Speaking at the (ISC)2 EMEA Congress in London today, Blunkett – who also opened the SC Magazine Awards back in April - said that there's currently a fine line between protecting national security and guarding online privacy, something about which he's only too aware.
A former Cabinet Office minister, Blunkett was hacked himself by investigators at The News of The World, who in-turn unearthed details of his affair. Blunkett subsequently resigned from office - for the first time - in 2004.
“I don't know anyone who says that their privacy shouldn't be protected,” said Blunkett, only to add some moments later that “frankly, the idea governments can't protect themselves is risible.”
He said that Edward Snowden, the NSA whistle-blower who leaks thousands of documents on US and UK government surveillance, was a ‘traitor' and a ‘thief' but also someone who had ‘opened up' a conversation to these wider issues.
“Sometimes people do things for the wrong intention, or for the right intention but in the wrong way,” said Blunkett at the conference.
He continued that security should predominantly resolve around ‘understanding the flaws in people' - saying a failure to do so would make it impossible to properly evaluate resilience and security risks, especially in the supply chain.
Two others speakers picked up on this theme at the Congress. “For me challenge in security is not a lack of technology. I am worried about people building systems and software in the future,” said Stefan Leuders, the head of IT security at CERN, the European Organisation for Nuclear Research
Citing recent research which revealed that almost all data breaches are down to user error, Ray Stanton, executive VP of professional services at BT, added: “Why is it we can't do the basics? It is things like that which trouble me.”
Blunkett, meanwhile, added that – despite Snowden's leaks – the hacking expertise at nation-states has been “overestimated, even at sophisticated operations like GCHQ”. He said he was more troubled by a lack of skills - and information - at the police, something senior figures at Europol and the Metropolitan Police have also noted in recent months.
“My concern is equipping the police service so that their understanding is even at base one, and so they know how to do it.”
The former Home Secretary had mixed words for the government's stance on cyber-security. He praised the coalition for a National Security Strategy which saw cyber-attacks become a 'tier one' threat – but slammed the recent revision of RIPA (Regulation of Investigatory Powers Act 2000). Citing the recent Vodafone/Met Police case, he said that it was “never intended for journalists'. The law was introduced during his time as Home Secretary.
But Blunkett reiterated his praise for a government which has raised cyber-attacks to a tier one threat. Nonetheless, he says that more is to come.
“I think the very commitment of government [on cyber-security] is critical in raising issues not just for business and law enforcement but also for individuals to take it seriously as well.
“I'm still concerned government doesn't understand cyber-security - and can't get to grips with – those businesses and organisations that are rooted in other countries."
His other concern, though, is the 'resurfacing' of terrorism as a public concern.
"What happened recently, of course, is considerable concern resurfaced over terrorism. This tends to be physical as well as cyber-threat but [it's done] in a way that doesn't really engage businesses.”
He added that there were concerns around the 2012 London Olympics. “I had a particular concern about the Olympics and Paralympics; I thought there would be major reputational hit, but I am very relieved to say I was wrong,” said the former minister, who added there were ‘considerable threats' during the two-week games.
However, citing the emergence of tech-savvy terrorist groups like ISIS, he said that a ‘much bigger debate' is needed on how a cyber-attack could damage critical infrastructure and the economy.