Every hour Britain is targeted by up to 1,000 cyber-attacks. Hackers and foreign spies try to steal banking passwords and map the country?s critical infrastructure. Success is not unusual. Early this year, an attack cost a business in London ?800 million. Cybercrime will cost the UK in 2012 an estimated ?27 billion.
Despite the risk, a number of reports have revealed that most businesses skimp on funding cyber security and almost half of them are exposed to attacks. Should this make Government consider forcing companies to comply with mandatory minimum security requirements?
Speaking Business Technology, David Clemente, research associate on international security for Chatham House, said: ?The idea has been talked on and on for a very long time and some parts of it makes a lot of sense.?
?Government can step in and say to certain industries that it is going to regulate them more heavily because of the impact they would have on society if something went wrong with them. The problem with mandatory standards is that enforcement is normally beyond the ability of any single government department, especially when we are talking about critical infrastructure.?
He added: ?Threats of mandatory standards are normally just that: threats. The industry would scream at all that is made mandatory. Any standard that is made mandatory will face a very steep uphill battle against large private sector entities.?
Hackers and foreign spys are trying to map UK?s critical infrastructure.
Enforcement is not the only argument against the government using legislative red tape to ensure personal data, intellectual property and national secrets are safe from the hands of hackers.
??There are already many business practices and standards which are controlled by laws?, Denis Edgar-Nevil, chair of BCS Cybercrime Forensics SG, said.
?More legislation might result in such restrictive practices that companies would find it harder to compete in international markets, they might be burdened with the costs of introducing new ways of working, such as training, management, certification etc.?
?This would have to be balanced by the potential gains in cyber security which might result. We might feel safer by imposing new standards, but it needs to be balanced with what actually changes as a result,? he added.
The debate about mandatory cyber security requirements has emerged recently in Canada. According to some reports the Government was advised to consider such an option after an internal report revealed businesses are not investing enough in cyber security.
In the US President Barack Obama put forward last year a proposal that would have given the US government the power to enforce minimum standards on companies running power plants, air traffic control systems, dams and similar facilities. Republicans opposed the proposals and they were watered down.
Obama is ready to sign an executive order, according to the Associated Press.
Obama put forward a proposal to enforce standards on critical infrastructure.
The UK faces similar challenges. British officials have recently warned that Britain?s national power and water infrastructure is the target of attacks by foreign computer hackers.
The Government is pouring millions into protecting its own computer systems, but a number of reports have revealed cyber security is underfunded in the private sector.
A recent survey by the University of Lancaster has shown that more than half small businesses have no cyber security policy in place. A report by antivirus specialist Kaspersky said that cyber security measures being taken by business are ?woefully inadequate?.
The discussion comes as Government is finishing an overhaul of its one-year old Cyber Security Strategy. Minimum security standards are not being considered.
In a statement submitted to Parliament, last week, Cabinet Office Minister Francis Maude said a cyber-reservists team will be established alongside a new computer emergency response team. ??
Maude also pointed out how this will help enhancing public partnerships with businesses.
Most expert and analysts agree the government is taking the right path but wait and see.
?It is nice to use the word partnership but when you dig a bit deeper on what you mean the conversation becomes difficult?, David Clemente said.
?I think the most progress is not necessarily going to come from the government imposing new standards on the industry, it would probably come from industry getting together and agreeing some of this standards, perhaps in consultation with government, but not mandated by government.?
David Garfield, Managing Director Cyber Security, BAE Systems Detic said: ?The balance that the Government must strike is ensuring that businesses adhere to adequate levels of protection, without compromising on their ability to operate efficiently.??
?Closer public-private collaboration is key to getting the balance right, and the strategy outlines a number of steps that should hopefully increase engagement with and responsiveness to emerging threats.?
A number of surveys revealed almost half British SME?s are vulnerable to attacks.
Rather than legal measures, experts argue accreditation and guidelines can help improving businesses? standards and raising awareness for cyber security threats.
?In the highest risk areas, accreditation will play a part in providing consumers of these products an ability to gain some confidence in their security whilst understanding the premium they will be paying?, Garfield said.
?Instead of having requirements I think we have to go down in the route the Security and Exchange Commission in the US is going, starting with guidelines on what is a good set of requirements [on cyber security], making sure that people understand that they have information and that is their best interest to protect information?, Guy Bunker, senior VP of Products at Clearswift, said.
?They have done a kite mark for the large incident response organization. They could produce a white paper on how these are the things companies need to have: an antivirus, a firewall? They could go a step forward and say what would be a good service provider.?
Raising public awareness about threats may also be a way to force businesses to invest in cyber security.
?As general consumers become more concerned where their data is going, it will be easier to gather momentum for calls to develop security software and hardware. This is a relatively slow process, but it might have some impact as citizen groups are formed globally?, said Clemente.
For the industry, other than imposing security standards, education and skills are the major concern as they face a shortage of labour.
?Currently we produce a relatively small number of Forensic Computing/Computer Security graduates ? well below the potential demand,? Edgar-Nevil said.
?The solution is for universities to work more closely with companies to create qualifications more directly to career paths. The Government has been doing this on a small scale but it has to be a more widespread approach to send the very clear message to the public that courses in this area mean jobs.?
Despite criticism, one year into the government strategy, analysts agree there has been improvements but warn against difficulties of implementation.
David Clemente said: ?The first strategy was all they wanted to do, very broad, but as it went on each version become more specific. While they might not have the answers to a lot of the questions they have an idea of the right questions to ask, which is important.?
He added: ?We can see improvement in the strategy; whether that actually happens on the ground is a bit different.?
David Garfield?said: ?The UK?s strategy is still going through a process of implementation. ?What we have is a clear set of goals and, actually, a surprising amount of detail about how these are going to be addressed. But implementation is not going to occur overnight ? there is a transition period and things aren?t as unified as they used to be.?
He added: ?The UK as a whole is progressing well against its strategy and has a very mature approach in comparison to other nations.? For example, Booz Allen Hamilton?s Cyber Power Index of the G20 countries places the UK first in its ability to withstand cyber attacks and deploy the appropriate infrastructure for a productive economy.?
David Cameron pledged ?650 million to fund cyber security over the next four years.
Cyber attacks are one of the four top threats to national security.?Last year David Cameron pledged ?650 million to fund cyber security over the next four years.
In 2011 the UK spent an estimated ?3 billion building up cyber protection and responding attacks from hackers.
Edgar-Nevil said: ?Certainly we are spending a lot of money. The value of an approach is the protection it delivers.?
?Poor plans become self-evident when apparently foreseeable problems occur which have not been addressed. Good plans are harder to assess but become clearer only after a long period of time when no problems occur. Even then ?good? plans can be considered ?bad? insomuch as they cost a lot of money which might have been better spent elsewhere ? we used a sledgehammer to crack a nut.?
He added: ?At the end of the day ? only time will tell if the strategies, levels of expenditure and approaches achieve a safer cyber world.?
2013 nissan altima masters par 3 contest google augmented reality glasses wonderlic test texas tornado fantasy baseball jared sullinger
No comments:
Post a Comment