Speaking at the Westminster eForum event in London on Tuesday, Beckett – a Labour MP and chair of the National Security Strategy Committee – looked at the first National Security Strategy introduced 2010, and urged the government to implement new changes when the first draft of the next version is introduced in 2015.
Four years ago, the first National Security Strategy (NSS) was released shortly before the General Election. It was worked on by 22 members, including peers, former ministers, senior members of the military, and leaders in industry, as well as the national security advisor and the prime minister.
Beckett said that the strategy has a ‘very broad view of what national security means' – such as national security, energy, climate change, terrorism and policing. “It has a traditional focus but cyber falls across many of these [areas],” said Beckett.
“Over the time we've been working, cyber security has been high profile, and it was identified back in 2010 as a tier-one risk,” said Beckett, who expects this to continue, especially if the Serious Crime Bill goes ahead.
But she warned that the onus is on the government to keep up with the advancing world of cyber-crime, noting the increasing proficiency of cybercriminals, emerging technological changes like contactless payments and social media, and the subsequent changes these can have on lifestyle.
Beckett said that the government must engage in some “long term thinking on cyber protections” and stressed that next NSS – due to come into force in 2015 – must be improved again, with a special focus on the energy sector and critical infrastructure.
This warning came hours after Symantec revealed that a group of hackers known as ‘Dragonfly' had compromised more than 1,000 energy companies in North America and Europe.
The MP said that there had been a “rush” to get the NSS out in time for the 2010 election and while deeming some of the proposals “unsatisfactory” said that these errors “shouldn't be repeated.”
She doubts whether the next version will be introduced before the next election, with the PM giving evidence in January that the government had no intention of doing so. “But he also made clear during this period that cyber security has benefitted from increased investment, and was clearly going to be one of the key issues of NSSc – there's no question at all of it falling from the top level of risk.”
“We repeatedly urged the government to begin early preparation for the next National Security Strategy, but sadly, we have seen little evidence that this work has seriously begun,” said Beckett.
Going forward, Beckett has called for the NSS to be challenged by outside parties, and for cyber to be embedded in our thinking. The cyber security skills gap should also be addressed on a national level, she said, while the strategy should address the UK's position in the world in relation to the US and EU.
“Cyber needs to be embedded in all our thinking. When there are major crises, we do tend to turn to the armed forces. It is not at all clear that the preparations the armed forces have made stretch beyond cyber security concerns of their own.”
Dr Alastair MacWilson, chair of the IISP and now principal of The Chertoff Group, was consulted in the drafting process of the NSS in 2010 and admitted to being unimpressed with the proposals at the time.
“I have to say, I did not think much of it then, as I thought it was very review-looking, but I watched it quickly sink into oblivion,” MacWilson told SCMagazineUK.com.
“Seeing Margaret Beckett's comments and the various headline reactions to her views is interesting. She has a point – four years is a very long time in the cyber security world”.
“The need to refresh - totally re-write - the strategy to reflect the changes since 2010 is pretty important. Changes such as new business and government directions, the evolution of new technology fuelling the digital agenda and, of course, the massive growth in vulnerabilities and those that exploit those weaknesses, have dramatically changed the game. This will all make the first NSS look very tired and lacking in current relevance.”
But he added: “She does miss the point, however, if she is asserting that the first NSS was fit for purpose and a version two, as an evolution of that, is desperately needed. In my view, what is badly needed is a complete rethink on what the NSS should cover, and its content and recommendations should be realistic and implementable. NSS 1.0 was none of those things.”