The London tech industry must bridge the divide between innovation and security
The London tech industry must bridge the divide between innovation and security

London mayor Sadiq Khan is on the hunt for London's first ever chief digital officer (CDO), according to an article in the London Evening Standard this week. 

It fulfills a manifesto commitment he made to increase “digital inclusion” and promote growth in the sector. 

The CDO will also push common standards and support the Greater London Authority in developing policy around digital issues.

Oxford Economics, a forecasting company associated with Oxford University, says that London is home to more than 40,000 digital tech firms employing approximately 250,000 people. A third of them have been set up in the past five years and it predicts 12,500 more will be created by 2025.

Great news for the London tech industry, but where will cyber-security fit into this job description?

We know that the tech industry is notoriously bad at securing its products. Mark Weir from Fortinet, in an Executive Insight piece for SC Media UK, draws attention to the fundamental problem of securing the rapidly growing internet of things (IoT). Each new “thing”, he says, comes with its own operating system – how do we knit them together in a secure way?

And it's widely recognised that security comes late in the product development process, often bolted on at the end, precisely the worst possible time in a project to start thinking about security.

Even products designed as security devices don't always deliver on the promise of providing better security, as witness the recent news about the nomx email server.

Meanwhile, cyber-crime is soaring. The British Crime Survey found in 2015 that the incidence of cyber-crime had overtaken physical crime. That was of course the first year that cyber-crime had been included in the statistics, but the hypothesis is that many traditional crimes have gone online as criminals have discovered just how bad security is.

Cyber-crime is, of course, being addressed by government and police. The Metropolitan Police Service (MPS) has set up Operation Falcon to combat cyber-crime in London, and the government established the National Cyber Security Centre (NCSC) just last year to help increase cyber-security for government, critical national infrastructure and business.

But as the NCSC's technical director Ian Levy and others have noted, one of the biggest problems we have with cyber-security is the raft of products coming onto the market that have inadequate security. Let's be clear, by inadequate, we often mean ‘none to speak of'.

Levy and others have banged the drum for products to be secured by design, based on a successful police initiative to get the designers of buildings – everything from car parks and factories to office buildings and homes – to think about security when designing their premises.

The NCSC proclaims its mission to be making Britain the safest place to do business online, and if we are serious about joined up thinking in our various government bodies, we need to ensure that the new chief digital officer for London takes this ethos on board.

He or she needs to push the message to the 40,000 tech companies in London that security is their customers' problem and therefore it is their problem too – that they need to start making their products secured by design.

Imagine what that would mean if it worked: London (and by extension the rest of the UK) could develop a reputation for producing tech that is not only innovative but is also inherently more secure than all the rest.