As all working within the arena will have noticed, the Cabinet Office yesterday released its cyber security strategy.
Whilst we of course welcome the Government’s move to implement the strategy, I am still concerned about whether the move will be robust enough to shift thinking and bring cyber security from the periphery to the core of national security considerations.
The power went out at Intellect HQ last week. No servers, no email, no phones and no coffee machine. The office ground to halt. Although it was nice to see people’s faces rising from their screens and hear the level of natter rise, it was a reminder of the hazards of national reliance on information infrastructure.
The UK is a net-enabled society. Our businesses are technology junkies, becoming ever more reliant on networked infrastructure as the years progress. And rightly so – with the use of technology we are have been able to develop our economy, improve our national health system, our security services and our police systems.
It was only yesterday I was reminded about the perils of national digitalisation whilst sat in an Intellect cyber threats group meeting. When you talk to people working in the security and resilience field, it really does drive home the importance of backing up our national move towards a digital economy with the correct processes and contingency plans to hold the system up when things go wrong.
And things really do go wrong. Hackers can bring down government websites and disrupt access to public services and power outages from manmade or natural disaster can bring businesses to their knees.
In January this year BERR and DCLG released their interim Digital Britain report. Intellect supports the move towards digitalisation and the benefits it can bring to citizens. But this move must not be made blindly – Government must consider that a move towards a digital nation means that appropriate security and resilience measures need to be put into place to ensure that new infrastructure is robust. Loss or denial of that infrastructure, whether intentional or accidental has a number of nasty consequences that can be mitigated with thorough scenario planning and appropriate security and resilience considerations. To be fully effective, security must be considered as an intrinsic part of the process, not simply an afterthought when things go wrong.
p.s title is reference to a Satnogold song about power outages - for a musical accompanyment to your blog reading please feel free to listen here
There seemed to be less suspicion amongst commuters on the London Underground this morning as the papers reported a slow-down in the spread of the Mexican swine-flu outbreak.
Having been party to discussions on pandemic flu in my role as Defence and Security Programme Exec, I knew that a full blown outbreak could be devastating. With only a third of workers off sick, business would grind to a halt, money would run out at cash points, supplies would run out at shops in under two days and hospitals would be overwhelmed. For the moment we have got off lightly, but pandemic flu remains at the top of the Governments security concerns, above natural disaster and terrorist attack.
So in one sense swine-flu can be seen as a blessing – it is a timely reminder of what could be, and a prompt for Government agencies, organisations, businesses and citizens to work together to prepare in earnest for a pandemic.
Some good work is being undertaken by business continuity experts and voluntary organisations to prepare for such eventualities, but as always, more must be done.
What is often forgotten, and should be addressed in the post swine-flu fallout is the use of technology to improve emergency response. As we have seen this week, timely information is key to directing emergency responses, and in the case of flu-outbreaks requires multi-agency, international communications. These communications are currently hampered by a lack of information standards, and any detailed testing or analysis of the adequacy of national and international information flows in emergency situations. Work must be undertaken with the technology community to ensure that in the case of a sustained pandemic outbreak, the right people have the right information to act in time to save lives.