Exaggerating Cyber Threats Undermines Policy Making

Uploaded on 2020-09-22 in GOVERNMENT-National, FREE TO VIEW

Cyberspace is not secure and our effective analysis of the potential and security issues needs genuine vigilance, but the the threats to government of cyber attacks has been overplayed. 

Many of today’s policymakers grew up when computers were rarely used with only limited digital know-how.  This older generation has focused upon cyber threats and this has been over exaggerated in the news according to a recent senior UK government official, Ciaran Martin

Speaking at a recent public event, Martin (pictured) said no one has been killed by a state-sponsored or terrorist cyber attack to date and that, after three decades of warnings, a catastrophic cyber security event has yet to occur. 

Martin has also argued against the idea that there has been Russian interference in elections and he said there was no evidence of interference in the Brexit referendum. Similarly, he said, there was no evidence of any serious campaign to influence the vote in the Scottish referendum in 2014, in the first such disclosure by any individual who served in the British government at the time. “It does us no good to overhype the adversary, or to imply damage where none has been caused...Our democratic processes are at risk of strategic harm from outside interference, but they’re also much more robust than they’re often given credit for, and it’s in our interests to say that and retain public confidence in them.”

His remarks come two months after a parliamentary report accused the British government of having “actively avoided looking for evidence that Russia interfered” in the Scottish referendum, the Brexit vote and the 2017 general election in Britain.

Martin, who now teaches at Oxford University and advises the cyber security focused Paladin investment firm, is among a number of cybersecurity experts urging avoidance of doomsday metaphors in discussing the array of digital threats that confront governments and the private sector. American analysts have been making a similar argument. “It’s easier to imagine a catastrophe than to produce it,” James A. Lewis, a cybersecurity policy expert at the Center for Strategic and International Studies, (CSIS).

“A catastrophic cyber attack was first predicted in the mid-1990s. Since then, predictions of a catastrophe have appeared regularly and have entered the popular consciousness... As a trope, a cyber catastrophe captures our imagination, but as analysis, it remains entirely imaginary and is of dubious value as a basis for policymaking. There has never been a catastrophic cyber attack”, he recently wrote in CSIS. 

Along those lines, top US homeland security cyber official Christopher Krebs said his big fear for November is ransomware attacks that could disrupt state and local election systems. “Right now, cyber attacks are more a threat to wealth than our safety, to our sense of liberty, happiness and well-being rather than life and limb,” Martin said. “They add up to a significant national security and prosperity problem.”

Washington Post:      Brookings Inst.      CSIS:         CSIS

You Might Also Read:
 

NCSC Chief Reflects On Cyber Crime, China, Russia & Technology:

 

 

« British Universities Shut Down By Cyber Attacks
Find Yourself In The Mind Of An Attacker! »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Zacco

Zacco

Zacco offer a 360° perspective on intellectual property: From patent filing and trademark registration to software development, digital brand protection, cyber security and portfolio management.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.