One strike, and you are out?

Filed under: Governance,Risk,Security,Standards — lenand @ 10:25 pm
Tags: , ,

Cyber attacks are not news.  They are continuous – so how do we keep up our guard?

I have to thank publicservice.co.uk for the initial thought:

The UK faces a ‘real and credible’ threat of a cyber attack on critical infrastructure, the director of GCHQ has said. Ian Lobban told the International Institute of Strategic Studies that the Strategic Defence and Security Review (SDSR) was looking at ways of increasing Britain’s resilience against the growing number of cyber attacks. Critical infrastructure including electricity supplies, the emergency services, government, financial services, communication networks, health, transport, and food and water supplies were all at risk from cyber attack, he said.

The EURIM Security by Design Subgroup reports now make more sense to me.  “EURIM recommends that action should be taken now to set out standards for IT Security based on the premise that embedded security is a fundamental principle of the design of any system supplied to the UK Public Sector and that those formulating standards draw on private sector user, not just supplier, experience.”  Their report is officially launched today, October 27th.

Whilst their are clearly values in having interoperability standards for telecommunications, the market has not picked up so well on security standards. David Lacey would appear to agree, too.    But if we are risk of losing electricity, gas, food and water, shouldn’t there be some pressure on systems designers to get together and develop practical standard?  If there were only a minimal set of entry points into the hardware (and hence software) wouldn’t it be possible to harden the equipment?  Automated and serendipitous attacks could be tested and a kite mark given if it passes.  It seems that CLAS Consultants don’t always agree on what is right – so there must be a better way.

I don’t know whether I feel better about it, but there was talk of a second strike capability at the BCS Security Forum I attended.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: