Another Notch In 'Cyber Threat' Rhetoric's Belt: Former UK Head Of Cyber Security Brings 'AIDS Epidemic' Into The Mix

from the the-true-risk-of-'unprotected'-surfing dept

Well, we've seen the always-impending cyberdoom compared to all sorts of horrendous events by legislators and security agencies. The perpetually-just-over-the-horizon cyberattacks have been given catchy names like "cyber-Pearl Harbor" and "cyber-9/11" in an attempt to scare up some support for terrible legislation and expansions of power.

The UK's former head of cyber security has taken a slightly different tack, avoiding the terrorist imagery in favor of something even more dubious.

Major General Jonathan Shaw, a former head of cyber security at the Ministry of Defence, said people must be told to improve their computer security because the UK is "extremely vulnerable" to attack by criminals and terrorists.

He said there is a "special responsibility" on all citizens to improve their "cyber hygiene" as private computers are the easiest to attack.

Speaking on BBC Radio Four's Today programme, Major General Shaw said the Government must "launch a cyber hygiene campaign like they did with the AIDS epidemic in the 1980s".

He said individuals are "on the front line" and must be warned their computers are at risk, as the Government is "not in charge of cyber space".

He's got that last part right. The government isn't in charge of cyber space, no matter how much it wishes to be. But owners of "private computers" have had "cyber hygiene" information available for years. If the UK government wishes to start a campaign to inform the public of the dangers prevalent on the web, I have no problem with that. The campaign will be mostly redundant and will have little impact on the number of infected private computers, but that's the way these things go. Actively keeping a computer free of malware, spyware and viruses takes a little effort and knowledge (and sometimes, a little money), but for many people, that "little" extra is too much.

Furthermore, it's tough to see how private individuals are "on the front line" of this so-called "cyber war." If there are key areas of infrastructure (say, the ever-popular power grid) that seem vulnerable to attacks by criminals and terrorists, how does erecting a firewall on a home computer prevent that? If these agencies feel they are threatened by cyberattacks, they need to do more policing on their end and make sure that critical systems are inaccessible from "personal" computers -- like preventing "cross-contamination" by keeping possibly infected "personal" media (thumbdrives, etc.) from connecting with critical systems or issuing "locked-down" computers for telecommuters. There are many more effective actions that could be taken by the "threatened" entities, but trying to keep the public's private computers from being conscripted into the latest botnet isn't one of them.

Lastly, conflating malicious activities with a communicable disease, even indirectly, is hardly a good idea, especially when the disease chosen is one with a loaded political and sociological background. It trivializes the impact of AIDS and generally makes the public feel the severity of the threat is overstated. Even if the aim is admirable (get more computer users to protect themselves from attacks), Shaw's unfortunate wording undermines his message.

Filed Under: cybersecurity, cyberthreats, exaggeration, jonathan shaw, uk