Yesterday the government brought out the Cyber Security
Strategy, writes Stuart Oakin. On first glance the cynic inside me
asked "what has changed?".
The "new" Office for Cyber Security (OCS) looks to have a very
similar role and responsibility to the current Central Sponsor for
Information Security (CSIA), which also sits within the Cabinet
office. Could this just be a renaming of a current department?
The "new" Cyber Security Operations Centre (CSOC) seems to be an
acknowledgement of the existing services provided already by GCHQ.
So on the surface nothing has really changed.
The optimistic side of me is saying the government has now
recognised the importance of the internet in our lives and the real
threat that any disruption could have, and that they are about to
invest further in terms of people and funding to protect this
important asset. Therefore, although this may be the renaming of
existing organisations, at least the government is going to invest
further in this important area.
Saying all that, I do feel we may have missed an opportunity.
When reading the strategy paper, it becomes obvious that the
authors have taken an internal view, that is how government needs
to organise itself to get ready to protect cyber space. I believe
there could have been a lot more in the paper about the strategy
which is outwardly facing in nature, that is, how government will
help citizens and business.
Indeed, if you go to the end of the paper, to the FAQ and read
the response to "How do I report an online crime or identity
theft?", the answer is to contact your bank, consumer direct,
Office of Fair Trading, APACs or in the near future the National
Fraud Reporting Centre. This is exactly the sort of problem people
face today when dealing with an incident - they don't know who to
turn to.
The Cyber Security Strategy could have offered a little hope
that, not only is the government going to be protecting us behind
the scenes, but it will also offer us additional support at the
front line. Anyhow, I have decided to be optimistic and accept this
is an important step on the information assurance journey, and that
the government has recognised the need to invest further and become
a proactive change agent.
Stuart Okin is
the MD of security consultants, Comsec.