Whoops Apocalypse

Prompted by the record of the last six months and with security vendor, Symantec, reporting that financial services, healthcare, power and energy sectors are being increasingly targeted by hackers for “severe cyber attacks”, the Conservatives are to call for an Opposition Day (or half-day) Debate on information security, “Concentrating on DTI and economic issues”, in areas where it touches the critical national infrastructure, crime and overall commercial confidence in the Internet.

“How”, says Parliamentary Group, EURIM’s Philip Virgo, “Are we going to handle the rising tide of E-Crime from grooming and phishing through to large scale charge card and benefit fraud as criminals use the Internet to automate old crimes and invent new ones faster that law enforcement appears able to respond”?

Symantec’s latest ‘Internet Security Threat Report’, which gives an average of 220 security vulnerabilities (an average of 99 were of “high severity), a month between July and December 2003, makes sobering reading and even the alarmist consultancy Mi2G, with it’s colourful record of predictions involving a future littered with ‘Malware tsunamis’, “Globally spawned cyber-catastrophes” and ‘Decompression bombs”, argues that “There is a lack of coherent strategy at the nation state level to contain digital risk”.

In the light of last week’s outrage in Madrid, security has now become an unavoidable and increasingly personal problem and it appears that we have no clearer answers in cyberspace than those in the very real and risk-prone world of exploding trains, planes and cars.

In 1975, the IRA called and missed me one Saturday morning when they detonated a bomb in a waste bin at the Ideal Home exhibition at Olympia. I had the day off but my colleagues standing opposite weren’t so lucky. My wife was coincidentally blown down the road in Northern Ireland by another device, so you might say that we are both a little security minded as a consequence. Unfortunately, there’s very little guarantee that it’s safer to live in London now than it was in the seventies and on the Internet, we are told that “A new and dangerous point has been reached in the global digital eco-system”; convoluted Mi2G-speak for “It’s a complete mess and we’re all screwed”.

Do we have any real answers to the security problems anywhere or are we guilty of posturing and pretence? It seems to me that there are several sides to the information security problem at least.

You have the industry and business, battling unsuccessfully to fill the holes in their IT infrastructure before the next ‘digital tsunami’ washes over them, and then there are examples of security vendors shamelessly milking the opportunity in the interests of their shareholders. Finally, there are the hackers, who have never had it so good waving a finger at Government and law-enforcement, who between them and on a global scale, have yet to arrive at anything approaching a workable solution to policing an unregulated the Internet without taking a Chinese Government approach to the question of personal freedom.

Discussing the wider information security problem in Parliament is, at best, a step on the ladder, because it puts Internet security firmly on the agenda with other issues of national importance. However, a chasm exists between debate and delivery of solutions and if industry is unable to offer convincing answers then it would be unreasonable to expect politicians to agree on sensible measures that might offer a level of reassurance for the future.


Popular posts from this blog

Civilisational Data Mining

The Nature of Nurture?