Another Notch In 'Cyber Threat' Rhetoric's Belt: Former UK Head Of Cyber Security Brings 'AIDS Epidemic' Into The Mix

from the the-true-risk-of-'unprotected'-surfing dept

Wed, Jan 16th 2013 2:19pm — Tim Cushing

Well, we've seen the always-impending cyberdoom compared to all sorts of horrendous events by legislators and security agencies. The perpetually-just-over-the-horizon cyberattacks have been given catchy names like "cyber-Pearl Harbor" and "cyber-9/11" in an attempt to scare up some support for terrible legislation and expansions of power.

The UK's former head of cyber security has taken a slightly different tack, avoiding the terrorist imagery in favor of something even more dubious.

Major General Jonathan Shaw, a former head of cyber security at the Ministry of Defence, said people must be told to improve their computer security because the UK is "extremely vulnerable" to attack by criminals and terrorists.

He said there is a "special responsibility" on all citizens to improve their "cyber hygiene" as private computers are the easiest to attack.

Speaking on BBC Radio Four's Today programme, Major General Shaw said the Government must "launch a cyber hygiene campaign like they did with the AIDS epidemic in the 1980s".

He said individuals are "on the front line" and must be warned their computers are at risk, as the Government is "not in charge of cyber space".

He's got that last part right. The government isn't in charge of cyber space, no matter how much it wishes to be. But owners of "private computers" have had "cyber hygiene" information available for years. If the UK government wishes to start a campaign to inform the public of the dangers prevalent on the web, I have no problem with that. The campaign will be mostly redundant and will have little impact on the number of infected private computers, but that's the way these things go. Actively keeping a computer free of malware, spyware and viruses takes a little effort and knowledge (and sometimes, a little money), but for many people, that "little" extra is too much.

Furthermore, it's tough to see how private individuals are "on the front line" of this so-called "cyber war." If there are key areas of infrastructure (say, the ever-popular power grid) that seem vulnerable to attacks by criminals and terrorists, how does erecting a firewall on a home computer prevent that? If these agencies feel they are threatened by cyberattacks, they need to do more policing on their end and make sure that critical systems are inaccessible from "personal" computers -- like preventing "cross-contamination" by keeping possibly infected "personal" media (thumbdrives, etc.) from connecting with critical systems or issuing "locked-down" computers for telecommuters. There are many more effective actions that could be taken by the "threatened" entities, but trying to keep the public's private computers from being conscripted into the latest botnet isn't one of them.

Lastly, conflating malicious activities with a communicable disease, even indirectly, is hardly a good idea, especially when the disease chosen is one with a loaded political and sociological background. It trivializes the impact of AIDS and generally makes the public feel the severity of the threat is overstated. Even if the aim is admirable (get more computer users to protect themselves from attacks), Shaw's unfortunate wording undermines his message.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, cyberthreats, exaggeration, jonathan shaw, uk

32 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

rw (profile), 16 Jan 2013 @ 12:40pm

Infection
Personally, I'm more concerned about catching something from government computers and websites than about any of the others.
[ link to this | view in chronology ]
Lord Binky, 16 Jan 2013 @ 2:33pm

Totally can get AIDS from Cyber stuff
True Story: I knew this guy that caught ebola from clicking a link in his e-mail.
[ link to this | view in chronology ]
- Jesse (profile), 16 Jan 2013 @ 8:32pm
  
  Re: Totally can get AIDS from Cyber stuff
  I'm pretty sure AIDS doesn't have that much to do with hygiene, so at least his analogy would be just as ineffective as what he is proposing.
  [ link to this | view in chronology ]
- Anonymous Coward, 17 Jan 2013 @ 12:21am
  
  Re: Totally can get AIDS from Cyber stuff
  Are you sure it wasn't the West Nile/D2 worm?
  [ link to this | view in chronology ]
anonymous dutch coward, 16 Jan 2013 @ 2:35pm

look who is talking
how many laptops, memory sticks and pc's are lost by UK defense personnel every year again? clean up own your own act first.
[ link to this | view in chronology ]
- Anonymous Coward, 17 Jan 2013 @ 12:25am
  
