back to article Try to avoid thinking of the internet as a flashy new battlefield, warns former NCSC chief

The former head of the National Cyber Security Centre has warned that some British government figures have a “profound lack of understanding” of cyberspace, online warfare and information security. Ciaran Martin, who stepped down as NCSC chief earlier this year, also cautioned policymakers against seeing the online world as a …

  1. amanfromMars 1 Silver badge

    Well, blow me down ... was there ever a squarer peg in a round hole?

    After reading all of "Try to avoid thinking of the internet as a flashy new battlefield, warns former NCSC chief" ...... how the fcuk did Ciaran Martin ever manage to wangle his way to be a former head of the UKGBNI National Cyber Security Centre?

    1. Version 1.0 Silver badge
      Joke

      Re: Well, blow me down ... was there ever a squarer peg in a round hole?

      ...did Ciaran Martin ever manage to wangle his way to be a former head ... perhaps he won a whole bunch of DOOM games?

      1. Anonymous Coward
        Anonymous Coward

        Re: Well, blow me down ... was there ever a squarer peg in a round hole?

        He did a speedrun of manually reciting every 9 character sha256 hash and completed it.

    2. amanfromMars 1 Silver badge

      Re: Well, blow me down ... and after further reading of more elsewhere, a not so binary view

      As critical and as alienating as views shared here may be, it should not be thought and construed that they be either in opposition to or adversarial competition with novel agency initiatives and goals .... and all such agencies/centres/government bodies/private and/or pirate public facing practices are both virtually and practically brand spanking new whenever dealing with any and all types of operations and/or missions in the cyber space domain and into exercising remote command and sublime control abilities and facilities and utilities for an overwhelming and unassailable pre-eminent and predominant lead position ........... and as be not so oft frequently freely shared and revealed to all in the likes of these tales and transcripts and videoed chats online such as the one being commented on here and made available on/from the website of King’s College’s Strand Group. And many thanks indeed for that, King's College London Strand Group. Bravo.

      That’s why we built the UK’s National Cyber Security Centre in the way we did. Yes: it can covertly detect and deal with the most potent states. ....Cyber-weapons are called viruses for a reason: Statecraft and security in the digital age

      ???? I beg your pardon? Are you really being serious? All/Any available evidence, and such is surely the only evidence that is worth believing and something stable upon which anything firm and foundational can be built for further development, with hidden secret exclusive elite counsel the favourite fodder of fools hell bent on dark and dismal crusades and a pure poison to touch and partake of in either a sip or a quaff, would strongly suggest otherwise and present quite the perverse and subversive reverse. The UK's NCSC in its currently perceived form does neither of the two cited tasks effectively and to any standard which leads anything or anyone or everything anywhere worth boldly going ....

      And notwithstanding the positive rosy hues which can be painted of the internet and the wondrous opportunities available in the cyber domain, and ITs Live Operational Virtual Environments*, to consider that as a primary characteristic rather than recognise the perverse and subversive reverse as an extremely dangerous and easily possible, more all powerful sub-prime attraction ........ – and is gravely to be regarded.

      Indeed, conditions in the fields of which we now speak are eerily paralleled and were advised to be guarded against in President Eisenhower's Farewell Address to the Nation January 17, 1961 ...... and for the much the very same reason[s] ........ the acquisition of unwarranted influence where the potential for the disastrous rise of misplaced power exists and will can persist and is a Persistent ACTive Cyber Threat.

      However, it is the shapeless form of the future and that which one has to deal with, and do deals with if one wants to survive and prosper.

      * ..... "To help the discussion, I want to introduce, or arguably, reintroduce, two concepts.

      The first is cyber not just as a domain, but as an environment. It is so ubiquitous in our everyday life there is a strong case for this type of analogy." ..... Ciaran Martin

      Welcome, Ciaran. What kept you so long elsewhere?

      1. Martin Summers Silver badge

        Re: Well, blow me down ... and after further reading of more elsewhere, a not so binary view

        I came here looking for an insightful first post and all I got was aManfrommars.

