an army - I think cyber security is not really going to be the issue.
I don't question that cuts be made. I just wish the pruning started with those unnecessary Quangos, etc. and if the military does need including (what's left at this point) then maybe starting with the admin staff, the multiple layers of political/civil service involvement, and a few Admirals/Generals and Air chief Poobahs should go before the grunts?
As an aside, are you aware that most of the military coms gear is 'absolute pants'? Most of the guys I know use... iPhones and apps - seriously!
Posted by: Able | Wednesday, 09 January 2013 at 18:13
Now look here, you 'orrible lot, only Sam has come up with a sensible comment so I'm promoting him to lance-corporal with immediate effect!
As to the rest ... I am in favour of cutting our military budgets for the simple reason that we no longer have the capacity to mount a foreign expedition. If the Argies were capable of overcoming the garrison on the Falklands there would be nothing we could do about it today. And the Falklands is about the only place on the globe where a good-ish argument could be made for an overseas expedition. Quite apart from anything else, we can't afford it! We're broke, skint, lacking a pot to piss in and it is only a matter of time (weeks? Months?) before the Shylocks raise the interest they want on the money we have to borrow just to live hand to mouth, and the sooner we face up to that the better. Cameron clearly hasn't faced up to it because today he was boasting - boasting! - that he had cut the deficit by a quarter. That means we are still ADDING to our national debt each and every year.
The chances of an invasion of our Island is minimal. However, the chances of either a missile attack or a cyber attack are much higher and that is where we should concentrate our defence capabilities. I take the point concerning the problems of the digital sharks moving in to cream the government 'a la' NHS computer system but surely that can be handled - if there is sufficient drive and will-power. Oh, right, so that's that then . . .
Posted by: David Duff | Wednesday, 09 January 2013 at 18:56
I'd point out that we're "lacking a pot to piss in" because we're paying out hand-over-fist for cr.. I mean stuff we shouldn't be (how much aid to Pakistan, India, etc. for example). Looking at the budget the defence portion is a tinny fraction of that spent on such worthy causes as paying people not to work and funding certain bankers and politicians Caribbean holidays. As with everything else they're cutting the people who 'do the job' at whilst increasing the hangers on. But I'm too much of a gentleman to descend to such argumentative behaviour (Oh Ok I just can't face another lot of Jankers)
The point I was making re. iphone was that free enterprise will more surely and cheaply provide a service, and protect it against attack, than any .gov project - so over to you Apple/Microsoft/Norton/etc,
(Oh, and Sam, don't sleep too soundly will you as AD, BOE, Roger and me have a 'few words' for you later)
Posted by: Able | Wednesday, 09 January 2013 at 19:28
I agree that the expertise of the private sector must be harnessed but they (in the security field) are more concerned with protection of individual networks rather than national ones - let alone military ones. Also, as the committee emphasised, it is necessary to have back-up plans if your system is penetrated. We do have a centre of excellence (at least, I hope it's excellent!) at Cheltenham where the SigInt guys and gals operate. It *seems* to have a good reputation, so we just need something similar for cyber protection.
Come on, chaps, don't be so defeatist, we are the country that operated Bletchley Park!
A
Posted by: David Duff | Wednesday, 09 January 2013 at 20:28
I read "Enigma" by Robert Harris over Christmas.
It's about Bletchley Park.
Very, very good.
Posted by: Andra | Wednesday, 09 January 2013 at 22:20
A further thought. Why would the gov suddenly start taking an interest in this very very old topic that has been done to death many many times already? Perhaps an election in 28 months time has some bearing. Elections cost money so need funding. The big consulting firms stump up regularly but might need a sweetener. So hand out some nice fat consultancy to 'look into' cyber whatsits and voila. Keep your eyes open for further boondoggles in the coming months. BTW, there are backup plans already and the mil do have their own nets - hence ?why?.
Posted by: rogerh | Thursday, 10 January 2013 at 06:34
As I understand it, Roger, the problem with the military is that the security on their networks is not good and even more important they have no idea what they would do if their networks suddenly crashed!
And the report was issued by a HoC committee, not the government. I don't much care if there are some boondoggles just so long as someone half competent gets a plan together as to what we would do if half our national computer networks crashed!
Posted by: David Duff | Thursday, 10 January 2013 at 08:56
Let's get serious here.
Lance-corporal be damned.
I wants pips on me shoulders – or I'll be down t' pool yer flounder about in with me musket and 'arpoon.
Posted by: Sam | Thursday, 10 January 2013 at 12:15
Very good, Sir, er, three pips enough?
Posted by: David Duff | Thursday, 10 January 2013 at 12:26
"the private sector must be harnessed but they...are more concerned with protection of individual networks rather than national ones"
True, but misses the point: there is no national network, there is only a vast combination of private networks all linked together, and the strength of the whole shebang lies in this diversity and in the varying priorities and expertise of their various guardians.
Central control = complete vulnerability. Remember this.
As for the military, if any of their truly critical networks are connected to the internet, then someone ought to be taken out and shot.
Posted by: Andrew Duffin | Thursday, 10 January 2013 at 12:38
To drone on. Bruce Schneier over at 'Schneier on Security' seems to know what he is on about, he and his pals will worry the socks off you. Although the WEB was designed to survive nuclear attack it is vulnerable to some itsy bitsy software or hardware glitch coming under the radar. The latest fad is for first-day exploits - no-one saw you coming.
No-one but no-one can guarantee the whole thing could not collapse in a heap - very very unlikely but it could. The important point is that there is absolutely nothing the UK government or any of its clever agencies can do to guarantee it won't other than to watch carefully and bung up the holes as they appear. Further, worldwide we are all in the same boat - unless you live in a mud hut. UK's gov is very small beer, much more important people are looking too. Therein lies the strength of the system. So enjoy the WEB but keep a few candles and baked beans by you.
Posted by: rogerh | Thursday, 10 January 2013 at 14:02
Well, Gentlemen, we seem to agree that there is a potential threat. We also seem to agree that there is no Plan 'B'. This re-enforces my opinion that we need some sort of co-ordination to share security protocols and at least liaise on Plan 'B' possibilities - if there are any? I really don't think it is good enough to sit back and sing 'Que sera sera'!
One other thought occurs. I still cling to the suspicion that what kicked Major and Blair into settling some sort of deal with the IRA was their explosive attacks on the London Stock Exchange and the City. Now suppose a cyber attack. Just like the use of poison gas and/or bio hazards, it is not necessary to succeed totally. A partial success will cause chaos and panic and cost the country zillions.
Posted by: David Duff | Thursday, 10 January 2013 at 14:29
http://www.wired.com/threatlevel/2012/05/everyone-hacked/
Posted by: JK | Thursday, 10 January 2013 at 23:44
Excellent article, JK, thanks.
Posted by: David Duff | Friday, 11 January 2013 at 09:00