  Re: look who is talking
  Indeed. And some of those have information that is genuinely damaging, such as the names and locations of all MI operatives in Palestine, Syria and Egypt, as well as those in Pakistan and Russia.
  [ link to this | view in chronology ]
Big Al, 16 Jan 2013 @ 2:39pm

Appliances
Unfortunately computers have been promoted and bought as just another 'appliance'.
With a washing machine you just turn it on and it cleans the clothes. With a TV set you turn it on and watch the broadcast. With a computer (PC, laptop, tablet) you just turn it on and get your email or surf the web.
Just as the average person doesn't perform a weekly service of their washing machine or TV set, neither do they see the need to do anything about their computer (until it is so riddled with malware that it just stops working).
[ link to this | view in chronology ]
bob, 16 Jan 2013 @ 2:39pm

there will be a change
if the govt hypes cyber threats then companies will take advantage of that to offer or sell more AV services.
there will be a shorter path for people to get "properly" protected because there will be links on amazon, as you shop for golf clubs, to also purchase kaspersky.
many purchased these two things together!
- Titanium Driver,
- Kaspersky Internet Security
and it will, in the end, increase the number of people taking at least some minimum effort to protect their PCs.
even though "a little bit extra" is too much right now, it won't be once they are scared by the govt into "realizing the dangers".
[ link to this | view in chronology ]
Anonymous Coward, 16 Jan 2013 @ 2:50pm

Wait a second. I knew I could get AIDS or other STIs from being too promiscuous face-to-face... but now they're telling me I can get them from cyber?
[ link to this | view in chronology ]
sorrykb (profile), 16 Jan 2013 @ 3:03pm

Furthermore, it's tough to see how private individuals are "on the front line" of this so-called "cyber war."

It's quite easy to see if (like Shaw) you envision a "cyber war" that puts government on one side and private individuals on the other.
[ link to this | view in chronology ]
Anonymous Coward, 16 Jan 2013 @ 3:11pm

Or the same side...
If you consider the Government the back line in Chess and the Public the front line of pawns....

Everyone knows pawns are expendable, until one of them makes it to the other side and becomes the queen (aka gets into Politics and becomes either a politician or lobbiest).

Okay, this is so true it's just sad...
[ link to this | view in chronology ]
James Smith, 16 Jan 2013 @ 3:16pm

cyber front line
it's tough to see how private individuals are "on the front line" of this so-called "cyber war."

Well if the home user pc is infected it could become a zombie and be used in anetwork to brute force or ddos websites or other computers or even to decrypt sensitive info gained from another attack.

James
[ link to this | view in chronology ]
Anonymous Coward, 16 Jan 2013 @ 3:24pm

The people most unwilling to take the time, effort, and money to properly learn about and secure their computers are also largely the same group of people who are too unwilling to take the time to become informed about their politicians and hold them accountable for their actions and keep electing the same tired, inept, and incompetent people into office term after term after term. The last thing these politicians want is for there constituency to become properly informed about just about anything, so basically this campaign is going to be all style and flash and very little substance, like most of the dog and pony shows they put on.
[ link to this | view in chronology ]
- letherial (profile), 16 Jan 2013 @ 3:33pm
  
  Re:
  I will call this out...you have no proof of any of this, I have met brain surgeons who needed help with malware, just because somone doesnt take the time to learn there computer doesnt mean they are ignorant...they just may not have time and are willing to pay others to do it for them, i look at it as job security.
  
  I am sorry but your are the kettle calling everyone black.
  [ link to this | view in chronology ]
  - Anonymous Coward, 18 Jan 2013 @ 12:41pm
    
    Re: Re:
    >just because somone doesnt take the time to learn there computer doesnt mean they are ignorant
    
    Correct me if I'm wrong, but isn't that the text book definition of ignorant? I think the word you're looking for is "stupid", in which case I would agree. You can't be an expert in EVERYTHING, and it's foolish to try.
    [ link to this | view in chronology ]
- Anonymous Coward, 16 Jan 2013 @ 3:53pm
  
  Re:
  If you want some quiet you can either sound proof the entire house or buy cheap ear plugs.
  
