What News of the UK Cyber Strategy?
The first, an Office of Cyber Security (OCS), would oversee the whole of the Government’s cyber security strategy and foreign co-operation, working from within the Cabinet Office. The second, a Cyber Security Operations Centre (CSOC), would be based at GCHQ in Cheltenham, hub of the UK’s SIGINT capability. This would monitor internet ‘health’, conduct attack analysis, and develop appropriate responses, as well as inform the public and industry about online security risks.
Both were supposed to be established this month, in order to be operational by March 2010. So, what’s happened so far? How are these two prongs of the UK’s strengthened cyber policy coming along?
Anything from the Cabinet Office on its progress with the OCS? Nope, not a word. Not even a place-holding webpage. Perhaps we shouldn’t expect too much from GCHQ, but how are CSOC preparations coming along? They’re not saying.
In fact, try as I might, I can find no reliable information about either unit published after June 2009. We’ve heard a little about MI5 hiring ‘Asian teen hackers’ to ‘battle cyber terrorism‘ and why that approach is flawed.
Yesterday, the Centre for Secure Information Studies (CSIT) was opened at Queen’s University Belfast to lead the way in the UK’s fight against cyber crime, but this initiative is separate from the Cyber Security Strategy. Unless CSOC and OCS have changed their names, or have been buried for some reason, it seems as if the UK government just isn’t interested in keeping us informed about them.
If the Cyber Security Strategy is partly intended as a form of public reassurance, which we should assume it is, surely government should be better communicating its progress in this area? OK, so it’s only been three months, but compare the British approach to that of the US, which has been very open about its operations in this field, even if you disagree with them.
We presumably will hear about these units in time, but if government actually wants to be seen to be ‘doing something’, it should communicate its actions better to the public.