Nick Carthew posed the provocative question on Twitter earlier today:
If cyberwarfare is the biggest threat in the 21st century why do we need to renew our nuclear deterrent? http://bit.ly/bNkBXn
There are of course a range of nuances to that question which can’t be squeezed into one tweet, but at its heart is a spot-on observation.
On the one hand, we’re now often told how internet hacking poses one of the biggest threats to our country’s future security and how illegal activities such as the hijacking of computers via bots are widespread and an extremely profitable form of crime.
On the other hand, the idea that the online world now poses a significant security threat and is home to much international criminal activity is only partially applied.
Take one simple, practical example: how resilient to crime are the products an industry sells?
Both the car and mobile phone industry have moved away from having products that were easy to steal and hard to do anything about once stolen. Whether it is stronger locks on cars or easier disabling of stolen phones, both cars and phones are a far less easy target for criminals than they used to be.
Yet in the IT industry, computers are still often sold without strong firewall and anti-virus software in place. The absence of such measures, however, makes it far easier for the international criminal networks who use bots to take over computers and use them for criminal activities.
Raising standards doesn’t require regulation (indeed, trying to regulate would almost certainly be disastrously counter-productive given the relative speed of security threats and regulation usually) – some well-aimed public pressure can be extremely effective.
Without that sort of public pressure the government risks looking like talking up the threats when it wants to justify spending money or expanding powers but not really concerned enough about the threats to be willing to embarrass a few people in the IT industry.