ISSA European Conference: A talk from Right Honorurable David Davis, MP

Written by

I attended the ISSA European Conference last week, and was pleasantly surprised by a fantastic speaker line-up and some excellent content.

The agenda was kicked off by Right Honourable David Davis, MP House of Commons, UK Parliament, who joked that his talk would completely defy that of what was outlined on the programme, “which is a given right of those in Parliament”, he laughed.

It wasn’t his only self-derogatory comment. Davis described the Government IT infrastructure as “complex systems that are not understood by the politicians who deal with them”.

I shall outline some of what I believe to be his most poignant points:

  • “‘Cyber Pearl Harbour’ is a dramatic term which is freighted with assumption. It implies an attack on innocent people by bad people, which is not always the case.”
  • Stuxnet (and Flame and Duqu) were “lego-block programmes…which could be easily adapted to do the same thing to power grids. What Stuxnet said to the world is ‘The West is willing to do this and we’re willing to strike first’”. It was a dangerous move, Davis said, which “legitimised what everyone else does to us”.
  • “Stuxnet was strategically both smart and very stupid. It’s not a case of black hat, white hat”.
  • “RIPA has had 500,000 approvals and the government has not monitored what it has been used for. Where is the government going with this?” RIPA, he said, could “not only be ineffectual, but harmful.”
  • Higher surveillance creates higher false positives, which government agencies can’t cope with.
  • The technical capability of UK government agencies is “less than we think it is. It needs to be deployed against real threats – not the ones we think we have”.
  • The benefit of the internet “hinges on data about its users.” Facebook IPO is $100 per customer. “Customers are the product”.
  • 95-99% of data collected online is beneficial to customers.

On the European Commission’s cyber security strategy:

  • “I approve of the direction it is going in. If not how it is done.”
  • “The notification requirements are incredibly tight. Execution will be problematic”
  • Regulation rather than directive = no leigh way.

And finally:

  • Fruit Ninja is the Prime Minister’s favourite game…

What’s hot on Infosecurity Magazine?