In a speech this week, delivered at the Govnet National Security Conference, he spoke about the need to redefine what is meant by the critical infrastructure of the nation and how it is protected in the digital age.
He said that cyberspace is abused by people, because, he said, cyber crime, cyber espionage, cyber terrorism, cyber vandalism, even the use of cyber in warfare, are all just human pursuits – simply crime, espionage, terrorism, vandalism and conflict by another means.
Harvey said: “The difference is the method, not the outcome or the intent – stealing money is stealing money regardless of whether it is done by pickpocketing or hacking.
“So I do not agree with those who say we need a massive raft of new criminal offences relating to the internet.
“What we do need is to become smarter in preventing, detecting and prosecuting the use of cyberspace for criminal ends. This is why we are investing in capabilities that enable law enforcement agencies to combat criminal activity in cyberspace.”
‘Cyber hygiene’
Harvey said that a great deal of the current threat can be dealt with through the application of what he’d call basic ‘cyber hygiene’.
This, he said, is the commonsense application of security measures that are simple to follow and easy to implement:
– keep your anti-virus software up to date
– regularly scan your computer for viruses
– do not post sensitive personal information on open sites
– do not open email attachments from senders you do not recognise
– do not download files you are unsure of.
He said: “The MOD’s own networks are under daily attack as are networks across government. Between 2009 and 2010, cyber-related security incidents more than doubled at the MOD.
“The MOD’s new Global Operations and Security Control Centre provides a state-of-the-art facility in which we are able to bring together all the essential capabilities required to protect our own defence systems, but we know we will need to do more.
“We must accept that the security measures we are expected to adhere to at work apply equally, and, just as importantly, at home.
“This is the thrust behind the new campaign in my own Department – changing behaviours, changing mindsets.”
Ensuring resilience and security
Harvey said that those of us with responsibility for national security must ensure resilience and security in our critical national infrastructure.
He said: “Traditionally when we talk of our CNI we are referring to the utility network, transport systems and the energy grids that power the country and keep us going.
“Protecting this has been about physical sites and physical assets around the country – power stations, reservoirs, distribution centres. But the context has changed. We need to think differently about what it is essential to protect and how we do that.
“The digital networks which sustain our critical national infrastructure should be considered part of that infrastructure itself.
“Networked telecommunications underpin the UK business and banking system, they underpin the process of government, they underpin public access to everyday services and they underpin our security posture.”
Effective response
Harvey said this is about making sure our emergency services can effectively respond to a serious disaster situation and about making sure we consider the importance of digital networks to the financial system the country relies on, and it is about making sure there is resilience in the digital networks that allow day-to-day governance to continue, in Westminster and across the country.
Harvey said: “Our approach to security in the physical world and in cyberspace needs to be seamless.
“The National Security Strategy has made a start in this process, elevating cyber attack into the top rank of threats to national security and creating the new National Cyber Security Programme.
“The MOD has created the Defence Cyber Operations Group to ensure that our own departmental work is linked in.
“The new National Cyber Security Strategy currently being developed will take forward this comprehensive, cross-government approach.
“Its key themes – economic prosperity, increased national security and the protection and promotion of our way of life – embrace the kind of expanded concept that I outlined earlier.
“We have to be careful we don’t overextend ourselves or lose focus on what is essential to protect. But we must do so with a new mindset, not just concentrating on protecting concrete and steel, but encompassing cyberspace too.”
Break down barriers
Harvey also spoke about working together, saying because the cyber challenge has further blurred security boundaries, it means we have to break out of our silos, break down barriers and break new ground in the creation of a new security partnership between government, business, academia and private citizens,:
“The first step to improving national cyber security will be to get organisations properly sharing information on common threats so that combined responses can be made,” he said.
“To be successful this project must cover as many sectors of the UK economy as possible.”
Cyber Security Challenge
Supporters and sponsors of the Cyber Security Challenge have also commented on the issue.
Paul Midian, director of Consultancy at the Institute of Risk Management, said: “Great public awareness of cyber security is vital in the battle against online crime.
“Firstly because human errors which could be easily eradicated through better education are often the cause of security breaches.
“And secondly because we must increase the numbers of people moving into cyber security jobs if we are to keep our information secure from increasingly well funded criminal organisations.
“As a result IRM has been a major supporter of the Cyber Security Challenge UK, which through its online games and competitions, is raising awareness of cyber security amongst our technology savvy population in the hope of finding the cyber defenders we desperately need.”
Terry Neal, EMEA director at the SANS Institute, said: “Whilst broader public awareness of better security practise in the workplace and at home can only be a good thing, there must be a real emphasis on business and government working together to find solutions.
“At SANS, we have worked alongside the Cabinet Office and major UK cyber security employers as part of the Cyber Security Challenge UK to find the next generation of cyber security professionals to work alongside the wider public and protect our critical infrastructures.
“The Challenge is a great example of the type of strategic partnerships between government, business, academia and citizens that Nick Harvey spoke of today which represent our only hope of securing our future.”