Lord West, the UK's first cyber security minister, recently announced that the new Cyber Security Operations Centre (CSOC) has recruited former hackers to defend national security, as part of the new government cyber security strategy aimed at combating online attacks. This news should have us all questioning whether the lunatics have finally taken over the asylum, writes Rob Cotton, CEO of NCC Group.
You have to wonder whether this is actually some kind of huge joke. Aside from West's ridiculous rationale (or lack thereof) behind this initiative - "If they [hackers] have been slightly naughty boys, very often they enjoy stopping other naughty boys," - we should be asking ourselves if we really want reformed criminals defending our national security. If you used to get your kicks from undermining national security, can you really be trusted to protect it?
Companies that offer ethical hacking services, such as ours, make sure their consultants are security vetted, This means clients don't have to worry that the information we have about their security provision will be sold on the black market. Why can't our government extend the same courtesy to us? Working for CSOC should require an allegiance to the country and the government beyond that which a steady paycheque inspires. Call me old fashioned but I like my criminals inside a jail cell, not defending the country.
I am sure that some hackers are skilled in breaking through government defences but this doesn't automatically equate to the same level of skill the other way round. It might sound boring but a national cyber security outfit should be made up of professionals who spend their days researching and dealing with real threats and can respond appropriately to any potential dangers, not a bunch of amateurs who would probably cause World War III by playing fast and loose with international protocol.
In aiming to transform GCHQ into a spy school for geeks who are more cunning than their Chinese counterparts, as outlined by Tom Watson, former Cabinet minister in charge of digital engagement, the government seems to be wilfully ignoring the wealth of resources available in the UK at the moment. We have some of the best IT security professionals in the world over here and to ignore this kind of talent is deplorable.
It beggars belief that the best solution to a very real problem the government can come up with is to start a grassroots recruitment drive in the criminal community and highlights the amount of thought the people at the top are putting in to cyber defence strategies - apparently none.