back to article Defence Industrial Strategy suggests the UK is ready to start taking its homegrown infosec industry seriously

In a change from its recent bombastic blather, the British government has published a new Defence Industrial Strategy that looks like it wants to put the infosec industry on a gold-plated pedestal. "Government also needs to provide complementary support to industry and ensure that the public sector can access the right skills …

  1. Doctor Syntax Silver badge

    While the IDR was full of "Global Britain" bombast even as it slashed military budgets, headcounts, and equipment programmes

    Sir Humphrey lives - "Getting rid of the difficult bit in the title"

  2. Mike 137 Silver badge

    Taking homegrown infosec seriously?

    112 page report. 367 words devoted to "cyber" apart from a column about a vaguely expressed programme of "seeking" " to adopt some simple principles" when engaging with the crypto industry" and a few passim honorific mentions of the word "cyber" elsewhere in the text. That's probably about as seriously as government is ever going to take infosec (regardless of whether home grown or not).

    The fundamental infosec problem we face is an actually increasing fragility as our infrastructure becomes more reliant on IT and the IT simultaneously becomes more vulnerable to attack. Part of this is due to inadequate practitioner skills in its design, implementation or deployment, but a large contribution is appallingly poor operational management of IT once in service. This is not a new problem nor is it restricted to any nation. We reported on it in 2016 to the US Commission on Enhancing National Cybersecurity (again the parochial emphasis: "national" as in "homegrown") and it was an established and growing problem even then.

    Fundamentally. at all stages of the life cycle, insufficient expertise and attention are being applied to protect our critical infrastructures, globally. And it is global as no nation can isolate itself in the cyber domain without disconnecting from the net.

    1. Yet Another Anonymous coward Silver badge

      Re: Taking homegrown infosec seriously?

      We all know the result will be a multi-million contract to Crapita to install McAffee

      1. RM Myers Silver badge
        Unhappy

        Re: Taking homegrown infosec seriously?

        Don't forget the training part of the contract, which will produce emails warning staff to not click on links in random emails, and will themselves include (shorted URL) links for those staff to get further information on not clicking links in emails.

      2. stiine Silver badge

        Re: Taking homegrown infosec seriously?

        Surely it would be Sophos, not McAffee.

        Also, El Reg should get a quote from Graham Cluley and see what he has to say about the lack of a UK infosec industry...

      3. JassMan Silver badge

        Re: Taking homegrown infosec seriously?

        More likely it will go to an accredited security contractor like the bunch who told ONS that the census data will be secure after using Google Tag Manager.

        Long on jargon and technobbable, short on security problems and mitigation strategies.

    2. amanfromMars 1 Silver badge

      Taking homegrown infosec seriously has one recognising Postmodern DaneGeld Protocols

      The fundamental infosec problem we face is an actually increasing fragility as our infrastructure becomes more reliant on IT and the IT simultaneously becomes more vulnerable to attack. ...... Mike 137

      Actually the more pressing and considerably more dangerous fundamental infosec problem is everything and anything being helplessly and hopelessly vulnerable to remotely launched, non-attributable IT attacks ..... virtual assaults of no real substance which lays waste to physical infrastructure and human capital alike.

      In cases like that, where effective defence is never possible as a preferred available option, an engaging and enlightening accommodation of such weapon holders' wishes/wants/requires/desires, in return for a welcome agreement that promises the non-engagement and non-deployment of almighty destructive assets, is both the best and the cheapest of all possible outcomes ...... and thus to be highly commended and recommended.

  3. Howard Sway

    This is the page I got when I just searched for TechUK

    https://www.techuk.org/site-information/

    In case they fix it, it returned a 404 not found error page.

    Truly world beating : Less TechUk and more CockUp if you can't even maintain a website.

    1. Anonymous Coward
      Anonymous Coward

      Re: This is the page I got when I just searched for TechUK

      Was it hacked or are they just incompetent?

      1. JassMan Silver badge
        Joke

        Re: This is the page I got when I just searched for TechUK

        Maybe it's a honeytrap and even now they are pursuing the blackhats who stole the page.

    2. sitta_europea Silver badge

      Re: This is the page I got when I just searched for TechUK

      Yep, still a 404. - 10:09, 29 March 2021

  4. Anonymous Coward
    Anonymous Coward

    Quote: "Existing military-industrial relationships (such as Team Complex Weapons, which builds missiles for the RAF and Navy) will be expanded to include the cyber security sector on similar terms, said the paper. This, we are told, will form part of a wider "Team UK" setup intended to deepen links between the Ministry of Defence, Department for International Trade, and the Home Office with the information security (or "cyber", as UK.gov likes to call it) world – a move that might prick up some ears in medium-sized businesses."

    *

    Yup......."deepen links" which reduce or eliminate privacy for sixty million citizens.....who are paying for the invasion of their privacy, and who can't even find out what is being done!! Funny isn't it that the government sector is exempt from GDPR!!!

    *

    So......now the government is getting MORE interested in "cyber"......watch out folks.....the STASI is being rebuilt a billion pounds at a time!!!

    1. Mike 137 Silver badge

      "the government sector is exempt from GDPR"

      The "government sector" is not exempt from the GDPR. There are certain exceptions for such activities as law enforcement and national security. These are conceptually necessary, but what appears to have happened (as always) is over-extension of the definitions and mission creep. Unfortunately, this is to be expected. However in reality we're nowhere near building a STASI here in blighty, not least because we haven't the mechanisms for making every fifth citizen an informer or the freedom to torture and imprison without due process. State intrusion into the privacy of the non-offending public is not to be condoned, but a police state is something quite different. You'd know it if you encountered it, witness what's going on in some other parts of the planet right now.

  5. Anonymous Coward
    Anonymous Coward

    This is, not for the first time on this subject, some seriously bent government PR. I have firsthand views of the lack of spend going on infosec in certain areas of the utility sector. I have firsthand evidence of instrumentation important to the financial wellbeing of the country running Windows 98SE; and even DOS; in networked environments. Ironically, pre-microelectronic systems are less vulnerable to cyber threat; though are disadvantaged that they've been out of production for over 40 years; more manpower intensive, and coming to end of electromechanical life. This may not seem a direct problem, but screw with the instrumentation and you can seriously screw with supply.

    OFWAT, OFGEM, OFCOM and other quangos responsible for establishing funding for regulated businesses all have a hand in this, but there is a serious disconnect between the objectives of those quangos, and those good people at BEIS and NSCS respectively. The latter don't hold the purse strings but carry the cyber mandate. The former won't care until something is broken that costs more than pre-emptive intervention.

    Herr Hitler employed similar tactics in the Third Reich; Divide and Conquer were the default approach, even internally. Establish multiple groups with deliberately conflicting objectives to maintain control at the top; at the expense of everyone else.

  6. sitta_europea Silver badge

    And I can STILL buy this at Amazon:

    .../Automatic-Maintainer-Intelligent-Motorcycles-Equipment/dp/B088HD9DZV

    which makes me think that it's a complete waste of time talking to my MP, Paul Scully, Kwasi Kwarteng, the Office for Product Safety and Standards, the Department for Business, Energy and Industrial Strategy, and all the other government wonks whose cages I keep rattling about the rip-offs being perpetrated on an industrial scale on me and my country and which leave UK traders who genuinely want to Do It Right, and even those who just Obey The Rules, at an almost insurmountable competitive disadvantage.

    "Ever Given" is right on the money.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021