British Politicians Need To Better Understand Cyber Security

Given the public perception that politicians are a bit clueless on tech/security issues, UK-based cyber security/ethical hacking firm Redscan decided to poll all 650 UK MPs to understand their thoughts on the cyber security threats facing UK businesses. When it comes to the issue of cyber security, recent history doesn’t reflect too kindly on politicians. 

Last November, the Japanese minister of cyber security made headlines for admitting to never having used a computer, while in 2017, Donald Trump claims to have discussed ‘forming an impenetrable cyber security unit’ with Vladimir Putin of all people.  Closer to home, Diane Abbott, the British Shadow Home Secretary, campaign in which hackers could’ve gained control of her PC and accessed all its contents.

The truth is that politicians don’t have a reputation for being particularly security-savvy. This is something we have largely come to accept today, but should we? After all, it would be outrageous for a transport minister to say they didn’t understand the highway code, or if the foreign secretary couldn’t locate Canada on the world map.

While we should not expect politicians to be cyber experts, their decisions influence our digital safety, privacy, and online freedoms. As such, we should expect MPs to have at least a core understanding of cyber security issues, just as they should know about any matter that affects their constituencies, be it healthcare, education or law enforcement. 

As we digitise more of the critical services that underpin our society, such as transport, energy, and possibly even our election process, cyber security will become even more entwined in politics.

To that end, Redscan, a British cyber security company, recently polled the UK’s 650 members of parliament to understand where they believe cyber security should rank among the concerns of businesses. Chi Onwurah, MP for Newcastle Central, is among the most well-informed voices in Parliament when discussing technology matters, and says that earlier in her career, colleagues were extremely naïve to the scale of the cyber security threat.

“When I was Head of Telecoms Technology at Ofcom, said Onwurah. “I was asked to look at internet security. When I came back with tales of bot attacks and honey traps, DDoS and white hat wizards, Trojans and worms, phishing and pharming, I was greeted with understandable scepticism. It was as if I was describing a war in a galaxy far, far away. 

“But I knew it was just a matter of time before cybercrime went mainstream. Unfortunately, I was right.”

Fortunately, not all MPs today are as dismissive of the cyber security threat as they may have been in the past. Sir David Amess provided an example from his constituency in Southend West, where he described “cybercrime having a devastating impact on individuals and businesses.”  Amess spoke of a not-for-profit organisation being bankrupted as the result of a data breach, an all-too-familiar occurrence in recent years.

MPs themselves are not immune to suffering data breaches. Onwurah explained how her office was a victim of a cyber-attack, but fortunate that it did no real damage. “As an MP’s office we had a big department supporting us and there was no compromise of constituents’ data,” Onwurah remarked. 

“If we had been a small business, we wouldn’t have had access to that kind of support, and it could have put us out of action for a lot longer.” This is undeniably true, as data breaches have become extinction events for many businesses.
Madeleine Moon, MP for Bridgend, was quick to suggest a key reason why data breaches are now such a regular occurrence.

“Most staff don’t see cyber security as the reason they come to work, or their responsibility,” she said.

“As citizens we don’t leave our doors and windows open, trusting the police will protect us from burglars. In our online world, everyone needs to understand and follow basic rules to protect our data, our passwords and our networks. We need to learn to close those online doors and windows into our systems.” This is a fitting analogy. 

Unfortunately, people who set secure, unique passwords and activate additional security measures such as two-factor authentication are in the minority. 

Moon’s sentiments were echoed by Meg Hillier, MP for Hackney South and Shoreditch, saying “The UK has a huge challenge to step up to the level of cyber security necessary to be protected against current day threats. There is a severe current and future shortage of essential skills in this area.”

This may, in fact, be the crux of the cyber security challenge. Industry experts report a shortfall of almost 3 million cyber security workers globally, as cyber security threats continue to outpace the number of new applicants to the industry. Hillier is right, we must find a way of reversing this trend before it is too late.

Looking forward, Steve McCabe, MP for Birmingham Selly Oak, wanted to raise the issue of policing cybercrime. “I feel very strongly that there should be a requirement for mandatory reporting of cybercrime by banks and other businesses to the police. There is also a need for a cyber health check, perhaps on an annual basis, to ensure that staff and businesses are treating the issue seriously.” Likewise, Peter Dowd, MP for Bootle, said 

“The crucial issue of policing resources and awareness to tackle cybercrime is one that requires more open debate.” As cybercrime continues to rise in scale and complexity, the issue of how we secure our digital spaces, whilst protecting privacy and online freedoms is not something we have worked out yet. Not even close.

What’s clear, is that the cyber threat to businesses can no longer be dismissed as trivial, as some industry leaders and politicians once did. 

In the face of a rapidly evolving digital landscape, with threats becoming increasingly advanced, we need our politicians to understand the issues and risks at play. We need them to use their influence to raise awareness amongst business communities and shape cyber security national policy that is fit for the future.

Information Age:

You Might Also Read:

British Cyber Security Strategy Is ‘Chaotic’:

 

 

« The UK Needs Data Driven Policing
The Brexit Shaped Gap In UK Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

AVR International

AVR International

AVR educate, advise, analyse and provide professional, technical consultancy and support to ensure your business is safe, compliant and protected.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

CBIT Digital Forensics Services (CDFS)

CBIT Digital Forensics Services (CDFS)

CDFS is Australia’s premier supplier of digital forensic tools, industry-embedded training and certification to Law Enforcement, Government, and Corporate Enterprise.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.