Encryption is not being deployed fast enough according to a leaked document from the US National Intelligence Council reported by the Guardian newspaper today, contradicting PM David Cameron's calls yesterday for governments to stymie encryption so as to be able to access all communications.
As a result of slow uptake, both government and industry are vulnerable to cyber-attacks from Russia, China and criminal gangs says the report, a five-year forecast written in in 2009.
The Guardian says that the report – believed to be part of the cache given to the paper by Snowden - describes the failure to keep up with cyber-attackers as being largely “due to the slower than expected adoption … of encryption and other technologies.” The newspaper also says the report was shared with GCHQ and put on its intranet.
Encryption is described in the report as the best defence to protect data, especially combined with multi-factor authentication. Otherwise, it says that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries”.
On the positive side, it says: “We assess with high confidence that security best practices applied to target networks would prevent the vast majority of intrusions.”
Official UK government security advice still recommends encryption, despite end-to-end encryption making surveillance by government agencies far more difficult.