‘The Great British Firewall’: Welcome with Caution

Charl van der Walt

Charl van der Walt

Today’s business are losing the cyber security battle and they need help, but should it come from the Government? Charl van der Walt argues that new plans unveiled by GCHQ for a ‘Great British Firewall’ should be welcomed with caution.

The announcement of what’s being referred to as ‘The Great British Firewall’ was made by Ciaran Martin, director general for cyber at GCHQ (and the first CEO of the new National Cyber Security Centre) during an address at the Billington Cyber Security Summit in Washington DC on 13 September (you can read the full speech here: https://www.cesg.gov.uk/news/new-approach-cyber-security-uk).

The securing of national physical borders has been headline news throughout 2016, with the decision to renew Trident and the ongoing Brexit debate. While some have been quick to politicise the announcement from GCHQ, or call it another example of ‘The Nanny State’, it’s important to understand the scale and scope of the threats that organisations and citizens are facing today, and how ill-prepared even the best equipped are to defend themselves.

While many of the threats ordinary businesses have to defend themselves against involve common cyber criminals, pranksters and the occasional ‘hactivist’, there are also ongoing and damaging attacks from nation state actors who harbour skills, technology and resources that far exceed what an ordinary business could – or indeed should – be expected to handle.

So, if businesses are being attacked by Government-trained and equipped hackers, surely it makes sense for Government people, technologies and resources to bolster our front line defences?

In this context, a ‘Great British Firewall’ (and firewalls for every other nation) makes good sense at first sight. However, any Government involvement in civilian affairs, and notably so when it comes from a military institution like GCHQ, should be exercised with extreme caution.

Divisions created with good reason

In democratic systems the divisions between the various civil, legal and Governmental domains are created and maintained for good reason. No-one wants to see jackbooted marines with machine guns stopping people for traffic violations on the High Street. Our tanks are intended for the defence of national security, as is GCHQ.

Military intervention in the civilian Internet would almost certainly create a conflict of interest that’s incompatible with our democratic rights to privacy, freedom of speech and freedom of association. Moreover, there could be an irresistible temptation to use this for dragnet mass surveillance or, worse still, information control.

Additionally, the fact that Internet Service Providers are being asked to implement this, rather than relying on legislation, could well provide an oversight loophole.

There’s another important aspect to this conversation, namely that Government-on-Government computer hacking efforts are creating tools, methods and skills that are spilling over into the civilian domain (because there is, of course, only one Internet that we all have to share). This is actually escalating the threats that British businesses must ultimately – and somewhat hopelessly – combat.

In light of this, it seems the next best step is for a given Government and commercial organisations to converse about cyber strategy in a holistic manner before the private sector can be expected to sacrifice its civil liberties in favour of protection from any national Government.

Charl van der Walt is Chief Strategy Officer at SecureData SensePost

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts