Last night, ISRS Chair, Rt Hon Lord Reid of Cardowan, was interviewed on the BBC World Service’s Newshour about cybersecurity and resilience, and the launch of Cyber Doctrine.
John’s interview begins at 37.40.
A full transcript is below.
BBC World Service Newshour’s Lyse Doucet interviews Lord Reid – 8 June 2011
LD: An attack a day and even more on the Ministry of Defence in London, that’s what Britain’s Minister of Defence, Liam Fox has revealed in talking about the threat posed by ‘cyber attacks’. Another report said the attack on the sensitive computer network could run into thousands every month. The growing dangers of ‘cyber crime’ have been concentrating minds in western capitals around the world. This growing evidence of the threat comes from many sources, whether it’s clever hackers or criminal networks in states as well. Accusing fingers have been pointed in recent years to both China and Russia. So how should Governments tackle the threat? John Reid is a former British Home and Defence Secretary, he’s now Chairman of the Institute of Security and Resilience Studies here in London. I asked him what he made of the figure of thousands of attempted infiltrations.
JR: That’s only the tip of the iceberg; there are other estimates on the American whole public system which has proven to be 50,000 an hour. Now that doesn’t mean to say they’re all malware or they’re all vicious attacks but these are unidentified and un-attributable entries into their system. The one thing it does illustrate I think, whether it’s in the United States, here, China or anywhere else in the world, is that we’re dealing not just with the new technology, we’re dealing with a completely new domain. This is a man-made environment – probably the first man-made environment and it permeates absolutely everything we do, it’s almost like a force of nature like the sea or the weather. The old legal structures and political structures, government powers and the business cultures and so on are so often inadequate and why I and others at the Institute of Security and Resilience Studies want to try and address this bigger picture, get a conceptual framework for handling them in the absence of the ability of our inherited legal structures and powers to do so.
LD: Well it’s interesting that you use the metaphor about force of nature because what we’re seeing is that the forces of nature are getting so much more brutal and devastating such as governments and others can’t keep up with them. Is it the same in this sphere of cyber attacks?
JR: Well it is to some extent you see, because although there are a lot of good people doing lots of good things, they tend to be doing it in sort of silos so that we’re technologically patching up this or that system, when a virus is found here we’re patching up this computer system or this software system so what’s missing from that is if you like, a conceptual framework. I call it a doctrine and that is what we’re going to try and start rolling at the end of June in London and although we’re launching it through the Institute in London, it’s open to everyone to take part in and we hope that the lead will be taken in building on this by governments and corporates and bright individuals throughout the world.
LD: You’re emphasising this that every country has to do it but these threats are transnational, we’ve seen some rollback on intelligence cooperation, is this an area where it really does have to be transnational?
JR: Oh I think the nature of this cyber is that it is transnational and just as in the beginning when people started on the sea, a great force of nature to expand across the seas when the great empires did it, they had to develop a doctrine for handling risks, for reassurance, for piracy, for all sorts of dangers that came alongside the opportunities. Now that was a big enough problem. With cyber it’s even more difficult because of course generally with the extension of empires, there are one or two powers, now, cyber, the internet, digital communications empower every individual on this globe potentially, not just states but non-state actors and therefore you not only get old legal frameworks that are not capable of keeping up with the threats, possibilities and dangers of the cyber environment, but the present power structures – national and international are also rendered relatively impotent since cyber itself is passing power down to individuals. One of the elements has to be continual innovation. If you’d like me to give you an example, in most of the countries in the world when you recruit to the public sector, you look for selection criteria for the people who will join it, including their tendency to stay within the rules, to think within the guidelines, to adhere to the common discipline, not to think outside the box, not to rebel, but it’s precisely that type of thinking that is necessary in the new cyber environment.
LD: And that was Lord Reid of the Institute of Security and Resilience Studies in London talking about the going threat posed by cyber attacks