In the aftermath of WannaCry, experts call for watchdogs to be split from snoopers
Whoever forms the next Government will urgently need to upgrade the UK’s cyber defences, academics agreed at a seminar this week.
Staged by Institute of Legal Studies at University College London, it dealt with the aftermath of last month's WannaCry ransomware attack, which temporarily disabled IT systems in several NHS organisations.
Among the subjects on the agenda were the splitting of the National Cyber Security Centre from its parent body, Government Communications Headquarters (GCHQ), and the issues around attempting to follow official advice to ‘be vigilant’ and keep software up to date.
“We need to get a lot better at giving security advice,” Dr Steven Murdoch of the university's Information Security Research Group told the event. Pointing out that telling people not to open emails is akin to telling them not to do their jobs, he said: “It is no good blaming victims of the crime especially when there’s nothing they can do.”
Murdoch noted that last month’s WannaCry attack was spread with a worm, not email phishing, and that the Windows vulnerability it exploited had been discovered by the US National Security Agency.
"There are questions to be asked about the stockpiling of vulnerabilities by security agencies," the seminar heard. "They have two conflicting roles - to make us safer and to make us less safe in order to conduct surveillance. What is the appropriate trade-off?"
He called on the next Government to split the National Cyber Security Centre away from GCHQ and make the bodies responsible to different cabinet ministers.
There is a fear that any action will take the form of draconian controls on the web. Dr Tim Stevens, of King’s College London, said the prime minister’s threat to clamp down on encryption in the wake of the Manchester and London terror attacks "could spell serious problems. If encryption was banned, we’d all be incredibly insecure, overnight."
Labour’s former home secretary, Jack Straw, added his voice to the debate this week. In an article for the Daily Mail he wrote: “Back in 1999 when, as home secretary, I was putting together recommendations to bring intercept legislation into the start of the internet age, I proposed system of ‘third-party escrow’. My idea ran into such a barrage of opposition that I had to drop it.
"In the intervening 18 years the internet has become far more extensive and sophisticated than anyone imagined, and my proposal now needs to be revived.”
Image from istock