Earlier this week it was reported that David Cameron had ordered simulated cyber-attacks on every Whitehall department, to discover if government computers that hold the personal information of millions of people are vulnerable to hackers.
The prime minister demanded the stress tests after Matthew Hancock, the Cabinet Office Minister, gave a briefing on the dangers posed by cybercriminals in the wake of last month’s attack on the telecoms firm TalkTalk.
As the lead technologist of an official cyber security supplier to the UK Government, this is obviously a positive step in raising the importance of cyber security at the highest levels in UK Government circles. But it can’t be done just as a one-off. It must be done on an on-going basis as the cyber threat is continually evolving.
Whilst carrying out these simulated cyber-attacks will help the Government departments assess whether they have good levels of protection in place, this is only one part of the overall solution to cyber security.
One of the most popular cyber security models used in the industry is the NIST cyber security framework which identifies 5 stages – Identify, Protect, Detect, Respond, and Recover.
In identifying threat, one of the differences the Government departments need to consider is that the threat actors for them will not be exactly the same as those that TalkTalk needed to consider. Whilst they are both likely to be targets for cybercriminals, the Government departments are far more likely to also be targets of state-sponsored actors.
The threats between individual Government departments will also differ and so the appropriate solutions they need to implement will also differ. For example, the Work & Pensions and the Health departments were cited in the briefing as being at particularly high risk of attack from cybercriminals because of the vast amount of data they hold, such as bank account details, addresses, national insurance numbers and health records.
Over the last few years the general consensus is that organisations will suffer cyber breaches, but what is of vital importance is the resilience of the systems. Organisations need to be able to quickly detect they are being attacked, respond appropriately and maintain the service as best as possible whilst under cyber-attack.