Will the UK be the next nation to introduce a cybersecurity czar?
The afternoon of Friday 29th May saw the security industry fix its attention on the White House, where President Barack Obama announced the creation of a czar as part of the administration report on national infrastructure and cybersecurity.
Melissa Hathaway, the cybersecurity chief at the National Security Council, claimed that the American public ‘need a safe internet with a strong network infrastructure and we as a nation need to take prompt action to protect cyberspace for what we use it for today and will need in the future'.
Hathaway claimed that protecting cyberspace will require strong vision and leadership as well as changes in ‘policy, technology, education, and perhaps law'.
Obama claimed that his administration was going to ‘pursue a new comprehensive approach to securing America's digital infrastructure'. Obama said: “This new approach starts at the top, with this commitment from me - from now on, our digital infrastructure - the networks and computers we depend on every day - will be treated as they should be, as a strategic national asset.
“Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage.”
With this announcement, the acknowledgement of the need to protect the cyber infrastructure was declared. Amrit Williams, CTO of Big Fix claimed that there was nothing revolutionary in the findings, nor in their near and mid-term action plans to address the deficiencies of our current program.
However he did claim that what was encouraging was the fact that the administration had elevated the conversation and is building national awareness across the population. Williams said: “Many in the security industry are already complaining that it isn't enough, that there is more that should be done, that it all rings hollow and has been tried before.
"What they seem to be unable to rationalise is that we have an administration that not only understands the scope of the problem and associated threats but is working aggressively to implement policies, procedures and technologies to address them.”
In agreement was Prof. Howard Schmidt, president of the Information Security Forum and a previous advisor to the White House on cyber security, who claimed that Obama should be applauded for his commitment to address cybersecurity and the classification of the Information Infrastructure as a ‘Critical National Asset'.
Schmidt claimed it was ‘important that the public is more educated and aware of cybersecurity and authorities need to be better prepared for cyber incidents that will require both commitment from the very top and investment in research and development'.
“Cyber threats are a great leveller as all it takes is a handful of clever and determined people to unleash cyber attacks on the United States or any other major power. Economic prosperity, public safety and national security all depend on a rich, robust and secure digital infrastructure”, said Schmidt.
So with this level of appreciation being directed at Obama, is this the right time for the UK to make such a step forward? On the eve of an expected crushing European election defeat for the Labour government, and with front bench MPs falling by the wayside, Prime Minister Gordon Brown could do with some level of optimism.
Imperva CEO Shlomo Kramer, claimed that the UK government should follow the lead of the US and pay much more attention to cybersecurity.
Kramer said: “Any new czar or organisation would have a significant job to undertake, with the first action being to deprive hackers access to the data and intellectual property they want. Current government initiatives over emphasise traditional security approaches - like anti-virus technology - leaving the door open to cyber theft. Instead, the government should start by locking their huge software systems and the sensitive data those systems transact.”
Kramer also claimed the right approach was being taken by the Conservative Party, who have claimed that it will push for a cybersecurity minister to raise awareness of the importance of fighting computer crime.
Shadow home affairs minister James Brokenshire, MP for Hornchurch and Rainham claimed during a keynote speech to police officers and other law enforcement staff at a conference on hi-tech crime organised by Microsoft that there was a need for such a czar.
Brokenshire said: “President Obama was candid in his analysis of the threats posed by cyber attacks saying that the United States wasn't as prepared as it should be. Well if the US isn't as prepared as it should be – then where does that leave this country? And how better prepared will we need to be with the challenges of the 2012 Olympics looming ever larger?
“That is why we need a proper cyber-security strategy for this country. That's why we would appoint a dedicated minister with the responsibility for co-ordinating policy across government on cyber-crime, cyber-security and cyber prevention.”
What is unsurprising is that Obama was welcomed for such a popular announcement, and that the UK has not reacted immediately. It is this writer's opinion that James Brokenshire MP is correct, and while I don't expect this to be a major factor in the turnout of the European elections, this is something the UK will have to implement sooner, rather than later.