Will GCHQ give more serious guidance than the FCC?

| No Comments | No TrackBacks
| More

This morning's announcment of a GCHQ initiative to help British business improve its cybersecurity was damned with faint praise in a FIPR "alert". They queried whether its guidance would amount to much more than that issued by the US Federal Communications Commission. I do hope it will not repeat the falsehood that 80% of the threat can be handled by "good house-keeping", i.e. keeping anti-virus et al up-to-date. The ceased to be true a couple of years ago, if it ever was.

Yesterday at the end of my blog on the first meeting of the pre-legislative scrutiny of the surveillance bill, I commented on the need to stop confusing the skills needed to update the UK's cyberwarfare capability with those needed to protect business and rebuild confidence in the safety, security and resilience of the on-line world. I should have qualified that statement.

There is an overlap - but it is in a taboo area.

Our cyber-warriors and those of the US and Isreal (and probably also those of Russia and China) have long been working on tools (e.g. those inside Flame and its more sophisticated counterparts), for covertly penetrating and exploring on-line systems in order to cause damage (e.g. Stuxnet) or loot their contents (e.g. the thefts from US transaction processing and payment clearing operations). Those tools, which current generations of anti-virus et al do not detect, are increasingly being used to steal customer files (including passwords, certification and authorisation details  etc.) from on-line retailers and commercial secrets (including from the research and development operations of pharmaecutical and on-line gaming companies as well as from defence and aerospace).

Is GCHQ going to share its expertise in detecting and blocking those tools?

More-over is it going to support the effort necessary to mandate the use of security by design across the public sector (and its suppliers) and to support its adoption by major private sector players so that we stop the development of new applications which incorporate 20 and 30 year old vulnerabilities?

If so, we really will have cause to celebrate. Such co-operation could indeed help catapult the UK into poll position as a location in which to base globally trusted on-line operation.          

 

Enhanced by Zemanta

No TrackBacks

TrackBack URL: http://www.computerweekly.com/cgi-bin/mt-tb.cgi/47043

Leave a comment

About this Entry

This page contains a single entry by Philip Virgo published on September 5, 2012 11:27 AM.

Enjoy your right to surveillance on the scrutiny of the surveillance bill was the previous entry in this blog.

CESG has indeed produced a readable and succinct "Executive Companion" to Cyber Security is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

 

-- Advertisement --