Exaggerating Cyber Threats Undermines Policy Making

Cyberspace is not secure and our effective analysis of the potential and security issues needs genuine vigilance, but the the threats to government of cyber attacks has been overplayed. 

Many of today’s policymakers grew up when computers were rarely used with only limited digital know-how.  This older generation has focused upon cyber threats and this has been over exaggerated in the news according to a recent senior UK government official, Ciaran Martin

Speaking at a recent public event, Martin (pictured) said no one has been killed by a state-sponsored or terrorist cyber attack to date and that, after three decades of warnings, a catastrophic cyber security event has yet to occur. 

Martin has also argued against the idea that there has been Russian interference in elections and he said there was no evidence of interference in the Brexit referendum. Similarly, he said, there was no evidence of any serious campaign to influence the vote in the Scottish referendum in 2014, in the first such disclosure by any individual who served in the British government at the time. “It does us no good to overhype the adversary, or to imply damage where none has been caused...Our democratic processes are at risk of strategic harm from outside interference, but they’re also much more robust than they’re often given credit for, and it’s in our interests to say that and retain public confidence in them.”

His remarks come two months after a parliamentary report accused the British government of having “actively avoided looking for evidence that Russia interfered” in the Scottish referendum, the Brexit vote and the 2017 general election in Britain.

Martin, who now teaches at Oxford University and advises the cyber security focused Paladin investment firm, is among a number of cybersecurity experts urging avoidance of doomsday metaphors in discussing the array of digital threats that confront governments and the private sector. American analysts have been making a similar argument. “It’s easier to imagine a catastrophe than to produce it,” James A. Lewis, a cybersecurity policy expert at the Center for Strategic and International Studies, (CSIS).

“A catastrophic cyber attack was first predicted in the mid-1990s. Since then, predictions of a catastrophe have appeared regularly and have entered the popular consciousness... As a trope, a cyber catastrophe captures our imagination, but as analysis, it remains entirely imaginary and is of dubious value as a basis for policymaking. There has never been a catastrophic cyber attack”, he recently wrote in CSIS. 

Along those lines, top US homeland security cyber official Christopher Krebs said his big fear for November is ransomware attacks that could disrupt state and local election systems. “Right now, cyber attacks are more a threat to wealth than our safety, to our sense of liberty, happiness and well-being rather than life and limb,” Martin said. “They add up to a significant national security and prosperity problem.”

Washington Post:      Brookings Inst.      CSIS:         CSIS

You Might Also Read:
 

NCSC Chief Reflects On Cyber Crime, China, Russia & Technology:

 

 

« British Universities Shut Down By Cyber Attacks
Find Yourself In The Mind Of An Attacker! »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

Checkmarx

Checkmarx

Checkmarx provides state-of-the-art application security solutions with static code analysis software.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

CITRA - Information Security and Emergency Response

CITRA - Information Security and Emergency Response

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

TheGreenBow

TheGreenBow

TheGreenBow is a trusted VPN software company. We help organizations and individuals become cyber-responsible. For this, we design and develop reliable and easy-to-use solutions.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.