UK hasn't a clue about cyber crime

Despite pledging to plough a cool billion into cyber security the government still hasn’t got a clue about cyber crime, a security expert has warned.

Our source has said the government really needs to understand the threats before it can throw money at the situation. TechEye was told: “It’s hard to see what the government is actually doing in terms of cyber-crime. Over the years it’s put many initiatives in place to show that it’s trying to combat this problem but these haven’t broken any barriers.

“It seems that the new government has joined the previous Labour half baked attempt to combat this kind of crime, and it’s clear that they need to identify real threats instead of throwing money at the words ‘cyber crime'”.

His comments come after the government today naming cyber attacks as one of the top threats facing the UK. It said as part of its National Security Strategy, cyberattacks will be labelled a “Tier 1” threat, alongside terrorism, natural hazards such as flu pamdemics, and international military crises.

The paper is highlighting strategic security priorities ahead of budget cuts, with Tier 1 areas expected to hold on to their funding, or receive even more money.

Theresa May told the BBC the government had pledged to spend around £500 million on the initiative, which it is taking “very seriously”. She said it doesn’t just affect the military but everyone else too.

“We believe cyber threats are generally increasing,” she said.

Last week we reported that Western governments are looking into how to learn to go on the cyber offensive.

When we contacted Labour, the cabinet office and the Ministry of Defence none could provide further insight. The shadow cabinet told us it may be able to figure out a thing or two for tomorrow regarding our botnet concerns, before sending us a generic prepared statement.

Yvette Cooper, Labour’s Shadow Foreign Secretary said: “The Government seem to be producing a reheated security strategy to provide cover for a rushed defence spending review, rather than producing a renewed and careful consideration of the UK’s defence and security priorities….(…)…The strategy must also address new and emerging threats, including the prevalence of cyber attacks; ambitions from terrorist groups to obtain chemical or biological weapons; and working to prevent conflict in failing states. The Government should also show more diplomatic activism in the Middle East, and be at the forefront of European Union support for the continuation of direct talks.”

Our source told us that the fact the government wouldn’t comment but had put ideas in place showed that it was unsure of how to tackle cyber crime.

“The fact that no-one is willing to comment on bots and the cyber industry as a whole is worrying. We need our government to spend money on educating themselves before they can even begin to put in place strategies and give out advice to others. To not do this will be a waste of money.

“There’s still a low awareness of cyber-crime among government officials and they haven’t taken enough outside advice to be able to tackle this properly. Without proper advice from security experts the government won’t be able to help businesses from protecting their systems from cyber attacks.”

Basically no one has a clue.

Our source isn’t the only one to be sceptical. Christopher Boyd, senior threat researcher at GFI said the increased warnings in relation to “cyber terror” ahead of a spending review sounded like a move to secure funding and avoid cuts.

He added that the UK Government warned this was a “grave threat,” but continued to use Internet Explorer 6, a browser that had been largely discredited due to its numerous security flaws.

“Until recently, you couldn’t even report computer crime to the National Hi-Tech Crime Unit (NHCTU) – you had to go to a local police station and hope the officer at the desk knew what you were talking about and escalated your report to the right department,” he said.

“In order to effectively respond to growing cyber security threats – regardless of whether they are perceived or proven threats – it is essential to invest in proven technologies to identify and repel external data threats, as well as invest in people with the knowledge and expertise to anticipate and identify threats, and take appropriate action to secure key infrastructure, core networks and devices at either a national or local level.”

*Update Labour got back to us. A spokesperson said: “There is consensus across the house that cyber warfare by state and non-state actors must be taken seriously or we risk damage to our economy and vital infrastructure.”