Joint Committee on National Security Strategy launches inquiry into cyber security

According to the 2015 National Security Strategy and Strategic Defence and Security Review, the impact of technology – and in particular cyber threats and wider technological developments – is one of the major security challenges facing the UK. With this in mind, the Joint Committee on the National Security Strategy has launched a dedicated inquiry into cyber security.

Margaret Beckett MP, chair of the Joint Committee on the National Security Strategy, commented: “The Internet has changed our daily lives almost beyond recognition, from the way in which we communicate to the way we trade and the way in which Government provides services to citizens. While the digital revolution has opened up a whole host of opportunities, it has also created new vulnerabilities.”

Beckett continued: “The national security implications of the leap to cyber are a matter of increasing concern. Attention has recently focused on the potential exploitation of the cyber domain by other states and associated actors for political purposes, but this is just one source of threat that the Government must address through its recently launched five-year strategy.”

The second National Cyber Security Strategy was launched in November last year to address challenges in relation to cyber security, and is armed with a total budget of £1.9 billion for 2016 to 2021. The Government has stated that it will treat a cyber attack on the UK as seriously as any conventional attack.

In calling for written submissions to the inquiry, the Committee is particularly interested in those which address:

*the types and sources of cyber threats faced by the UK

*the effectiveness and coherence of the strategic lead provided by the National Security Council, Departments, agencies and the National Cyber Security Centre

*learning points drawn from the first Cyber Security Strategy and the fitness for purpose of the second Cyber Security Strategy

*whether the UK has committed sufficient human, financial and technical resources to address the sheer scale of the cyber security challenge

*the development of offensive cyber capabilities and the norms governing their use

*ways in which the UK Government can work with the private sector to build cyber resilience and cyber skills

*the balance of responsibilities between the Government and the private sector in protecting Critical National Infrastructure

*the appropriate role for Government in regulating and legislating in relation to cyber both on the national and international stage

*how the UK can co-operate with allies and partners on the development of capabilities, standards setting and intelligence sharing

Contribute your views by accessing the Cyber Security: UK National Security in a Digital World inquiry

Will Internet privacy suffer in 2017?

It’s clear that 2016 was probably the worst year on record in terms of online privacy. There were increasingly restrictive surveillance laws introduced by Governments around the world, major online hacks – including the compromised accounts of over one million Yahoo users – and authoritarian regimes blocking the Internet to restrict the freedom of speech.

What, then, can we expect in 2017? Will these trends continue, and will we have to face more Internet freedom restrictions and hacks by criminals? VPN service provider NordVPN has offered some interesting predictions.

Increased mobile ransomware

With ransomware, a malicious program is installed on a computer that blocks the end user’s access to the system or certain files. This block is removed when the user pays the creator of the ransomware, usually in Bitcoins.

Although it’s predicted that general ransomware will decrease as new technologies are created and law enforcement operations crack down on it, the prevalence of mobile ransomware is expected to rise. Since mobile users generally have their data backed up on the cloud, mobile ransomware will aim to steal users’ bank credentials and take money directly from their accounts.

Increase in IoT malware

Unfortunately, the Dynn DDoS attack last October wasn’t an isolated event. As Internet of Things (IoT) devices become commonplace, they will continue to come under attack.

As these smart devices are what’s known as ‘stick’ – ie people who buy them rarely replace or upgrade them – the IoT device makers often include only minimum features, shortening the development process and cutting costs. This is particularly dangerous for privacy, since lesser security features means easier backdoor access. When one device is compromised, the hacker can easily overtake the whole system of interconnected devices.

Smart devices shipped out during 2017 may have back doors and malware already installed. This will be a huge privacy concern.

Drone-jacking

With drones becoming increasingly popular as both a hobby and a business, it’s only logical that they will become more ubiquitous in 2017. Unfortunately, there has been some evidence to suggest that it’s possible to hack drones and take control of them. Amazon and UPS have both announced that they plan to deliver their packages to consumers via drones. A hacker could possibly take control of the drone and thereby intercept the package meant for the consumer.

Beyond that, many law enforcement agencies are using drones for surveillance. It’s predicted that surveillance drones might be intercepted to disarm the video and audio feeds.

Greater censorship and Government surveillance

According to Freedom House, Internet freedom has been on the decline for six straight years and, what’s more, there’s no sign of that situation abating.

In 2016, there were huge Internet liberty crackdowns such as the introduction of strict data retention laws (ie here in the UK and Poland, etc.) and laws attacking communications apps such as WhatsApp and Viber, as well as blocking certain social media sites. These crackdowns on communication apps and social media sites go hand-in-hand with attempts to limit citizens’ privacy and increase mass surveillance. NordVPN suggests that this may well be the greatest threat to privacy of them all.

It seems that Internet privacy will be declining even more around the world in 2017. For example, Americans fear that the new administration might ‘erode cyber privacy’ while the UK now has an “unprecedented” surveillance law that allows for mass hacking, among other things, which could lead to massive data breaches.

However, the recent EU court ruling was something of a setback for the UK’s new surveillance law.

Securing your web presence

In order to best protect your privacy, it’s imperative to be vigilant in all online activities. Internet users need to be careful not to click on strange e-mailed links, not to download from unofficial app marketplaces, to always have strong passwords in place and to be generally cautious when operating in the online domain. Learning about Internet privacy Best Practice is strongly advised as we head into 2017.

It’s also highly recommended to use secure privacy tools, such as VPNs, which help to hide the user’s true location (ie IP address) and encrypt all the information that’s being transferred through the Internet. Such a user becomes impossible to track.

In general, there’s no reason to believe that global privacy will fare any better in 2017 than it did last year, and so it’s most likely that both criminal elements online and mass data collection initiatives will pose data breach threats. Internet users need to take their own precautions in order to stay secure and private online.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts