Today the leader of the free world – a big hand for President BARACK OBAMA - and the UK prime minister, David Cameron, will meet to discuss, amongst other things, the issues around cyber security which recent events in Paris have brought into the spotlight.
As part of the talks it’s expected that the UK and US governments will get together to talk about the possibilities of joint testing of cyber security levels via some sort of cyber war games, as well as the usual arguing over encryption and data sovereignty aka establishing who has more rights to snoop on us, the NSA or GCHQ?
The first of a series of joint UK-US war games will simulate online attacks on the City of London and Wall Street to assess the quality of the large financial institutions' defences against malicious hacking. The tests will involve UK and US intelligence agencies as well as organisations such as the Bank of England and several large commercial banks.
The tests will be followed up by further exercises to test critical national infrastructure in the two countries, such as the computer systems controlling power supplies and the road and rail networks.
The governments will also establish a joint "cyber cell" on each side of the Atlantic where intelligence agents will work together to share information about threats and respond to any attempted attack.
All of this talk of war games has understandably created some debate in the industry on how businesses perceive and act on the current cyber threats and the level of security currently in place. Recent finding by Fujitsu show that only a third of financial services organisations were ‘very’ confident that they would be able to guarantee security measures in the event of an IT failure.
Commenting on the talks Robert Norris, Director of Enterprise and Cyber Security at Fujitsu said, “With the constantly shifting threat landscape it is imperative now for organisations to be able to respond to threats quickly and effectively. The collaboration between the US and UK will bring together companies at the forefront of the cyber security industry to share knowledge, skills and technologies which will help to address these growing threats and strengthen the defences already in place.”
Ross Brewer, VP and MD for international markets at LogRhythm, thinks this maybe a case of too little too late. “In the UK, we have seen the Waking Shark exercise and the Bank of England employee ethical hackers to test its infrastructure in recent years. However it is only worthwhile if the lessons learned are acted upon and shared with a wider audience. It doesn’t matter which industry you are in, or which country you live, it’s still us against the bad guys.
“The problem that we are still seeing in many industries is that far too many are still failing to take a proactive approach to cyber security. This is simply not good enough at a time when major breaches are hitting our headlines on a daily basis. Businesses need to be constantly prepared for an attack and any of those in this programme who aren’t doing this should expect to be exposed. The only way to ensure they have the best possible chance of keeping today’s sophisticated threats out is through 24/7 monitoring of all network activity, which needs to begin now, not as a mere afterthought. Any industry that underestimates the importance of continuous monitoring will ultimately regret that decision – and by then, it may be too late.”