GCHQ in UK right to get serious about cyber-attacks
by Paul Davis
14 September 2012
The world is slowly waking up to the harsh realities of the cyber threat landscape, but there is not time to waste - warns IT expert
The Government Communications Headquarters - a British intelligence agency - has announced plans to set up the United Kingdom's first academic research institute in a bid to develop the tools needed to support the growing struggle against cyber-attacks. The institute will take the form of a 'virtual' organisation involving seven British universities and will work alongside the research institute in the science of cyber security - with the aim of providing intelligence to help the British government, businesses and individuals to protect themselves against the myriad of cyber threats in existence. As the institute will be funded with a £3.8m government grant, it is testimony to the seriousness of the threat posed to national cyber security.
This comes hot on the heels of a statement from professional security certification body ISC, which called for a different approach to information technology security and recommended that the best long-term solution is that governments actively collaborate with experts and academics - building on existing intelligence.
While the UK appears to be slowly waking up to the harsh realities of the cyber threat landscape. There has long been a tendency for many organisations worldwide to become complacent, with traditional defences including firewalls and anti-virus providing a false sense of security for many. The reality is that cyber-attacks have evolved at an astonishing rate and hackers are now adept at getting around these standard defences, undetected and with ease. Indeed, GCHQ recently claimed that businesses are failing to do enough to defend themselves from "real and credible threats to cyber security". With this in mind, this news is a welcome indication that attitudes are at long last changing.
The issues of cyber war and cyber espionage are becoming more and more apparent to governments, organisations and individuals around the globe – and are now beginning to ascend the global agenda. In short, the threat can no longer be ignored. You only have to read the frequent headlines detailing recent incidents of highly advanced malware – as well as Microsoft's most recent discovery of malware inserted onto PCs during the production process – to see that we are effectively sitting on a ticking time-bomb that must be proactively addressed by governments, businesses and individuals worldwide. As hackers become more creative, collaborative and sophisticated in their methods, we must match their ingenuity and intelligence, in order to have any chance of defending our critical assets and sensitive information.
The time for complacency and inaction is long gone. Now GCHQ's proposals reflect a growing need to understand the complexities of the threat landscape and demonstrate new ways to defend our nation with the best research available. This is certainly a positive step and is one that the security community is sure to welcome. Far too many organisations struggle with their understanding of the security landscape and the inadequacies of their existing defences, particularly when faced with the advanced nature of today's cyber threat. While it is encouraging that noise is starting to be generated around the need for holistic security solutions - ones capable of filling the gaps in their networks greater and more widespread awareness is still needed.
With any luck, this announcement and the growing media interest around these issues, will force more organisations to wake up to the harsh realities of IT security today. We have entered an era in which malware is no longer just the tool of low-level cyber thieves. Cyber war and cyber espionage are very real threats and warrant robust and proactive action from us all.
Paul Davis is Europe director at IT security firm FireEye
The Government Communications Headquarters - a British intelligence agency - has announced plans to set up the United Kingdom's first academic research institute in a bid to develop the tools needed to support the growing struggle against cyber-attacks. The institute will take the form of a 'virtual' organisation involving seven British universities and will work alongside the research institute in the science of cyber security - with the aim of providing intelligence to help the British government, businesses and individuals to protect themselves against the myriad of cyber threats in existence. As the institute will be funded with a £3.8m government grant, it is testimony to the seriousness of the threat posed to national cyber security.
This comes hot on the heels of a statement from professional security certification body ISC, which called for a different approach to information technology security and recommended that the best long-term solution is that governments actively collaborate with experts and academics - building on existing intelligence.
While the UK appears to be slowly waking up to the harsh realities of the cyber threat landscape. There has long been a tendency for many organisations worldwide to become complacent, with traditional defences including firewalls and anti-virus providing a false sense of security for many. The reality is that cyber-attacks have evolved at an astonishing rate and hackers are now adept at getting around these standard defences, undetected and with ease. Indeed, GCHQ recently claimed that businesses are failing to do enough to defend themselves from "real and credible threats to cyber security". With this in mind, this news is a welcome indication that attitudes are at long last changing.
The issues of cyber war and cyber espionage are becoming more and more apparent to governments, organisations and individuals around the globe – and are now beginning to ascend the global agenda. In short, the threat can no longer be ignored. You only have to read the frequent headlines detailing recent incidents of highly advanced malware – as well as Microsoft's most recent discovery of malware inserted onto PCs during the production process – to see that we are effectively sitting on a ticking time-bomb that must be proactively addressed by governments, businesses and individuals worldwide. As hackers become more creative, collaborative and sophisticated in their methods, we must match their ingenuity and intelligence, in order to have any chance of defending our critical assets and sensitive information.
The time for complacency and inaction is long gone. Now GCHQ's proposals reflect a growing need to understand the complexities of the threat landscape and demonstrate new ways to defend our nation with the best research available. This is certainly a positive step and is one that the security community is sure to welcome. Far too many organisations struggle with their understanding of the security landscape and the inadequacies of their existing defences, particularly when faced with the advanced nature of today's cyber threat. While it is encouraging that noise is starting to be generated around the need for holistic security solutions - ones capable of filling the gaps in their networks greater and more widespread awareness is still needed.
With any luck, this announcement and the growing media interest around these issues, will force more organisations to wake up to the harsh realities of IT security today. We have entered an era in which malware is no longer just the tool of low-level cyber thieves. Cyber war and cyber espionage are very real threats and warrant robust and proactive action from us all.
Paul Davis is Europe director at IT security firm FireEye
COMMENTS
