An overwhelming majority of cyber security professionals believe that government officials must be imparted a basic training course on cyber security as they do not truly understand the cyber risks targeting physical and digital infrastructure.
In a recent survey carried out by cyber security firm Venafi, the objective of which was to gain insight from over 500 IT security professionals about the cyber security literacy of government officials, as many as 88 percent of such professionals supported the notion that government officials must be imparted at least a basic course on cyber security.
Government officials don’t understand cyber risks
Security professionals who took part in the survey noted that the lack of understanding of cyber threats among government officials gave rise to various government policies that enhanced the risk to the nation’s physical and digital infrastructure.
Sixty-five percent of respondents said that the government’s move to create encryption backdoors, which basically means forcing companies to grant it access to encrypted data, could actually weaken the security of election data. The same has been argued by many security professionals in the past who argued that if governments could gain access to encrypted data via backdoors, so could malicious hackers.
In January this year, Minister of State for Security Ben Wallace told the Sunday Times that social media firms who refused to create encryption backdoors for the government could be taxed harder by the government to cover for hundreds of millions being spent on additional surveillance.
“We should stop pretending that because they [social media firms like Google and Facebook] sit on beanbags in T-shirts they are not ruthless profiteers. They will ruthlessly sell our details to loans and soft-porn companies but not give it to our democratically elected government.
“If they continue to be less than co-operative, we should look at things like tax as a way of incentivizing them or compensating for their inaction,’ he warned.
In response, talking about why rash measures on part of the government could undermine cyber security of the UK as a whole, Jonathan Evans, an ex MI5 chief who retired in 2013, said that while the use of encryption has hampered the ability of security agencies to access communications between terrorists, banning encryption altogether would also impact the cybersecurity of the society as a whole.
“I’m not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly. While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face. The way in which cyberspace is being used by criminals and by governments is a potential threat to the UK’s interests more widely.
“It’s very important that we should be seen and be a country in which people can operate securely – that’s important for our commercial interests as well as our security interests, so encryption in that context is very positive,’ he said.
Encryption backdoors a road to disaster?
According to Venafi, creating encryption backdoors could turn out to be a disaster as the same encryption tools are also being used to secure classified intelligence and other highly sensitive government data.
“Over the last several months, we’ve seen government officials from across the globe propose dangerous surveillance laws and protocols. For example, the Five Eyes international alliance has been consistently pushing for mandated encryption backdoors into private technology devices,” said Jeff Hudson, CEO of Venafi.
“They don’t seem to realize that the same encryption technology that creates barriers for law enforcement is also used to protect all types of classified intelligence and other highly sensitive government data. A backdoor sounds great until a malicious actor gets the key, which they always do,” he added.
In the survey carried out by Venafi, while 67 percent of cyber security professionals said that government officials do not completely comprehend the cyber risks targeting physical infrastructure, 63 percent also said that government officials do not understand the cyber risks targeting digital infrastructure.