  If you want secure data you secure the data not the channel it travels in.
  
  If you want better politics you change the politics rules not the players.
  
  The problem with politics is that the system is broken is not the people that go in it, because they don't matter, the outcome of that system will always be the same, so change the system.
  
  If you don't want people speeding don't build straight roads.
  
  The outcome of any system is responsibility of the system builder, not the users.
  [ link to this | view in chronology ]
Krish (profile), 16 Jan 2013 @ 3:57pm

herpes would make a better analogy
While I do think that using HIV is not in the best taste, I do think the analogy with STDs is a good one. Your shitty password on Facebook makes it more likely that scammers will gain access to more of my private information. That puts me in more danger and, in turn, makes it more likely that I will be scammed.

Then again, the analogy only makes sense if everyone is having sex with everyone else.
[ link to this | view in chronology ]
Anonymous Coward, 16 Jan 2013 @ 5:38pm

So now we can get AIDs from a computer? I guess it is time to have a sit down with it and talk and tell about where it's been and how unfaithful it is.

Who knew you were at risk from your computer?

/scarcasm
[ link to this | view in chronology ]
Anonymous Coward, 16 Jan 2013 @ 5:52pm

they have been calling them VIRUS'S for years
Masnick have you just found this out ??

Yes, the home computer is the front line and is by far the most common target for computer virus's and hacking.

There is nothing wrong with trying to increase public awareness of these problems, and explaining that protecting internet infrastructure does not ensure you home computer connected to that infrastructure is safe.

To state that you are safe is a lie, I keep hearing you say Masnick that you are knowledgeable in things related to technology.

So are you just saying this because it came from a "FORMER" head of a security agency ??

Do you believe it is not true ?? do you think he was lying ?

DO you know what a computer virus is ? Do you know the term computer virus has been in common use for many, many years ?

Why are you acting so ignorant ?

HIV is NOT a STD (that is one way to contract it)..

Please Masnick and ilk, try to learn something.. you have so little credibility now, and now you are displaying how stupid you can be to get some page hits.. It's sad that money has clouded your ethics so much..

But don't worry, no one has any expectations that you will change, we know you cannot do that you simply do not have the depth of knowledge or skills or will to change your ways.

(plus, you think your on a good thing making money by Googling stupid search terms, and trying to downplay issues that are important to people.

Techdirt,, techshit..
[ link to this | view in chronology ]
- Nut Job, 16 Jan 2013 @ 6:13pm
  
  Re: they have been calling them VIRUS'S for years
  WooooooWooooooo get on the outta your crazy fuckin mind train featuring the conductor Anonymous Coward, Jan 16th, 2013 @ 5:52pm.
  
  Wow I have seen some crazy crazy shit comments on the internet, but this one takes the cake.
  
  This guy is batshit crazier than Average_Joe, boB, and out_of_the_blue COMBINED.
  
  WooooHoooo flagringhdkew gkkrklllj!!!!! Yeah insane like that.
  [ link to this | view in chronology ]
- Niall, 17 Jan 2013 @ 4:56am
  
  Re: they have been calling them VIRUS'S for years
  If something is (even primarily) sexually transmitted, it is an STD. AIDS (or HIV even) *is* an STD. Yes you can get it from other sources, but by far and away the major source of infections world-wide is through unprotected sex. And if this is one of your biggest 'quibbles' with Mike's point, you haven't got much of an argument!
  
  Seriously, did you even read the post before embarking on this wall of stupid?
  [ link to this | view in chronology ]
That Anonymous Coward (profile), 16 Jan 2013 @ 6:31pm

What a waste of hot air.
Major General Idiot,
Maybe you were unaware of the simple fact that HIV/AIDS is actually still something threatening the global population.
Maybe you were unaware that the education of people about HIV/AIDS was done by regular people, not governments who were more worried about offending some religious groups than the body count piling up around them.
Maybe you were unaware that education was the best preventative measure, but telling people to wear condoms offended that same religious demographic.

