Lord West, the UK's first cyber security minister, recently
announced that the new Cyber Security Operations Centre (CSOC)
hasrecruited former hackersto defend national security,
as part of the new government cyber security strategy aimed at
combating online attacks. This news should have us all questioning
whether the lunatics have finally taken over the asylum,writes Rob Cotton, CEO ofNCC
Group.
You have to wonder whether this is actually some kind of huge
joke. Aside from West's ridiculous rationale (or lack thereof)
behind this initiative - "If they [hackers] have been slightly
naughty boys, very often they enjoy stopping other naughty boys," -
we should be asking ourselves if we really want reformed criminals
defending our national security. If you used to get your kicks from
undermining national security, can you really be trusted to protect
it?
Companies that offer ethical hacking services, such as ours,
make sure their consultants are security vetted, This means clients
don't have to worry that the information we have about their
security provision will be sold on the black market. Why can't our
government extend the same courtesy to us? Working for CSOC should
require an allegiance to the country and the government beyond that
which a steady paycheque inspires. Call me old fashioned but I like
my criminals inside a jail cell, not defending the country.
I am sure that some hackers are skilled in breaking through
government defences but this doesn't automatically equate to the
same level of skill the other way round. It might sound boring but
a national cyber security outfit should be made up of professionals
who spend their days researching and dealing with real threats and
can respond appropriately to any potential dangers, not a bunch of
amateurs who would probably cause World War III by playing fast and
loose with international protocol.
In aiming to transform GCHQ into a spy school for geeks who are
more cunning than their Chinese counterparts, as outlined by Tom
Watson, former Cabinet minister in charge of digital engagement,
the government seems to be wilfully ignoring the wealth of
resources available in the UK at the moment. We have some of the
best IT security professionals in the world over here and to ignore
this kind of talent is deplorable.
It beggars belief that the best solution to a very real problem
the government can come up with is to start a grassroots
recruitment drive in the criminal community and highlights the
amount of thought the people at the top are putting in to cyber
defence strategies - apparently none.