COUNTER TERROR EXPO 2011 PROFILES COMMERCIAL ASPECTS OF UK CYBER RESLILIENCE
By Yvonne Headington
28 Apr 11. This week it was revealed that the Sony PlayStation network had been compromised and the personal data of some 77 million customers may have been stolen. Such high-profile hack-attacks serve as a timely reminder of today’s pervasive threats in cyberspace.
The challenges faced by private and public sector organisations were explored by a number of speakers during the Counter Terror Expo held at London’s Olympia on 19th and 20th April. The exhibition also provided an insight into the technologies available for mitigating the impact of cyber attacks.
The importance given by Government to the threat cannot be overstated. Aside from the obvious implications of the cyber threat for security, Government and public bodies, the commercial sector also has an important part to play in ensuring Critical National Infrastructure (CNI) and supply chain resilience.
The UK’s National Security Strategy (NSS), published in October 2010, identifies “hostile attacks upon UK cyber space” as a Tier One Priority Risk. Based on the Government’s National Security Risk Assessment (NSRA), the NSS has established a three-tier framework for prioritising generic ‘risk types’, in order to provide an insight into potential future threats to national security (as opposed to a forecast).
As stated in the NSS: “Government, the private sector and citizens are under sustained cyber attack today, from both hostile states and criminals.” Cyberspace “is integral to our economy and our security and access to the internet, the largest component of cyberspace, is already viewed as the ‘fourth utility'”.
The Strategic Defence and Security Review, published alongside the NSS, singled out cyber security to receive £650m of new Government investment over the next four years. Funding is being directed towards strengthening the Office of Cyber Security and delivering a ‘transformative’ national cyber security programme. The success of this programme “also depends on the critical role that the private sector has to play”.
Addressing the broad range of risks identified by the Government’s NSRA, Stuart Sterling (Assistant Director, Corporate Resilience within the Cabinet Office Civil Contingencies Secretariat) highlighted concerns about the level of Business Continuity Planning (BCP) within the private sector – and small businesses in particular.
According to the Chartered Management Institute’s (CMI) latest business continuity management survey Managing Threats in a Dangerous World (March 2011) 71% of large organisations have BCP in place compared with 54% of small businesses. However, large organisations include a prevalence of public sector concerns (which are subject to Civil Contingencies legislation) and this may account for the higher incidence of BCP within this group. For the private sector the overall figure is 48% and this rises to 68% for large private sector companies. The lower incidence of BCP among smaller firms is probably due to a number of self-evident reasons; such as time, money and resources.
The CMI survey also records data on the pervasiveness of cyber and information security threats. Almost one third of organisations have experienced some form of IT disruption within the previous 12 months, as shown in the Table:-
Cyber Threats 2011 %
Infection by a virus or other malicious software 32
Staff losing confidential information 12
Significant attempt to break into network 9
Staff leaking confidential information 7
Denial of service attack 2
by unauthorised outsider into your network 2
Source: Managing Threats in a Dangerous World, CMI, March 2011.
Real-time Data Vulnerabilities
With experience of large scale automated industrial pr