Maybe your that delusional that your making an asinine comparison trying to scare people into allowing you more powers and over reach when it is perfectly clear your not to be trusted with what you have now.

Millions of people have died from HIV/AIDS.
Your cyberarmageddon BS has no body count.
Your words are offensive, and your ideas are stupid.
You really need to educate yourself and stop spewing propaganda so you can award cushy contracts to well connected friends.
I am appalled that your the head of anything you ignorant twat.
[ link to this | view in chronology ]
- G Thompson (profile), 17 Jan 2013 @ 10:53am
  
  Re: What a waste of hot air.
  TAC,
  Maybe you were unaware that the education of people about HIV/AIDS was done by regular people, not governments who were more worried about offending some religious groups than the body count piling up around them.
  Maybe you were unaware that education was the best preventative measure, but telling people to wear condoms offended that same religious demographic.
  
  This would be correct if the General(retired) was a US citizen and talking about the USA, though he's not and he's talking about the UK actions in giving AIDS education via media campaign where all the above were actually done. Sex education is actually a major thing at all schools in the UK (same as here in Australia), condoms are given away free, Medical initiatives and testing is FREE, people don't have the political/social/religious stupidity that resides within the USA on 'moral fortitude' grounds.
  
  Read my comment below if you will, but this guy other than the silly 'terrorism' remark is actually going against what the current fear mongers in the UK govt are saying and stating that education as was given and hugely accepted in the UK's AIDS campaign (like the same that was done for the Mad Cow disease scare) had no religious or other stupidity group complaining to the extent they were able to even change what was being said, let alone stop it.
  
  It's a totally different culture in the UK compared to the USA when you look at things like sex education, medical access, religious fervour, and the ability for religious/minority groups to control what the masses should see in govt authorised education campaigns.
  [ link to this | view in chronology ]
- Anonymous Coward, 18 Jan 2013 @ 1:01pm
  
  Re: What a waste of hot air.
  I'm not sure anyone understands the quoted text of the argument, and as much as it pains me to admit it, it sounded like the man writing the article didn't understand it either. They're talking about starting a public information campaign, and compared it to...the public information campaign they did for AIDS. They aren't comparing my computers malware infection to AIDS. This article and comment thread has way too much "I'm offended for the sake of being offended" going on.
  
  Why are personal computers the 'front line'? Because personal computers are constantly picking up malware infections leading to a great deal of issues like identity theft. Make no mistake, malware and other cyber-crimes represents significant economic losses.
  
  Just because your standard PC is ON the frontline doesn't mean it's the entirity of the front line either. It's the freaking internet. EVERYTHING is the front line when it comes to computer security.
  
  I for one fully support any government attempting to start a public information campaign about computer security, and hope that they do it right.
  [ link to this | view in chronology ]
lolzzzzz, 16 Jan 2013 @ 7:26pm

Look you stupid sheeple
if we real hackers wanted to destroy the net by now we'd have ended it a long long time ago...
fact is we have fun with it ....so quit the dumbass fear mongering...people are smarter then you think and slowly they are wising up to the old fogey bullshit thats crept into every facet of there lives and are sick and fucking tired of it.
[ link to this | view in chronology ]
G Thompson (profile), 16 Jan 2013 @ 10:14pm

I'm of tow minds about this statement. On the first hand I think the statement that the UK (or anywhere) is "extremely vulnerable to attack by criminals and terrorists" is just pandering to the 'terrorist fearmongering'. Though in context (see below) the criminal part is quite relevant and correct.

