Exaggerating Cyber Threats Undermines Policy Making
Cyberspace is not secure and our effective analysis of the potential and security issues needs genuine vigilance, but the the threats to government of cyber attacks has been overplayed.
Many of today’s policymakers grew up when computers were rarely used with only limited digital know-how. This older generation has focused upon cyber threats and this has been over exaggerated in the news according to a recent senior UK government official, Ciaran Martin.
Speaking at a recent public event, Martin (pictured) said no one has been killed by a state-sponsored or terrorist cyber attack to date and that, after three decades of warnings, a catastrophic cyber security event has yet to occur.
Martin has also argued against the idea that there has been Russian interference in elections and he said there was no evidence of interference in the Brexit referendum. Similarly, he said, there was no evidence of any serious campaign to influence the vote in the Scottish referendum in 2014, in the first such disclosure by any individual who served in the British government at the time. “It does us no good to overhype the adversary, or to imply damage where none has been caused...Our democratic processes are at risk of strategic harm from outside interference, but they’re also much more robust than they’re often given credit for, and it’s in our interests to say that and retain public confidence in them.”
His remarks come two months after a parliamentary report accused the British government of having “actively avoided looking for evidence that Russia interfered” in the Scottish referendum, the Brexit vote and the 2017 general election in Britain.
Martin, who now teaches at Oxford University and advises the cyber security focused Paladin investment firm, is among a number of cybersecurity experts urging avoidance of doomsday metaphors in discussing the array of digital threats that confront governments and the private sector. American analysts have been making a similar argument. “It’s easier to imagine a catastrophe than to produce it,” James A. Lewis, a cybersecurity policy expert at the Center for Strategic and International Studies, (CSIS).
“A catastrophic cyber attack was first predicted in the mid-1990s. Since then, predictions of a catastrophe have appeared regularly and have entered the popular consciousness... As a trope, a cyber catastrophe captures our imagination, but as analysis, it remains entirely imaginary and is of dubious value as a basis for policymaking. There has never been a catastrophic cyber attack”, he recently wrote in CSIS.
Along those lines, top US homeland security cyber official Christopher Krebs said his big fear for November is ransomware attacks that could disrupt state and local election systems. “Right now, cyber attacks are more a threat to wealth than our safety, to our sense of liberty, happiness and well-being rather than life and limb,” Martin said. “They add up to a significant national security and prosperity problem.”
Washington Post: Brookings Inst. CSIS: CSIS:
You Might Also Read:
NCSC Chief Reflects On Cyber Crime, China, Russia & Technology: