Exaggerating Cyber Threats Undermines Policy Making

Cyberspace is not secure and our effective analysis of the potential and security issues needs genuine vigilance, but the the threats to government of cyber attacks has been overplayed. 

Many of today’s policymakers grew up when computers were rarely used with only limited digital know-how.  This older generation has focused upon cyber threats and this has been over exaggerated in the news according to a recent senior UK government official, Ciaran Martin

Speaking at a recent public event, Martin (pictured) said no one has been killed by a state-sponsored or terrorist cyber attack to date and that, after three decades of warnings, a catastrophic cyber security event has yet to occur. 

Martin has also argued against the idea that there has been Russian interference in elections and he said there was no evidence of interference in the Brexit referendum. Similarly, he said, there was no evidence of any serious campaign to influence the vote in the Scottish referendum in 2014, in the first such disclosure by any individual who served in the British government at the time. “It does us no good to overhype the adversary, or to imply damage where none has been caused...Our democratic processes are at risk of strategic harm from outside interference, but they’re also much more robust than they’re often given credit for, and it’s in our interests to say that and retain public confidence in them.”

His remarks come two months after a parliamentary report accused the British government of having “actively avoided looking for evidence that Russia interfered” in the Scottish referendum, the Brexit vote and the 2017 general election in Britain.

Martin, who now teaches at Oxford University and advises the cyber security focused Paladin investment firm, is among a number of cybersecurity experts urging avoidance of doomsday metaphors in discussing the array of digital threats that confront governments and the private sector. American analysts have been making a similar argument. “It’s easier to imagine a catastrophe than to produce it,” James A. Lewis, a cybersecurity policy expert at the Center for Strategic and International Studies, (CSIS).

“A catastrophic cyber attack was first predicted in the mid-1990s. Since then, predictions of a catastrophe have appeared regularly and have entered the popular consciousness... As a trope, a cyber catastrophe captures our imagination, but as analysis, it remains entirely imaginary and is of dubious value as a basis for policymaking. There has never been a catastrophic cyber attack”, he recently wrote in CSIS. 

Along those lines, top US homeland security cyber official Christopher Krebs said his big fear for November is ransomware attacks that could disrupt state and local election systems. “Right now, cyber attacks are more a threat to wealth than our safety, to our sense of liberty, happiness and well-being rather than life and limb,” Martin said. “They add up to a significant national security and prosperity problem.”

Washington Post:      Brookings Inst.      CSIS:         CSIS

You Might Also Read:
 

NCSC Chief Reflects On Cyber Crime, China, Russia & Technology:

 

 

« British Universities Shut Down By Cyber Attacks
Find Yourself In The Mind Of An Attacker! »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Lookout

Lookout

Lookout is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack.

TSUNAMI

TSUNAMI

The TSUNAMi center focuses on software and system security and how trustworthy software can be built from COTS software components.

Cybellum

Cybellum

Cybellum brings the entire product security workflow into one dedicated platform, allowing device manufacturers to keep the connected products they build cyber-secure and cyber-compliant.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

TCDI

TCDI

TCDI specializes in computer forensics, eDiscovery and cybersecurity services.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

Cybersecurity Defense Initiative (CDI) - University of Arkansas

Cybersecurity Defense Initiative (CDI) - University of Arkansas

The Cybersecurity Defense Initiative is a national cybersecurity training program, developed for technical personnel and managers who monitor and protect our nation's critical cyber infrastructures.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

Syber Technology

Syber Technology

Syber Technology is an IT project implementer empowering IT systems of Small to Medium Enterprises in the Middle East.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

Zama

Zama

Zama - pioneering homomorphic encryption. We believe people shouldn't care about privacy. Not because it doesn't matter, but because it shouldn't be an issue!

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.