On the other hand the context he was speaking about AIDS is in regards to the very well done educational campaign that the UK and other countries at the time did in response to the crisis that was AIDS , which showed that there were ways to prevent it, people had to step up and actually do something, and educated everyone on the risks by presenting real facts. [I'm not talking about the USA AIDS campaign which was basically watered down crud pandering to the morality crowd]

Educational campaigns that show that people need to reasonably secure (emphasis on reasonably) their own computers and teaching them how to reasonably protect against malware/virus/trojan, how to distinguish phishing attacks and other social engineering tricks used by unsavoury characters, how to practice good password control, and why they need to take personal responsibility for their own protection themselves and not just rely on the govt. is ALWAYS a good thing!

In fact the statement "He said individuals are 'on the front line' and must be warned their computers are at risk, as the Government is "not in charge of cyber space". Is absolutely accurate.

This shows he understands that the Govt is not the be all and end all, people need to step up themselves and do something if they feel the need or shut the hell up about it, and that due to the fact that the average layperson still thinks of the internet as some sort of scary and 'new' place that only the young and geeky can navigate an education campaign in the same vein as the AIDS one with correct information and presenting ALL the facts is the best method. I agree.

There was NO conflation with the AIDS epidemic indirectly or otherwise, the only comparison was that any campaign should be as ubiquitous as the AIDS campaign was.
[ link to this | view in chronology ]
- Anonymous Coward, 17 Jan 2013 @ 12:30am
  
  Re:
  Very well said. I usually agree with Techdirt, but recently the various bloggers have started to throw anything they can at supporting their beliefs and causes.
  
  This post is a perfect example of just that. It's a shame because this is exactly the same tactic the trolls commenters of Techdirt use and I would have thought Techdirt was above such tactics.
  [ link to this | view in chronology ]
- That Anonymous Coward (profile), 18 Jan 2013 @ 1:11am
  
  Re:
  My issue with it would be how badly HIV/AIDS education failed elsewhere.
  That many people will equate that the Gov not being in charge of cyberspace is how to "fix" the problem by putting them in charge.
  
  He has the same problem I suffered from, not being informed beyond his own backyard about the issue.
  
  A much better example would have been how the world worked together to eradicate "common" diseases with vaccination programs... well until people went stupid. Small pox, polio, etc...
  
  I will take my lumps for my myopic view, and thank you for giving me information I did not have.
  [ link to this | view in chronology ]
Anonymous Coward, 17 Jan 2013 @ 2:34am

any fucking excuse possible along with any amount of bullshit necessary to try to instill into peoples minds that they need the government to be in complete control, not just of the Internet, but of their whole lives, will be used. if people are thick enough to believe it, i feel for them. if, however, a person that once held the position that Major General Jonathan Shaw did, feels the need to lie like this, all it would do/should do is make people much more wary of the 'behind the scenes' intentions of that government! Theresa May is a conniving bitch with grandiose beliefs who will go to any lengths, like most politicians, to get what they want regardless of whether it is the best thing or not!
[ link to this | view in chronology ]
relghuar, 17 Jan 2013 @ 3:33am

Just a simpler solution?
I actually agree with most of what dear Major General said ... up to the point where he insinuates people need more government protection for their poor private computers.

On the other hand - I suppose more government protection IS a lot easier to arrange than more common sense...
[ link to this | view in chronology ]
Anonymous Coward, 18 Jan 2013 @ 10:26am

Whats the problem here? The quoted text is about as innocent as you get. They aren't comparing malware to aids, they're comparing cyber security awareness to the public information campaign during an epidemic. Are you really THAT opposed to any sort of publc information campaign about personal cyber security?

>Furthermore, it's tough to see how private individuals are "on the front line" of this so-called "cyber war."

Because private individuals tend to get malware infestations? Just a freaking guess. You're trying to tie in infrastructure vulnerabilities to private users, but I'm not seeing the link. They're seprate issues.
[ link to this | view in chronology ]
Tavis McLaughlin, 30 Apr 2013 @ 10:58pm

Cyber Hygiene? I can beat that...
It won't belong before us "Individuals" are required by law to pay for Cyber Insurance. How you feel bout that?
[ link to this | view in chronology ]