Last week saw the formal opening of the National Cyber Security Centre, a part of GCHQ which is intended to enhance the UK’s cyber security capabilities and, if you believe the hype, make the UK the safest place in the world to be online.
It was a royal opening attended by Her Majesty the Queen and His Royal Highness The Duke of Edinburgh. There was also an array of Government Ministers in attendance including the Chancellor of the Exchequer, Phillip Hammond, Home Secretary Amber Rudd, Defence Secretary Michael Fallon, the Minister for Digital and Culture, Matthew Hancock, and Cabinet Office Minister Ben Gummer.
The Queen unveiled a plaque to mark the occasion and took a tour of the new facility which is located in Victoria, London. During the tour, she was shown demonstrations of the type of cyber security threats the UK has encountered in the past, the present, and what they expect to have to contend with in the future.
There was also plenty of mutual back-patting on display as everyone congratulated themselves on the important job they are yet to do. The Chief Executive of the National Cyber Security Centre, Ciaran Martin said “We will help secure our critical services, lead the response to the most serious incidents and improve the underlying security of the internet… We want to… help people to feel as safe as possible when using technology to its fullest potential.”
There were numerous other speeches in a similar vein.
Certainly, there are some proposals which will emerge from the National Cyber Security Centre which appear to be promising. At the opening event, the Chancellor, Phillip Hammond announced the creation of Industry 100, a scheme in which private sector organisations will be able to second staff to the National Cyber Security Centre to share expertise and build collaboration between the private and public sectors.
The Government have also recently launched the Cyber Schools Programme, which will facilitate the teaching of cyber skills to children aged between 14 and 18.
All of this is to be welcomed, but should still not gloss over the fundamental flaws this policy area is faced with, and which the creation of this new centre has done nothing to tackle.
Fundamental Policy Flaws
Firstly, there is the question of where Government responsibility for cyber security policy lies. The presence of Ministers from no fewer than five different Government departments highlights the huge overlap in policy responsibility which is still present in Government.
This is an issue which has been raised time and time again, but no Government to date has been able to resolve. Until Cyber Security policy becomes the responsibility of one single Government department, efforts to create a modern and effective cyber security strategy will always find themselves tied up in endless red tape.
This is an issue which we have touched on here before, and which has also recently been highlighted by the Public Accounts Committee in their recent report entitled Protecting information across government.
Then there are the individual roles that the agencies tasked with taking on cyber-crime on the front line hold. The National Cyber Security Centre sounds like a powerful organisation, but the question of where it sits alongside the likes of GCHQ, MI5, and MI6 has still not been made clear. This is a point which the Public Accounts Committee also raised in their report.
And lastly, of course, is the threat that the Government themselves pose to online security for UK netizens. Their recent Investigatory Powers Bill hands sweeping powers to law enforcement agencies to hack into people’s machines without warrants and also requires ISPs to hold records of everyone’s online activity for 12 months. Both of these powers bring with them considerable security risks.
Then there is the Digital Economy Bill, which is trying to introduce age verification for every porn site in the UK. This will require users to input credit card details which will again be stored on a huge and vulnerable database.
The Government track record on keeping their own data safe is anything but perfect, and all of these policies, and many more besides create security risks for UK internet users.
So, until the Government can get its own house in order, rather than rely on any shiny new agencies for protection, the fact remains that most users are better off protecting themselves online through the use of a VPN and other such security tools.
I wonder if anyone mentioned any of that to the Queen last week?