The dark ages of security
Lord Toby Harris from the House of Lords, illustrated the problem with information security today as a poor relation of security and technology. The complication derives from a variety of emotional, cultural and financial issues. He is very critical of the UK government's approach to security on several levels and he's not afraid to demonstrate the topic. He believes there's a danger of complacency in the UK. The public sector compliance with security requirements is poor and a proper disaster recovery plan is nonexistent. Sadly, the same can probably be said for most European countries.
The fact of the matter is that in order to achieve regulation, we need greater responsibility from both individuals and the private sector. The balance of responsibility has to shift and include equipment manufacturers, software producers and service providers. Also essential are adequate resources that allow the enforcement of the rules.
One of the hot topics for privacy advocates in the UK is certainly that of national ID cards. Lord Harris demonstrated the erroneous way in which the government is "selling" them to the public. No, they won't be a good counter-terrorism tool and they offer limited benefits when it comes to illegal immigration and border control. However, they undoubtedly grant citizens the benefit of being able to establish their identity and entitlement. If an ID card was required to open a bank account, they would probably make the identity theft rate go down.
With the strong expansion of broadband and other communication technologies, identity and security matter more every day. People are being increasingly targeted by cyber crooks and they have plenty to worry about: e-crime, data loss and a plethora of malicious attacks. When it comes to e-crime specifically, it's exceptionally problematic to display the magnitude of the problem in the UK since e-crime is still not recorded separately from other types of fraud. Despite not having concrete data at their disposal, UK citizens are more afraid of e-crime than burglary or mugging. According to Lord Harris, ignorance, carelessness and technology flaws are what puts individuals at risk. Once again we're reminded about the fundamental importance of security awareness.
Lord Harris believes that because of a grave lack of security, the UK critical network infrastructure is at risk. Let's just remind ourselves about the crippling May 2007 attacks in Estonia and the recent cyber disruption in Georgia. Governments should have a framework that enables them to see which resources are being attacked and, clearly, a proper set of firm guidelines that make sure every system is up to date and working properly.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.