Yesterday the government brought out the Cyber Security Strategy, writes Stuart Oakin. On first glance the cynic inside me asked "what has changed?".
The "new" Office for Cyber Security (OCS) looks to have a very similar role and responsibility to the current Central Sponsor for Information Security (CSIA), which also sits within the Cabinet office. Could this just be a renaming of a current department?
The "new" Cyber Security Operations Centre (CSOC) seems to be an acknowledgement of the existing services provided already by GCHQ. So on the surface nothing has really changed.
The optimistic side of me is saying the government has now recognised the importance of the internet in our lives and the real threat that any disruption could have, and that they are about to invest further in terms of people and funding to protect this important asset. Therefore, although this may be the renaming of existing organisations, at least the government is going to invest further in this important area.
Saying all that, I do feel we may have missed an opportunity. When reading the strategy paper, it becomes obvious that the authors have taken an internal view, that is how government needs to organise itself to get ready to protect cyber space. I believe there could have been a lot more in the paper about the strategy which is outwardly facing in nature, that is, how government will help citizens and business.
Indeed, if you go to the end of the paper, to the FAQ and read the response to "How do I report an online crime or identity theft?", the answer is to contact your bank, consumer direct, Office of Fair Trading, APACs or in the near future the National Fraud Reporting Centre. This is exactly the sort of problem people face today when dealing with an incident - they don't know who to turn to.
The Cyber Security Strategy could have offered a little hope that, not only is the government going to be protecting us behind the scenes, but it will also offer us additional support at the front line. Anyhow, I have decided to be optimistic and accept this is an important step on the information assurance journey, and that the government has recognised the need to invest further and become a proactive change agent.
Stuart Okin is the MD of security consultants, Comsec.