  2. Mike 137 Silver badge

    Am exceptionally clear and accurate appraisal

    I've been saying much the same for years, but at last, it's been stated in public by someone likely to be listened to:

    "Our societies will never be the winners from insecure technology and an unsafe Internet. [...] Therefore, we must be unambiguously in favour of safer technology. That holds even if that sometimes makes deploying our own offensive cyber capabilities harder because a rising tide of security will, to some extent, lift all boats, including adversarial ones."

    May the tide rise and lift all our boats, While our technologies remain so fundamentally fragile, nobody wins a "cyber war" as successful retaliation is trivial.

    1. Filippo

      Re: Am exceptionally clear and accurate appraisal

      Also, the more advanced a country is, the more it depends on IT, the more vulnerable it is to cyber-attack. Making tech more secure is a tide that lifts all boats, but it lifts "our" boats higher. Demanding backdoors, keeping exploits secret and unfixed, all this sort of shenanigans, it harms "us" more than it harms "them". Figuring out a way to make things more secure for everyone isn't just good engineering; it's good strategy too.

      (scare quotes because I'm well aware of how poorly defined "us" and "them" is in this age)

  3. IGotOut Silver badge

    Is it only government bodies

    That still refer to it as "cyber"?

    I don't ever recall it being used by anyone else the last ooo 15 years?

    1. Aids

      Re: Is it only government bodies

      These days we refer to it as the 'Information Super Highway'

      1. I am the liquor Silver badge

        Re: Is it only government bodies

        Or "a series of tubes."

    2. 0laf Silver badge

      Re: Is it only government bodies

      I'm not up to date with the current pork-barrel name change for what we all once called - "information",

      If someone can let me know so I can change my job title and claim my £10k pay rise for being in fashion.

  4. Anonymous Coward
    Anonymous Coward

    Name-and-shame may not work as a deterrent...

    but it does do some good in terms of letting everyone else know who's behind it, and that investigations and defenses need to continue to be a priority.

    1. Claverhouse Silver badge

      Re: Name-and-shame may not work as a deterrent...

      I prefer the old view that having got something on one's enemy, one keeps that as a secret to keep them from knowing one knows.

  5. Claptrap314 Silver badge

    Technically correct...but missing the point entirely.

    No one expects that "naming and shaming" will have any direct or even secondary effect on RNC, or any of their ilk. That has never been the point of doing so. However, N & C in particular have been running an aggressive campaign to increase their power and influence while naming A as their enemy at least since the 80's. This campaign is both offensive and defensive, open and covert, grand strategic and tactical. The purpose of naming and shaming is to clarify to the world, and especially to domestic policy makers, that RNC are bad actors, and that it is important to seek to limit and constrain their freedom of action.

    If (and it appears to be a huge if) policy makers in the West take these new "cyberspace" attack seriously, then that becomes the basis to make life difficult for those who engage in them. We're still here, and naming & shaming is likely to have a significant impact at this level.

    1. CrackedNoggin

      Re: Technically correct...but missing the point entirely.

      “The Obama administration’s ingenious innovation of issuing criminal indictments against hostile state actors did more to deter hostile state activity than any retaliatory cyber attack: not just by embarrassing the states they accused, but by removing, for life, the prospect of travelling to the West for any of those indicted,”

      Doesn't seem as though the point was missed.

      1. Aleph0

        Re: Technically correct...but missing the point entirely.

        Perhaps I'm naive, but if those hackers are really state-backed can't they just ask their employers for a passport in a different name if they want to go on vacation? It's not like facial recognition has such a good record...

    2. You aint sin me, roit Silver badge

      Re: Technically correct...but missing the point entirely.

      How can acknowledged deterrents such as sanctions work without naming and shaming? PM stands up and announces sanctions on individuals without naming them or saying why? Nonsense.

      It's not just a war contained online, there's a war for hearts and minds. And I imagine that every leader wants to garner approval from their people by pointing out "them bad, us good". So naming and shaming is a requirement. Even if it is bullshit.

