Following the UK Conservative Party Conference this week, many headlines honed in on the government’s plan to create a battalion of cyber reserves to protect the country from online attacks. There is an ongoing cyber security skills shortage in the UK that has been widely documented of late – my guess is that this has been something of a catalyst for numerous government initiatives, such as the ‘crack the code’ competition recently announced by GCHQ. With that, it makes perfect sense that the government is taking additional measures to address this perfect storm of increasingly severe cyber threats and lack of expertise to deal with them.
What was really interesting though, was the fact that the new unit will be granted resources to launch cyber strikes if required. As the government has been heavily criticized in recent years for failing to do enough to protect its citizens from internet crime, whether state sponsored or otherwise, I can only imagine that this is an attempt to set things straight.
It got me thinking about our own research, which discovered last year that 65 percent of UK consumers felt pre-emptive strikes on enemy states would be justified, while 45 percent believed that the government needed to improve its protection of national assets against cyber threats. With that, you would probably be right to assume that many Brits will welcome Hammonds’ statement and see this as a step in the right direction. However, it is worth remembering that blindly attacking the networks of assumed perpetrators and ‘enemy’ states could be seen as an unnecessary act of aggression and have detrimental effects in terms of unwanted retaliation.
Perhaps the government should first consider whether it has the adequate measures in place to guarantee that the right information can be gathered before making the decision to launch a pre-emptive strike. In order to gain the clearest picture of the situation, proactive, continuous monitoring of all IT networks must be in place to ensure that any intrusion or anomaly can be detected before the problem snowballs. Such deep and granular insight will equip government organizations with the ability to instantly determine the scale of an attack, and most importantly, increase the accuracy of attribution. After all, ill-informed finger-pointing could be disastrous from a diplomatic perspective!
So, while this is certainly a step in the right direction – it pays to remember that with great power comes great responsibility, and in this case, the responsibility lies with those securing and monitoring the network in the first place.