New report slams the UK's approach to cyber-security
A new report from Chatham House has slammed the government and businesses in the UK for failing to take seriously the ever-growing threat of cyber-crime. The report's executive summary points out that much of modern life is dependent on information technology, including government machinery, critical national infrastructure (utilities, communications, banking) and many aspects of people's private lives. It claims that attitudes and investment fall far behind what is needed to meet the mounting threats.
The report points out that although the October 2010 Strategic Defence and Security Review raised cyber-security to a "Tier One risk to national security" and allocated £650 million to cyber-security, this sum falls short of what would be needed for "the government to counter all conceivable cyber threats and that, in any case, the vast majority of critical infrastructure in the UK is privately owned". Of that sum of £650 million, only about one fifth of it is allocated to infrastructure.
The report is based on a series of interviews with communications officers and IT department representatives in relevant organisations. Its main finding is that there "appears to be no coherent picture or sense of what constitutes a vulnerability, or of the likely severity of the consequences of that vulnerability." Many of those interviewed "still seem largely uninformed about the nature of cyber threats to their businesses". They also express concern that there is no centralised understanding or sharing of information regarding the risks to the UK infrastructure, that the UK government is more "willing to solicit information than to divulge it" and that there is "little sense either of governmental vision and leadership".
The report gives a list of recommendations, the main thrust of which is that there should be a concerted effort shared between government and those organisations involved in the country's critical infrastructure. This should identify the dependencies and vulnerabilities in the infrastructure, identify the organisations involved, and take a collective approach to addressing the problems.
The final point made is that the UK needs to develop a national cyber-security culture, in which there is a greater awareness among organisations and private individuals of the risks involved and the best practices that will help control them. Government and industry will need to work together in developing such a culture.
In its news item on the Chatham House report, the BBC has reported that the UK "government is expected to announce a revised cyber security plan next month".
- UK to step up cyber defence capabilities, a report from The H.
- Report: cybercrime costs UK economy £27 billion per year, a report from The H.