Cyber security as a political issue? Undoubtedly. What makes it so is that governments and politicians at large recognise national interest is heavily impacted by the influence of cyber – now generally used to refer to all automated or computerised systems, in terms of both hardware and software – because cyber is the horizontal element that underpins economic life.
With globalisation enabled by transport technology, communications technology and global markets, and cyber used so widely within the economy and our personal lives, its reach extends deep into the political landscape. Cyber runs our economy, it can be used to reach large amounts of the population, for committing crime, be weaponised and it affects national security – and therefore the state – at its core. All of which means that it has a direct impact on public interest and therefore attracts political attention.
UK government figures suggest cyber breaches have hit 93% of large corporations and 87% of small firms, with these attacks often criminally inspired. In some cases, governments may even be the actual perpetrators, of politically motivated attacks, sometimes resorting to hiring criminal gangs where they do not have the ‘in-house skills’ or simply don’t want the attribution themselves.
The bottom line of all of this? First and foremost, the threat of cyber-attacks is driving many states and businesses to devote ever greater resources to combating the challenge. At the same time, technology is jumping the curve so frequently that our approach to privacy is taken over by this rapid change of technology forcing evolution. And before the technology has time to mature in a certain segment, it jumps the curve again. This creates tensions and risks over-extending security or privacy at the detriment of other fundamental rights. So what role should government play in this? I believe its primary responsibility here is to look at ways in which it can deliver the right regulatory protections, while also creating the economic conditions that allow technology to foster. So there should be more supporting of start-ups, greater investment in educational resources and more funding for research and development to promote and attract innovation.
As far as regulatory protection is concerned, this is a massive undertaking. Some regulatory intervention will clearly happen as the market and the debate matures. Yet regulation is not always the answer. It’s not easy to buy a gun in the UK, for example, but it is to buy an online attack tool at low cost. Also, cyber is cross-border, so law enforcement agencies are challenged by the fact that their investigations depend on the skill of the attackers and the number of jurisdictions involved – i.e., the complexity of the investigation. How then can you deter anyone from cybercrime? How do you maintain relationships with neighbouring countries? We have highly established regulations around maritime activity and movement now, and while there are clear rules around cybercrime, too, international cooperation at the law enforcement level is going to take time.
As for as what Symantec can do to help combat the cyber threat, our fundamental role as a technology provider is to make sure we keep providing the solutions that are capable of responding to the needs of our customers, affording them the right levels of protection. It also means continuing to engage with governments around the world in an advisory capacity, promoting information security best practices.
Wherever technology races ahead, so will the cyber criminals – and so will Symantec, in its commitment to serving both as a cyber defender and engine of economic growth.
For more information please read the Full Government Report of this year’s Symantec Internet Security Threat Report.