Can The UK Learn From US Cyber Security Plans?

The Obama Administration’s announcement of a cyber security plan, has met with general approval, though one or two companies think it may have missed a detail or two.

In the UK, however, we wonder whether the announcement will provoke the UK government to get a bit more strategic.

George Osborne has said that Treasury systems are being attacked regularly by hostile agencies outside the UK, or by Anonymous-style ‘hacktivists’. “During 2010, hostile intelligence agencies made hundreds of serious and pre-planned attempts to break into the Treasury’s computer system,” Osborne said, adding that the Treasury is one of the top targets among UK government agencies.

Given that level of urgency, it is a shame that the government’s cyber security minister Baroness Neville-Jones resigned last week. Despite a peaceful changeover, and a move to a non-ministerial advisory role, there have been media reports that the peer, who is a respected security expert, felt her concerns were not being heard in the cabinet – even though the government’s funding for cyber security was increased last year, with £650 million going to a new cyber defence initiative.

In Europe, agencies have held a test of the critical infrastructure’s likely ability to cope with an attack.

Will the US wake up the UK’s security efforts?

The UK is certainly aware of the need for cyber defence: armed forces minister Nick Harvey spelt out the need for a “cyber battle plan” last year, and numerous conferences have gone into the need in some detail.

But some commentators still feel that the reponsibility falls unfairly on the private sector.

“We applaud President Obama’s proposed initiatives for improving the protection of the US’s critical infrastructure against cyber attack,” said Henry Harrison, technical director, BAE Systems Detica: “While both the US and the UK governments recognise cyber security as one of their top national security risks, the reality is that the majority of the challenge is borne by private sector companies that operate our national infrastructure and provide our national wealth generation.”

Expecting the private sector to take up the slack implies they will also foot the bill, is Harrison’s basic objection. “It can be difficult for private sector organisations to justify significant new investments in cyber security and explain countermeasures to shareholders on profit and loss grounds alone.” After all, we are talking about unlikely, but very serious events.

Harrison hopes that President Obama’s apparent awareness of the importance of the issues may inspire the UK government to formulate a more consistent response.

Time for data breach reporting

He also hopes – like many in the security industry – for the arrival of mandatatory reporting of breaches. The US  proposal has “called for  a federal data-breach-notification law”, which has been urged for some time.

Following the Sony hack, European Commissioner Vivienne Reding has also called for a European data breach reporting law.

Reporting incidents should be mandatory, even though this will increase work and embarassment for victims. It would also increase the pressure to lock up systems, including the critical infrastructure, before the worst happens.

The British government’s cyber defence strategy has shown quite promising signs of awareness, but still lacks overall coherence. Maybe the Obama administration’s plans will provoke our government to step up a gear.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago