Interviews

Cyber report

by Mark Rowe

You and me are the threat to cyber-security, a new UK report suggests. No matter how secure your system, how comprehensive your regulations or the type of business you are involved in, there is always one weak point in your network. And that weak point is consistent the world over. It is, of course, the user. So writes Steven Mosley MP, one of the authors of a Cyber Security Commission report.

You can read the report in full on the IPT website. For more about the IPT visit – http://www.ipt.org.uk/research-and-publications.aspx.

A charity, the Industry and Parliament Trust (IPT) published its first Cyber Security Commission report titled ‘Cyber Security 2.0: Reflections on UK/EU Cyber-Security Co-Operation’. With the University of Warwick, the Commission has looked at UK and EU cyber-security co-operation and assessed how recent EU legislation around cyber-security has affected businesses and policy-making. A group of ‘Commissioners’ consisted of parliamentarians, academics such as Prof Tom Watson, Director of the Cyber Security Centre at the University of Warwick, and industry representatives, including Tom Whittaker, Head of Payment System Security, Visa Europe; and Jan Neutze, Director of Cyber-Security Policy, Microsoft EMEA. Over two days in Brussels they discussed issues around cyber-security regulation with officials from the Joint Research Centre (JRC), the European Network, Information and Security Agency (ENISA), the UK Representation to the European Parliament (UKREP) and various members of the European Parliament.

The report, based on the commissioners’ findings, focuses on: UK/EU Cyber Security Co-Operation, EU Cyber Security Regulation, Protecting Critical National Infrastructure and Cyber Activism, or ‘Hactivism’.

James Arbuthnot MP, former Chair of the Defence Select Committee said: “A successful cyber-attack on the UK could have truly apocalyptic consequences and…a threat to our EU partners also represents a threat to the UK. I commend this volume of fascinating essays as a contribution to debate across Europe on how best to address this threat.”

And Jane Jenkins, Partner and Co-head of the Freshfields Bruckhaus Deringer international cyber security and defence teams, one of the chapter authors, said: “This report highlights that cyber is going to be the next regulatory headache for businesses across the EU with a debate around key issues including its scope, the mandatory reporting of breaches and the imposition of additional technical standards. The debate going forward promises to be intense.”

ASIS angle

ASIS UK member James Willison in his chapter wrote of cross-disciplinary and cross-functional teams, which can identify blended attacks, as an important solution for the threats to Critical National Infrastructure. “Currently, most organisations only operate these teams in a crisis event when it is too late. This failure to identify the vulnerabilities in physical security systems and procedures is not acceptable. So what is the answer? ASIS UK, as part of ASIS International, is working with the European Union in a variety of ways. In April 2014, Europol partnered with the ASIS European Security Conference in the Hague and emphasised the importance of reaching out to our members.” He detailed the American National Standard (ANSI) for Physical Asset Protection (PAP).

Social media

Dr Layla Branicki of Birmingham University wrote about social media: “Social media is in many respects a soft-target for cyber-attack, as the methods used may require relatively minimum levels of technical expertise, be low cost, diffuse, and as a result difficult to detect. Understanding the ways in which social media platforms are used and how information spreads across them is therefore critical in enabling the risks associated with social media to be better understood and for appropriate interventions to be designed. A central tension however exists between mitigating the threats and enabling the opportunities created by access to an open and connected internet. In the EU’s vision of ‘how to enhance security in cyberspace’ it is stated that ‘for cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online’ (European Commission, 2013) and yet it is unclear how this can or ought to be applied to the soft-target of social media.

“In section 1.21 of the UK National Security Strategy (2010) the potential impact of a new ‘mass of connections’ upon security was highlighted. It was argued that networks, including social networking technologies and 24 hour news media, could impact security as interest groups become more able to pressurise governments and a wide range of ideas easily proliferate globally (UK National Security Strategy, 2010).”

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing