MI5 head: welcomes communications bill; warns cybercrime threatens UK economy

Sandwiched between a brief introduction and even shorter conclusion, Evans divided his lecture into five sections: the Olympics, Terrorism, Cyber Security, Emerging Threats, and the Justice and Security Bill. 

His concern over the Olympics is the physical terrorist threat; but he believes that this is well in hand. International co-operation that has gone into planning for the Games means that the Security Services will reap their own “Olympic security legacy after the Games”, and that “we shall see a successful and memorable Games this summer in London.”

The main thrust of his talk on terrorism was that as the focus of Al-Qaida in Afghanistan and Pakistan weakens, so it grows in other parts of the world: “Al Qaida affiliates in Yemen, Somalia and the Sahel have become more dangerous as Al Qaida in Pakistan has declined and we see increasing levels of cooperation between Al Qaida groups in various parts of the world.” The Arab Spring is also highlighted as offering, hopefully a short term, haven for radicalization.

On cybersecurity Evans stresses the need for co-operation between business and government. “The front line in cyber security is as much in business as it is in government,” he said. “And the extent of what is going on is astonishing – with industrial-scale processes involving many thousands of people lying behind both State sponsored cyber espionage and organized cyber crime.” This, comments Imperva’s Tal Be’ery, “should encourage the sharing of data between companies in the private sector through information exchanges,” adding that different attacks often share similar characteristics, and that by sharing, “these attacks can be thwarted more effectively.”

Evans gave an example. One London company with which the Security Service has worked “estimates that it incurred revenue losses of some £800m as a result of hostile state cyber attack – not just through intellectual property loss but also from commercial disadvantage in contractual negotiations. They will not be the only corporate victim of these problems.” It is more prevalent than people realize, comments Paul Davis, a director at FireEye, “and it is time that governments and businesses take note. In most cases, the victim organizations perform damage control before the breach becomes public.”

Martin Sutherland of BAE Systems Detica, a company that has earlier estimated the cost of cyber crime for the Cabinet Office, adds that most businesses “believe that 2011 was just the beginning and that high profile cyber attacks against businesses are likely to continue on similar or increased scales in the future.”

Evans then briefly mentioned emerging threats, but concentrated on the potential for political extremism caused by Europe’s – and indeed, the world’s – economic problems. He doesn’t believe that the UK will suffer from organized political extremism, but pointed to the danger of lone individuals such as Anders Breivik.

However, he reserved the most impassioned part of his speech for the final section: the Justice and Security Bill. He welcomes proposals that will allow Security Service testimony to be delivered in closed court and not made public. At the moment, he says, much security information cannot be provided to the courts for fear of publicly exposing its source – which could well be a friendly foreign service. “This means,” he said, “that such material cannot in practice go into court at all. This situation is bad for us, bad for the other party to proceedings and bad for the administration of justice.”

Then, without ever once mentioning the Communications Bill by name, he says, “the proposed legislation to ensure that communications data continues to be available to the police and security agencies in the future, as it has in the past, is in my view a necessary and proportionate measure to ensure that crimes, including terrorist crimes, can be prevented, detected and punished.” ‘As it has in the past’ is the same, but disputed, term used by the Home Office to justify the Communications Bill; that bill that will allow the Secret Service to monitor all future communications of everybody within the UK.

What’s Hot on Infosecurity Magazine?