It wasn’t all fun though. A chap from the Institute for Security and Resilience said that the measure of strategic capacity is the capacity to innovate, and he sounded sceptical of UK plc’s abilities in this space, making an interesting point about they way in which the British system puts specialists and entrepreneurs under the control of generalists (referring to, I think, the well-meaning but amateur way in which government manages IT).
But to the point. It turns out that the UK has cybersecurity strategy. It’s available online from the Cabinet Office (revised version 25th November 2011 PDF), so I quickly downloaded it and skimmed through it in time to get to the panel on the “vision for a cyber smart economy” that featured Baroness Pauline Neville-Jones, who is the UK Government’s Special Representative to Industry on Cyber Security. She was great: amongst other things she asked why UK educational establishments are training more Chinese people in cyber security than British nationals…
I spoke on the panel on SMEs chaired by Alex van Someren with Nick Kingsbury and Mark West, and that was most enjoyable, but the highlight of the day for me was the wide-ranging discussion between Joseph Menn of the Financial Times, Caspar Bowden (no longer with Microsoft) and the writer Cory Doctorow. They are very smart and very interesting guys, so hearing them range across software patents, copyrights and privacy was genuinely fascinating. The UK Cybersecurity Strategy doesn’t actually mention copyright at all and it only mentions “intellectual property” once (on page 9), but in terms of a vision for a cyber smart economy, I would have thought that informed discussions about this were rather central to that vision.
The reason that they are not is, as was covered in the discussion, twofold. Cliff Richard and his stooges are against internet privacy for entirely sociopathic reasons to do with what economists call “rent-seeking regulatory capture”, but he finds a sympathetic ear in the government because
- the government don’t want privacy either – they want to be able to listen in to your internet conversations and if that means leaving them open to Chinese cyberwarriors as well as record companies then so be it – and find sobbing pop stars a useful smokescreen and
- because it’s more fun talking to pop stars than to dreary middle-aged “experts” (e.g., me).
At the end of the event my perspective on all of this was reinforced as essentially infrastructural. In particular, we lack national identity infrastructure, so we’re starting from a low base. In the UK, we need to accelerate the Cabinet Office’s Identity Assurance Programme to formulate something along the lines of the US Department of Commerce’s National Strategy for Trusted Identities in Cyberspace (NSTIC) and then mandate its use for public sector services: no identity, no service. If we don’t mandate it, and instead rely on citizens to protect themselves (and the rest of us) then we have no hope.
Citibank’s Rich Detura… runs global consumer fraud policies, which is an expansion from his previous similar role for Citibank’s US-specific role.
“Consumers’ use of technology is far outpacing their ability to comprehend the security implications of their actions”[From Great quote from Citibank’s Rich Detura – Javelin Strategy & Research Blog]
If we don’t take this kind of action, we’re going to end up with two internets, as I’ve written before. With no end-to-end identity management, the rich will instead turn to secure networks that lock out undesirables (or, alternatively, lock in undesirables who know what they’re doing).
“The concept of a more secure network that customers or vendors are willing to pay for is probably the only way to provide the security that people want to have,” says Ted Schlein of Kleiner Perkins.[From Founding father wants secure ‘Internet 2’ – FT.com]
I don’t want that, because I think an open internet is a tremendous power for creativity and innovation. Let’s have a working national and international identity infrastructure instead. As an aside, Hugh Eaton (Director Security and Intelligence) said that, as Bruce Schneier always does, that when it comes to security or dancing pigs, you always get dancing pigs. I think this should be updated for the 21st century: when it comes to security or newspaper headlines about security, you always get newspaper headlines about security.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers