UK could get cybersecurity czar

Britain's cybersecurity arrangements will receive intense scrutiny from government agencies when the final report on Digital Britain is published in June.

Britain's cybersecurity arrangements will receive intense scrutiny from government agencies when the final report on Digital Britain is published in June.

The flooding of a key BT 21st Century Network (21CN) switch last year by a blocked storm drain, which raised concerns about the resilience of the UK's communications networks, has prompted new concerns about cybersecurity.

The event prompted a rethink in the Cabinet Office, and may lead to the appointment of a national cybersecurity czar, similar to the US.

It has also led to a re-evaluation of the threats posed by cyber-espionage, with national cybersecurity expected to be highlighted in the next National Security Strategy document now in preparation.

The original strategy document, published in March 2008, mentioned the threats posed by spies, terrorists and criminals via the internet, but there was no specific mention of action to deal with them.

However, government has taken steps to reduce its exposure. It is reducing the number of points through which government computers access the internet. Most civilian access points are being consolidated into the Government Gateway and Directgov portals. This follows revelations two years ago that thousands of government computers and websites were essentially open to the internet.

This is in line with moves in the US to have fewer systems open to the internet. Further measures are expected when President Obama announces the results of a 60-day cybersecurity review, possibly this week.

MI5 director general Jonathan Evans also wrote to the top 300 UK firms in November 2007, warning of the threat posed by the internet.

National Security Strategy 
The National Security Strategy published just over a year ago noted the use of modern telecommunications tools by other states, terrorists and organised criminals, but failed to give explicit guidance on counter-measures.

"The degree of structure and level of professionalism exhibited by those groups vary, but they often work together, exploiting modern travel and communications (especially the internet) to share information, personnel and training, and to spread a common ideology. This allowed them to work together in ways that were not possible in the past," it said.

"The UK does, however, remain subject to high levels of covert non-military activity by foreign intelligence organisations," it said. "A number of countries continue to devote considerable time and energy to trying to obtain political and economic intelligence, and trying to steal sensitive technology on civilian and military projects. They increasingly combine traditional intelligence methods with new and sophisticated technical attacks, attempting to penetrate computer networks through the internet."

The main threats were:

  • Terrorism
  • Nuclear and weapons of mass destruction
  • Trans-national organised crime
  • Global instability and conflict, and failed and fragile states
  • Civil emergencies
  • State-led threats to the UK
  • Challenges to the rules-based international system
  • Climate change
  • Competition for energy
  • Poverty, inequality and poor governance
  • Global trends, such as the banking crisis


Read more on IT risk management