While the IDR was full of "Global Britain" bombast even as it slashed military budgets, headcounts, and equipment programmes
Sir Humphrey lives - "Getting rid of the difficult bit in the title"
Defence Industrial Strategy suggests the UK is ready to start taking its homegrown infosec industry seriously
In a change from its recent bombastic blather, the British government has published a new Defence Industrial Strategy that looks like it wants to put the infosec industry on a gold-plated pedestal. "Government also needs to provide complementary support to industry and ensure that the public sector can access the right skills …
-
Thursday 25th March 2021 15:36 GMT Mike 137
Taking homegrown infosec seriously?
112 page report. 367 words devoted to "cyber" apart from a column about a vaguely expressed programme of "seeking" " to adopt some simple principles" when engaging with the crypto industry" and a few passim honorific mentions of the word "cyber" elsewhere in the text. That's probably about as seriously as government is ever going to take infosec (regardless of whether home grown or not).
The fundamental infosec problem we face is an actually increasing fragility as our infrastructure becomes more reliant on IT and the IT simultaneously becomes more vulnerable to attack. Part of this is due to inadequate practitioner skills in its design, implementation or deployment, but a large contribution is appallingly poor operational management of IT once in service. This is not a new problem nor is it restricted to any nation. We reported on it in 2016 to the US Commission on Enhancing National Cybersecurity (again the parochial emphasis: "national" as in "homegrown") and it was an established and growing problem even then.
Fundamentally. at all stages of the life cycle, insufficient expertise and attention are being applied to protect our critical infrastructures, globally. And it is global as no nation can isolate itself in the cyber domain without disconnecting from the net.
-
-
Thursday 25th March 2021 16:35 GMT RM Myers
Re: Taking homegrown infosec seriously?
Don't forget the training part of the contract, which will produce emails warning staff to not click on links in random emails, and will themselves include (shorted URL) links for those staff to get further information on not clicking links in emails.
-
-
-
Friday 26th March 2021 16:53 GMT amanfromMars 1
Taking homegrown infosec seriously has one recognising Postmodern DaneGeld Protocols
The fundamental infosec problem we face is an actually increasing fragility as our infrastructure becomes more reliant on IT and the IT simultaneously becomes more vulnerable to attack. ...... Mike 137
Actually the more pressing and considerably more dangerous fundamental infosec problem is everything and anything being helplessly and hopelessly vulnerable to remotely launched, non-attributable IT attacks ..... virtual assaults of no real substance which lays waste to physical infrastructure and human capital alike.
In cases like that, where effective defence is never possible as a preferred available option, an engaging and enlightening accommodation of such weapon holders' wishes/wants/requires/desires, in return for a welcome agreement that promises the non-engagement and non-deployment of almighty destructive assets, is both the best and the cheapest of all possible outcomes ...... and thus to be highly commended and recommended.
-
-
Sunday 28th March 2021 10:18 GMT Anonymous Coward
Quote: "Existing military-industrial relationships (such as Team Complex Weapons, which builds missiles for the RAF and Navy) will be expanded to include the cyber security sector on similar terms, said the paper. This, we are told, will form part of a wider "Team UK" setup intended to deepen links between the Ministry of Defence, Department for International Trade, and the Home Office with the information security (or "cyber", as UK.gov likes to call it) world – a move that might prick up some ears in medium-sized businesses."
*
Yup......."deepen links" which reduce or eliminate privacy for sixty million citizens.....who are paying for the invasion of their privacy, and who can't even find out what is being done!! Funny isn't it that the government sector is exempt from GDPR!!!
*
So......now the government is getting MORE interested in "cyber"......watch out folks.....the STASI is being rebuilt a billion pounds at a time!!!
-
Monday 29th March 2021 06:57 GMT Mike 137
"the government sector is exempt from GDPR"
The "government sector" is not exempt from the GDPR. There are certain exceptions for such activities as law enforcement and national security. These are conceptually necessary, but what appears to have happened (as always) is over-extension of the definitions and mission creep. Unfortunately, this is to be expected. However in reality we're nowhere near building a STASI here in blighty, not least because we haven't the mechanisms for making every fifth citizen an informer or the freedom to torture and imprison without due process. State intrusion into the privacy of the non-offending public is not to be condoned, but a police state is something quite different. You'd know it if you encountered it, witness what's going on in some other parts of the planet right now.
-
-
Monday 29th March 2021 09:03 GMT Anonymous Coward
This is, not for the first time on this subject, some seriously bent government PR. I have firsthand views of the lack of spend going on infosec in certain areas of the utility sector. I have firsthand evidence of instrumentation important to the financial wellbeing of the country running Windows 98SE; and even DOS; in networked environments. Ironically, pre-microelectronic systems are less vulnerable to cyber threat; though are disadvantaged that they've been out of production for over 40 years; more manpower intensive, and coming to end of electromechanical life. This may not seem a direct problem, but screw with the instrumentation and you can seriously screw with supply.
OFWAT, OFGEM, OFCOM and other quangos responsible for establishing funding for regulated businesses all have a hand in this, but there is a serious disconnect between the objectives of those quangos, and those good people at BEIS and NSCS respectively. The latter don't hold the purse strings but carry the cyber mandate. The former won't care until something is broken that costs more than pre-emptive intervention.
Herr Hitler employed similar tactics in the Third Reich; Divide and Conquer were the default approach, even internally. Establish multiple groups with deliberately conflicting objectives to maintain control at the top; at the expense of everyone else.
-
Monday 29th March 2021 09:24 GMT sitta_europea
And I can STILL buy this at Amazon:
.../Automatic-Maintainer-Intelligent-Motorcycles-Equipment/dp/B088HD9DZV
which makes me think that it's a complete waste of time talking to my MP, Paul Scully, Kwasi Kwarteng, the Office for Product Safety and Standards, the Department for Business, Energy and Industrial Strategy, and all the other government wonks whose cages I keep rattling about the rip-offs being perpetrated on an industrial scale on me and my country and which leave UK traders who genuinely want to Do It Right, and even those who just Obey The Rules, at an almost insurmountable competitive disadvantage.
"Ever Given" is right on the money.
Biting the hand that feeds IT
