Share

Related Links

Related Stories

Top 5 Stories

News

UK government officials accused of being confused over security

04 July 2012

Two senior UK officials (Richard Clarke, director of the Home Office Security and Counter-Terrorism Department; and James Quinault, director of the Office of Cyber Security & Information Assurance at the Cabinet Office) are accused of giving contradictory and confused messages over threats and solutions to UK cybersecurity.

Both government officials gave talks at the National Security Conference 2012 held in London on Tuesday. Clarke stressed both the cybersecurity threat posed by the London Olympics and the sheer effort gone into all forms of security. He seemed to be supporting last week’s lecture by the head of MI5, who warned on the scale of the security threat faced by the UK.

Paul Davis, director of Europe at FireEye, later agreed with Clarke. “Recent events,” he said, “certainly reinforce the widespread notion that we have entered an era of cyber warfare. In the same breath, numerous warnings of the potentially severe national security risk posed by computer-based attacks enforce the fact that this is a very real issue – one that must be urgently acknowledged by organizations worldwide.” He aded, “This is a hugely critical time for the country, as we prepare to have the world’s eyes watching over us during the Olympic Games.”

But at the same conference, James Quinault from the Cabinet Office later commented, “But it remains true that 80 per cent of attacks we're seeing in the UK could be defeated by basic cyber hygiene using the techniques and software that are already available.” It is this statement that has been seized upon as being incompatible with the stance taken by the security and counter terrorism services. 

“Yesterday’s two statements... are contradictory to say the least,” claims Ross Brewer, managing director and vice president at LogRhythm. “On the one hand we are being informed – not only by the Cabinet, but also by MI5 – that the current UK cyber threat is at an ‘astonishing’ and ‘industrial’ scale, whereas the subsequent statement assures us that basic techniques and technologies are more than enough to keep us safe.” This only highlights, he believes, the sense of confusion and apparent disorganization stemming from the rapid, unpredictable evolution of today’s threat. “To be frank,” he adds, “this is simply unacceptable at such a critical time for the UK, and London in particular.”

Brewer believes that Quinault is  wrong. “By suggesting that the majority of attacks can be defeated simply by changing passwords or being careful about what information is shared online points to a severe lack of understanding of how the current security landscape is manifesting.”

Nevertheless, security in cyberspace is now so complex and varied that all parties could be correct. Statistics often quoted from Microsoft have shown that 99% of all attacks can be stopped by having up-to-date and fully patched software. In this sense, Quinault’s 80% is really a bit on the conservative side. But that still leaves the 1% of 0-day, nation-state Flame and Stuxnet advanced and persistent threats that can only be prevented by serious security defenses. Here Brewer is correct. “The fact is,” he says, “today’s cybercriminals are as intelligent as they are determined. With such a heavy reliance on IT, ever tightening data laws and an abundance of highly valuable Intellectual Property and confidential data online – the repercussions of a cyber attack cannot and must not be underestimated.”

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×