The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

The Right Honourable David Blunkett MP highlights need for Cabinet Minister for cybersecurity amidst discussion on future threats

Former Home Secretary was joined by security experts from BT and CERN to discuss current and upcoming key security challenges at (ISC)²® Security Congress EMEA 2014 

 
    London, 9 December 2014: The Right Honourable David Blunkett MP today iterated the need for a dedicated cabinet minister responsible for bringing cybersecurity to the forefront of business strategies and public services as imminent technology developments such as the Internet of Things (IoT) throw up new security threats. With January 2015 looking likely to be the month that wearable technology finally becomes ubiquitous, the former home secretary spoke on the first morning of (ISC)² Security Congress EMEA 2014, and outlined this lack of preparation. 

 

“There is a tendency for organisations and government, when they get hacked, to put up the shutters and not tell anyone about how difficult things really are,” said Blunkett, raising concerns over the lack of a coordinated cybersecurity approach across government and industry. “No one has sole responsibility – the MoD, NCA and the MET all have their own leaders and are accountable for their own division, but none of which are joined up. We need a cabinet minister who is directly responsible for cybersecurity to bring it to the forefront of public and business thinking.” 

 

Mr. Blunkett’s comments came during a panel session at the event in London, where he was joined by renowned security experts Dr. Stefan Lueders, head of computer security at CERN, and Ray Stanton, executive vice president of professional services at BT. The panel session was chaired by John Colley, professional head, (ISC)² EMEA, and discussed some of the future technologies and trends that threaten our security landscape. 

 

Internet of Things and quantum computing 

The panel highlighted the IoT as one of the next major security threats on the horizon. Panel members warned that these interconnected devices are finally becoming sufficiently affordable to allow widespread consumer and business adoption, with little sign that significant vulnerabilities already identified will slow down the technology’s progress. 

 

“One of the biggest challenges with IoT is that we are too rigid in basic security practices like patching,” said Lueders. “People rarely patch their computers as it is, let alone when they will have dozens of devices around their homes. Without a change in security processes based around more agile patching, this could be a huge problem.” 

 

Mr. Blunkett expressed concern that IoT devices might allow criminals to more easily trace your exact location and work out when your house is empty. “If someone wanted to burgle you, they would just need to check the settings of your IoT devices. For example, when you have the heating or lights set to come home,” he explained. 

 

Also noted was the effect that developments in quantum computing will have on security. 

 

“Some of the applications of quantum computing are not as far out as we might thing,” explained Stanton. “There’s been some recent work around the Soliloquy algorithm, which shows that this technology is starting to be used. Quantum computing has been applied to breaking algorithms. This should be of interest to us.” 

 

Changes in people and policy 

These purely technical challenges were accompanied by calls for a step change in security education, awareness and prioritisation from industry, government and academia alike. 

 

Mr. Lueders explained that security needs to play a bigger part in computer literacy from the beginning of education, not as a separate bolt on at the end. “When you teach someone real-world safety – how to cross the road, for example – it quickly becomes automatic. It’s this kind of education that needs to be applied to the online world that will make the difference.” 

 

Mr. Blunkett also talked about how government needs to change the way it uses security policy. “The investigative legislation drawn up to allow government to access encrypted communications is now being used for purposes outside its original aims, such as investigating the documents of journalists. Encryption is intended to ensure privacy, so if rules around privacy are being broken by nation states, it’s a challenge for freedom and democracy, as well as future commercial operations.”