Today’s business are losing the cyber security battle and they need help, but should it come from the Government? Charl van der Walt argues that new plans unveiled by GCHQ for a ‘Great British Firewall’ should be welcomed with caution.
The announcement of what’s being referred to as ‘The Great British Firewall’ was made by Ciaran Martin, director general for cyber at GCHQ (and the first CEO of the new National Cyber Security Centre) during an address at the Billington Cyber Security Summit in Washington DC on 13 September (you can read the full speech here: https://www.cesg.gov.uk/news/new-approach-cyber-security-uk).
The securing of national physical borders has been headline news throughout 2016, with the decision to renew Trident and the ongoing Brexit debate. While some have been quick to politicise the announcement from GCHQ, or call it another example of ‘The Nanny State’, it’s important to understand the scale and scope of the threats that organisations and citizens are facing today, and how ill-prepared even the best equipped are to defend themselves.
While many of the threats ordinary businesses have to defend themselves against involve common cyber criminals, pranksters and the occasional ‘hactivist’, there are also ongoing and damaging attacks from nation state actors who harbour skills, technology and resources that far exceed what an ordinary business could – or indeed should – be expected to handle.
So, if businesses are being attacked by Government-trained and equipped hackers, surely it makes sense for Government people, technologies and resources to bolster our front line defences?
In this context, a ‘Great British Firewall’ (and firewalls for every other nation) makes good sense at first sight. However, any Government involvement in civilian affairs, and notably so when it comes from a military institution like GCHQ, should be exercised with extreme caution.
Divisions created with good reason
In democratic systems the divisions between the various civil, legal and Governmental domains are created and maintained for good reason. No-one wants to see jackbooted marines with machine guns stopping people for traffic violations on the High Street. Our tanks are intended for the defence of national security, as is GCHQ.
Military intervention in the civilian Internet would almost certainly create a conflict of interest that’s incompatible with our democratic rights to privacy, freedom of speech and freedom of association. Moreover, there could be an irresistible temptation to use this for dragnet mass surveillance or, worse still, information control.
Additionally, the fact that Internet Service Providers are being asked to implement this, rather than relying on legislation, could well provide an oversight loophole.
There’s another important aspect to this conversation, namely that Government-on-Government computer hacking efforts are creating tools, methods and skills that are spilling over into the civilian domain (because there is, of course, only one Internet that we all have to share). This is actually escalating the threats that British businesses must ultimately – and somewhat hopelessly – combat.
In light of this, it seems the next best step is for a given Government and commercial organisations to converse about cyber strategy in a holistic manner before the private sector can be expected to sacrifice its civil liberties in favour of protection from any national Government.
Charl van der Walt is Chief Strategy Officer at SecureData SensePost