Has collective amnesia about stance on end-to-end encryption
The British government wants your bright ideas for improving the nation’s cybersecurity because it wants to “understand the apparent lack of strong commercial rationale for investment” in locking down your shizz.
As part of its fond hope of making the UK a bit more secure than the rest of the world, the Department for Digital, Culture, Media and Sport (DCMS) wants you to tell it what it could be doing better.
The Cyber Security Incentives and Regulation Review is intended to tell UK.gov which of its security-enhancing initiatives do and don’t work. Many of those are routed to the great unwashed via the National Cyber Security Centre (NCSC).
In its detailed consultation document, accessible here, DCMS claimed that “only around 60 per cent of organisations took actions to identify cyber security risks”, citing a survey it carried out earlier this year.
Back in April, NCSC tech director Ian Levy said: “I think we’re still seeing very common things happen that were happening 15 years ago. We’ve got to find some way of changing it. It’s obvious the way we’ve been trying to get people to change this hasn’t been working.”
Perhaps perceptively, the department opined that part of the problem with getting smaller businesses to take cybersecurity seriously was the problem that security is “viewed as an IT-specific issue and an objective in itself, rather than an enabler of business continuity and operational resilience”.
Digital minister Matt Warman, the one-time technology editor of the Daily Telegraph, pleaded: “I hope this review will encourage the industry to think about what government could do to help and what incentives might encourage firms and businesses to manage their cyber risk.”
DCMS also published a postal feedback address, presumably for the use of people who write in green ink and think all of the internet is hopelessly insecure.
Separately, defence ministers published their latest response to Parliament’s Joint Committee on the National Security Strategy, in which the word “cyber” was mentioned just six times across 17 pages.
The Ministry of Defence is spending £40m on its “cyber security operations capability”, bunging £12m on the Defence Cyber School for training uniformed infosec bods, and a total of £265m on securing existing military hardware against cyber threats. ®