UK gets cyber-security chief
An unnamed “very senior military officer” has been appointed to head the UK Government’s cyber-security operations. He’ll have a £650m budget to play with, the amount set aside for the new Defence Cyber Operations Group.
Let’s hope he has more of a clue about cyber-security than Foreign Secretary William Hague.
Back in February, Hague prattled on about how the UK’s government and defence organisations were under sustained cyber-attack. To listen to him you’d think that a virtual World War Three had broken out. Apparently he’s unaware that the kinds of attack he described - social engineering emails attempting to fool users into installing the Zeus trojan, or maliciously formed PDF files - are a daily occurrence for most businesses.
“Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common,” he said. Well, welcome to the 21st Century, William.
Hague’s schoolboy hysteria aside, cyber-attack against installations of national importance is an important issue, and it’s about time the UK had someone to co-ordinate efforts to protect the country. This isn’t an easy task, though perhaps a little simpler in the UK than in the US. Over there, paranoia about government interference in private business runs so high that attempts to create unified or coherent defences are practically strangled at birth.
There’s no way of knowing whether the new cyber-chief has a solid grounding in infosecurity. Does this matter?
“Presenting this kind of role to someone who is not a professional in information security could have potential positives and negatives,” says Graeme Stewart, public sector business development director at Sophos. “If the appointed person has no experience in this field, they will have the ability to apply a pragmatic approach to the task at hand, that is not coloured by dogma or industry hype. They’ll also be able to draw upon previous experience from the military, such as the handling of mission critical information, and they will understand the cost of poor information handling and the real cost of system (both procedural and IT) failure. The potential negative, however, is that information and cyber security is a highly specialised topic requiring a great deal of technical knowledge and understanding. It’s a complicated subject to get to grips with.”
Quite.
