Exaggerating Cyber Threats Undermines Policy Making

Uploaded on 2020-09-22 in GOVERNMENT-National, FREE TO VIEW

Cyberspace is not secure and our effective analysis of the potential and security issues needs genuine vigilance, but the the threats to government of cyber attacks has been overplayed. 

Many of today’s policymakers grew up when computers were rarely used with only limited digital know-how.  This older generation has focused upon cyber threats and this has been over exaggerated in the news according to a recent senior UK government official, Ciaran Martin

Speaking at a recent public event, Martin (pictured) said no one has been killed by a state-sponsored or terrorist cyber attack to date and that, after three decades of warnings, a catastrophic cyber security event has yet to occur. 

Martin has also argued against the idea that there has been Russian interference in elections and he said there was no evidence of interference in the Brexit referendum. Similarly, he said, there was no evidence of any serious campaign to influence the vote in the Scottish referendum in 2014, in the first such disclosure by any individual who served in the British government at the time. “It does us no good to overhype the adversary, or to imply damage where none has been caused...Our democratic processes are at risk of strategic harm from outside interference, but they’re also much more robust than they’re often given credit for, and it’s in our interests to say that and retain public confidence in them.”

His remarks come two months after a parliamentary report accused the British government of having “actively avoided looking for evidence that Russia interfered” in the Scottish referendum, the Brexit vote and the 2017 general election in Britain.

Martin, who now teaches at Oxford University and advises the cyber security focused Paladin investment firm, is among a number of cybersecurity experts urging avoidance of doomsday metaphors in discussing the array of digital threats that confront governments and the private sector. American analysts have been making a similar argument. “It’s easier to imagine a catastrophe than to produce it,” James A. Lewis, a cybersecurity policy expert at the Center for Strategic and International Studies, (CSIS).

“A catastrophic cyber attack was first predicted in the mid-1990s. Since then, predictions of a catastrophe have appeared regularly and have entered the popular consciousness... As a trope, a cyber catastrophe captures our imagination, but as analysis, it remains entirely imaginary and is of dubious value as a basis for policymaking. There has never been a catastrophic cyber attack”, he recently wrote in CSIS. 

Along those lines, top US homeland security cyber official Christopher Krebs said his big fear for November is ransomware attacks that could disrupt state and local election systems. “Right now, cyber attacks are more a threat to wealth than our safety, to our sense of liberty, happiness and well-being rather than life and limb,” Martin said. “They add up to a significant national security and prosperity problem.”

Washington Post:      Brookings Inst.      CSIS:         CSIS

You Might Also Read:
 

NCSC Chief Reflects On Cyber Crime, China, Russia & Technology:

 

 

« British Universities Shut Down By Cyber Attacks
Find Yourself In The Mind Of An Attacker! »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.