As a business that provides information security and assurance services to individuals, businesses and organisations, we need to remain cognisant of our current and potential customers’ perception of our services, which includes our brand. Regency IT Consulting is a subsidiary of Cassidian CyberSecurity Ltd.
Alarm bells rang when we read an article in Infosecurity Magazine on 21st May 2013. The article unearthed a grievance with everything “Cyber” based in respect to today’s computing technology; this caused a stir in our boardroom. It was a momentary stir, before a complete feeling of relaxation where we took comfort in the fact that ongoing multi-government “Cyber strategies” were in place for the very same effect. We regained our composure secure in the knowledge that we were right and in good company, and normal business resumed.
Yes, the article quite rightly pointed out that the basis of the current use of the word “Cyber” has little correlation with its origin. To some the word may in fact be considered pretentious. We believe the word was given its new lease of life in the mid-to-late 2000s to provoke a Western reaction to the reality of “Cyber crime”.
We also believe this gave a sceptical public the smelling salts they needed to be convinced of the reality and, even back then, the ferocity at which “Cyber criminals” were conducting the business of “Cyber crime”.
The capability to affect a nation’s, a region’s or even international well-being by:
- undermining large-scale logistics programmes;
- affecting water/food supplies;
- fraud or identity theft;
- disrupting or denying the transfer of critical information;
- rerouting long-term under-the-radar or one-off large scale financial transactions; or,
- spreading and expanding the market for sordid pornographic images of vulnerable victims.
The UK Effort
In June 2009, Prime Minister Gordon Brown, at the time of the appointment of the UK’s first Cyber Security Minister, was quoted saying: “I think it would be very silly of any nation not to have an ability to use cyber space for the safety and security of its nation.” Along with this ministerial appointment came the establishment of the Cyber Security Operations Centre (CSOC) at the Government Communications Headquarters (GCHQ). Tom Watson, the then Cabinet Office Minister, added in favour: “There is state-sponsored hacking of key UK information networks on an industrial scale and we have to transform GCHQ into a spy school for geeks who are more cunning than their Chinese counterparts.“
The UK’s new “Cyber” drive followed the establishment of the US Comprehensive National Cybersecurity Initiative (CNCI) in early 2008 and the resulting appointment, by the then recently elected President Barack Obama, of an Executive Branch Cybersecurity Coordinator in May 2009. It was reported that cross party critics thought the UK move was a “pale imitation” of the US effort.
Although the UK, the US and many other individual governments have upped their “Cybersecurity” game in the past few years, there remains a gaping hole in our collective efforts to curb international “Cyber crime”. The “hole” is based on the fact that a crime is only a crime when a law is broken. In fact due to the lack of global collaboration, differing laws and jurisdictions around the world, political stand-offs or relational incompatibilities, no international “Cyber” law actually exists. So, a hacking attack on a UK company emanating from Asia, although may be prevented using the “Cybersecurity” techniques that we impart to our customers, will probably go unpunished. This problem is exacerbated by the advanced technical capabilities of today’s threat actors and the facilities that are available for them to use at little or no cost. These technical capabilities allow only moderately capable computer users to remain virtually anonymous and therefore largely elusive to the policing authorities.
The European Effort
A slowly-slowly approach is underway to remediate this situation in Europe. In January 2013 the European Cybercrime Centre (EC3) was established, which will go a long way to synchronize the European effort. This, in turn, is supported by the International Cyber Security Protection Alliance (ICSPA) and commitments such as Project 2020, through the collaboration of a combination of European law enforcement agencies and other organisations and professional companies such as our parent organisation Cassidian CyberSecurity. But with the largest mass of “Cyber-crime” in the UK, for instance, currently emanating from outside of the UK, and a large percentage of that from outside Europe, the majority of perpetrators are likely to continue their activities without restraint.
As recently as March 2013, US congress appealed for China to take part in dialogue to establish a global standard on state-sponsored / generated “Cyber espionage”, but these discussions are in their early stages and no commitment has yet been made. Although any agreement made is likely to reduce state-sponsored intrusions, it is not clear as to whether the scope of the ‘global standard’ in question will include any legal implications or pro-active policing of everyday non-state-sponsored border-crossing “Cyber crime”, or out-bound “Cyber terrorism”.
In reality the potential for “Cyber terrorism” is much more worrying than the crimes actually being committed in today’s “Cyberspace”. This is where human lives actually come under threat. We’ve seen examples of terrorist organisations gaining financially or boosting their reputation (through “Cyber crime”). “Cyber terrorism”, although not yet making the news in its rawest sense, has very real potential and the techniques being employed by today’s “Cyber criminals” will no doubt facilitate tomorrow’s “Cyber terrorists”.
The fact that the word “Cyber” and derivatives such as “Cyber space”, mean nothing more than the domain in which we communicate and transact using IT, is now not important. The fact that there is a common understanding amongst the English speaking (and wider) community of the need for security in this domain has given it a natural definition in the same way that we all know that the “Automotive” industry is concerned with cars and trucks and the like.
Sometimes, as individuals, we all need a prod to wake us up to what’s going on around us. We believe that the revitalisation of the word “Cyber” had the desired effect on public opinion. In addition it would seem, as an entity, it helped us to understand the efforts of our Government to keep us safe.