      More worrying is a security expert saying that it's obvious that we don't need to fight cyber with cyber or that the internet isn't a new battleground. That seems divorced from reality and in direct contravention of experience - from stuxnet to ransomeware to the attacks on national infrastructure such as power networks.

  6. ecofeco Silver badge

    Horse

    Barn door.

    1. You aint sin me, roit Silver badge
      Holmes

      Re: Horse

      Quite. Don't militarize the internet? Apart from the fact that it already is there's also the consideration that it's not just up to us. We've already seen our "opponents" running cyber rings round us - from Isis propaganda to nork ransomeware, with Russian bots running amok with national elections. And all kinds of paranoia about Huawei and China (just because you're paranoid doesn't mean they aren't out to get you...).

      The status quo might not be what we'd like, but it seems strange to see a security professional who doesn't recognize that the online world is already a battlefield.

      1. Strahd Ivarius Bronze badge
        Facepalm

        Re: Horse

        Was not the Internet created by the military in the first place?

        1. JCitizen Bronze badge
          Go

          Re: Horse

          D.A.R.P.A. - but they didn't have enough money to expand it to a point where its ability to hedge the bets in a nuclear war could be reached; which was why it was developed in the 1st place - and this is where Al Gore claims he started it, but only because he had enough political pull to get incentives passed in congress to reward companies that bought into the program. Thus begat the blistering pace of the world wide web.

          It was exciting times back in the mid 80s watching it all begin! It started out at first as simple dial up with paid for 1-800 numbers to access sites like CompuServe, and exploded to a type of service in and of itself. I was a broke college graduate that couldn't afford to join in the fun until the early turn of the century. I've always regretted that. I had the computer, just not the money to get online.

          1. amanfromMars 1 Silver badge

            Re: Horses for Courses

            Lots of fun and games and slush funding for able intelligent players still out there, JCitizen. Indeed, some would tell you there has never ever before been as much available ..... and from sources which were not considered engaging before .......... https://govmatters.tv/trusted-capital-and-funding-technologies/

            And just like everything else ....... pay peanuts, get monkeys rules apply.

  7. Binraider

    What garbage. If GCHQ hadn’t actively attacked Islamic State or the current round of misinformers, and instead we’d asked nicely for them to apologise it is safe to say what the response would have been.

    Actively attacking misinformation is a good thing whether it is a signals intelligence agency or a schoolteacher doing the job.

  8. Anonymous Coward
    Anonymous Coward

    It is not the bloody Russians!

    I did not vote for Brexit because the Russians told me to, I voted for Brexit because the people running the European Union are a bunch of power-grabbing lowlifes with no regard for the people whom they allegedly serve.

    If you need any more proof of how corrupt they are, just look at how the negotiations are going. Has Barnier actually managed to get to the conference room yet? He's only supposed to have been over here since JANUARY. The fact that the talks have got as far as they have without him show how important he really is...

    1. Lars Silver badge
      Thumb Down

      Re: It is not the bloody Russians!

      I am not surprised you want to comment as AC, but do you actually believe in the nonsense you write.

  9. Claverhouse Silver badge
    Thumb Up

    Threats

    Does it actually make Kim Jong-Un stop and think “Hmm, better call the cyber lads off before Dominic Raab calls me out again?”

    .

    Excellent.

    However we retain the possibility of sending Gavin Williamson with a flotilla of gunboats to North Korea.

    .

    “The Obama administration’s ingenious innovation of issuing criminal indictments against hostile state actors did more to deter hostile state activity than any retaliatory cyber attack: not just by embarrassing the states they accused, but by removing, for life, the prospect of travelling to the West for any of those indicted,” nodded an approving Martin.

    .

    Not everyone ever wants to visit America.

    1. JCitizen Bronze badge
      WTF?

      Re: Threats

      They don't have to - they still get arrested for leaving the safety of their lair - you did know that right?

      1. amanfromMars 1 Silver badge

        Re: Threats

        Is a fatwa the non westernised version of the same class of non-classy threat?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020