It’s good to read that the UK Government is finally waking up to the fact that cyber attacks are a serious threat to the nation. In fact it’s always been so. Why? Because we don’t build secure platforms and application systems. And we expect users not to create breaches.
The answers are simple, but unlikely to be implemented. First, we must mandate that all important systems are designed from the outset to be resistant to attacks. And, second, we must take account of human error and built appropriate compensating controls into systems.
The safety field discovered these truths many decades ago, and acted on then. Unfortunately, the security community prefers to keep its head in the sand.