[Dave Birch] I very much appreciated being invited along to speak at the Cyber Security Forum 2011 in London. I’m sorry that I couldn’t get along to the first sessions (the demands of clients trumped the future security of our great nation) but I sat through most of it. When I wandered in and sat down, avoiding the temptation to go to “Iceland - New Opportunities” instead, and I loved that within the first ten minutes I had heard about Machiavelli, the scientific illiteracy of the British civil service and how to get stuff done in ancient Greece.
It wasn’t all fun though. A chap from the Institute for Security and Resilience said that the measure of strategic capacity is the capacity to innovate, and he sounded sceptical of UK plc’s abilities in this space, making an interesting point about they way in which the British system puts specialists and entrepreneurs under the control of generalists (referring to, I think, the well-meaning but amateur way in which government manages IT).
But to the point. It turns out that the UK has cybersecurity strategy. It’s available online from the Cabinet Office (revised version 25th November 2011 PDF), so I quickly downloaded it and skimmed through it in time to get to the panel on the “vision for a cyber smart economy” that featured Baroness Pauline Neville-Jones, who is the UK Government’s Special Representative to Industry on Cyber Security. She was great: amongst other things she asked why UK educational establishments are training more Chinese people in cyber security than British nationals…
I spoke on the panel on SMEs chaired by Alex van Someren with Nick Kingsbury and Mark West, and that was most enjoyable, but the highlight of the day for me was the wide-ranging discussion between Joseph Menn of the Financial Times, Caspar Bowden (no longer with Microsoft) and the writer Cory Doctorow. They are very smart and very interesting guys, so hearing them range across software patents, copyrights and privacy was genuinely fascinating. The UK Cybersecurity Strategy doesn’t actually mention copyright at all and it only mentions “intellectual property” once (on page 9), but in terms of a vision for a cyber smart economy, I would have thought that informed discussions about this were rather central to that vision.
The reason that they are not is, as was covered in the discussion, twofold. Cliff Richard and his stooges are against internet privacy for entirely sociopathic reasons to do with what economists call “rent-seeking regulatory capture”, but he finds a sympathetic ear in the government because
- the government don’t want privacy either - they want to be able to listen in to your internet conversations and if that means leaving them open to Chinese cyberwarriors as well as record companies then so be it - and find sobbing pop stars a useful smokescreen and
- because it’s more fun talking to pop stars than to dreary middle-aged “experts” (e.g., me).
At the end of the event my perspective on all of this was reinforced as essentially infrastructural. In particular, we lack national identity infrastructure, so we’re starting from a low base. In the UK, we need to accelerate the Cabinet Office’s Identity Assurance Programme to formulate something along the lines of the US Department of Commerce’s National Strategy for Trusted Identities in Cyberspace (NSTIC) and then mandate its use for public sector services: no identity, no service. If we don’t mandate it, and instead rely on citizens to protect themselves (and the rest of us) then we have no hope.
Citibank’s Rich Detura… runs global consumer fraud policies, which is an expansion from his previous similar role for Citibank’s US-specific role.
“Consumers’ use of technology is far outpacing their ability to comprehend the security implications of their actions”
If we don’t take this kind of action, we’re going to end up with two internets, as I’ve written before. With no end-to-end identity management, the rich will instead turn to secure networks that lock out undesirables (or, alternatively, lock in undesirables who know what they’re doing).
“The concept of a more secure network that customers or vendors are willing to pay for is probably the only way to provide the security that people want to have,” says Ted Schlein of Kleiner Perkins.
I don’t want that, because I think an open internet is a tremendous power for creativity and innovation. Let’s have a working national and international identity infrastructure instead. As an aside, Hugh Eaton (Director Security and Intelligence) said that, as Bruce Schneier always does, that when it comes to security or dancing pigs, you always get dancing pigs. I think this should be updated for the 21st century: when it comes to security or newspaper headlines about security, you always get newspaper headlines about security.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
The English language version of this work is licensed under Creative Commons Attribution-ShareAlike 3.0 Unported License. If you wish to acquire the rights to make a foreign language translation of the work, please contact Consult Hyperion.
Please note that by replying in this Forum your comments become the property of Consult Hyperion and you assign all rights in your comment to us. Your comments may be edited for length and used online and in print but will always be attributed.
Meet us at:
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010