GCHQ made a series of recommendations to Government in the late 1980s that were largely ignored. It followed a growing number of warnings by trusted information and communications systems specialists from the early 1980s that were also largely ignored by politicians. The international work on trusted systems evaluation criteria from the 1980s that led to the International Common Criteria became a seriously missed opportunity. Very little has changed since then, other than the predictions from the early 1980s have been proven very accurate. The size of the risk is now significantly greater not just because professional and political hackers are a large and growing army, but because the task of technically closing technology vulnerabilities is very much greater and also rapidly growing – BRN Editor
The front page of the Telegraph this morning reports that keeping the UK safe from cyber-attacks is now as important as fighting terrorism, the head of the intelligence monitoring service GCHQ has said. Jeremy Fleming said increased funding for GCHQ was being spent on making it a “cyber-organisation” as much as an intelligence and counter-terrorism one. It comes after the NHS and parliament suffered cyber-attacks this year. Mr Fleming said there had been nearly 600 “significant” cyber-attacks needing a national response in the last year.
Commenting on this news is Mark James – Security Specialist at ESET:
It’s a sad fact of today’s life that we have to deal with attacks from all manner of foes- be it physical from terrorism or cyber from the digital world. It’s also concerning that both could be just as damaging; we often need a tangible foe for it to really hit home; cyber-attacks often do not fall into that category. For the average person it only affects their data online, be it personal or financial- for them it rarely has any bearing other than something someone else will resolve. But with so much or our physical world melding into the realms of apps and touch screens, the backbone of that infrastructure, if attacked, could cause far worse repercussions- utility companies, IoT, autonomous vehicles, governments and even our finances are going digital. A full scale organised attack on any one of those listed could cause havoc if successful, protecting those areas should be just as important as our physical concerns.
With so many companies connecting through the digital world it’s impossible to protect it 100%. As data enters and exits various points in the digital highway, it usually only needs to be authenticated once- if successful you have full control no matter where you originated from and as more companies integrate then the dangers increase, without proper defined security structure we are fighting a losing battle.”