Article for New Statesman on Cybersecurity

This is a piece I've written for the New Statesman, touching on my work in Parliament as the Chair of the All-party group on Cybersecurity. It's an issue of growing importance, and something which ties in to Portsmouth's traditional position as a hub of our defence capabilities:

Cybersecurity is rapidly becoming a massive issue for the UK and the World as a whole. In just over a few years we have gone from a society that uses the Internet to one that is completely dependent upon it. This of course has enabled really valuable and feature rich services, however it also allows a darker side to flourish. All too often we see headlines about systems being hacked, bank and service accounts being compromised and personal privacy undermined, but this is just the tip of the iceberg. Every moment of the day our computers and personal devices are fending off innumerable attacks including viruses, malware and ransomware.

Against this backdrop, it is important that government facilitates open and informed debate to understand the complex issues, and identify the most serious matters on which to take action for the protection of the country and its citizens. For this reason I am pleased to have initiated the All Party Parliamentary Group on Cyber Security, with the help of the Information Security Group (ISG), Royal Holloway University of London which provides the secretariat.

Our first speaker meeting took place in Westminster on the 19th July 2016, with guest speakers; Professor Keith Mayes, Director of the Information Security Group at Royal Holloway, and Professor Paul Dorey, Director CSO Confidential Ltd., and coordinator of the electricity and gas cybersecurity committee for UK critical national infrastructure. The talks presented fascinating insights into the evolution of information/cyber security towards the big issues of today, and highlighted worrying future developments, especially around the Internet of Things (IoT).

It was clear from discussions that the roots of security attacks are linked to human behaviour and can therefore be traced back thousands of years. However, it is recent advances in technology that have dramatically increased the speed, scope and value of attacks; and with too few attackers brought to justice. Cloud storage is much talked about and used, and like most technology advances can be seen as good or bad depending on your viewpoint. It is a means to improve accessibility, maintain integrity and reduce costs for data storage and processing. However, in reality there is no abstract cloud; it is essentially formed of shared physical servers operated by a variety of commercial providers and situated in various countries/jurisdictions. Users may store all their private data within the cloud and so place a great deal of trust in the cloud providers and risk losing ownership and control of their own data. Even if selected providers are trustworthy, it is almost impossible for users to detect unauthorised data gathering by other parties in and amongst the authorised data transfers. Data privacy and indeed ownership and control of personal/corporate data is clearly a great challenge, however it is by no means the most worrying cyber security problem; for that we turn to IoT.

In concept the IoT is very simple; basically a future where almost everything is somehow Internet enabled. There are numerous IoT devices for home use, often incompatible with each other and many have security vulnerabilities that have been practically attacked. Although these home scenarios are often trivialised there are some major security and safety risks, especially when we consider IoT as part of more critical infrastructures. The IoT is becoming a part of the supply of water, gas and electricity or in telemedicine or indeed in cars that have intelligent control of brakes, lights, engines and even steering. What is happening is the connection of cyber and physical systems; so an IT attack is no longer just about loss of privacy or money, but potentially something that can cause serious damage and injury.

Government has a role to play in helping to ensure that appropriate security guidelines, standards and legislation exist, and that system designers and service providers adhere to them. The Cyber Security APPG is an ideal vehicle for raising awareness, and for open and informed cross-party discussions on this topic. I would urge you to attend our future meetings when we will explore selected topics in more detail. More information can be found on our website: appgcybersecurity.org.