Former defence secretary Liam Fox also calls for new government investment in cybersecurity protection
Companies who have suffered a cyber-attack or data breach should be encourage to go public with the news in order to keep customers and shareholders properly informed, Liam Fox, former defence secretary has said.
In a speech to the defence and security think tank the Royal United Services Institute (RUSI), Fox argued the government needs to change the law to make it illegal to be hacked without informing shareholders and other stakeholders.
“Any organisation that does business with government should have a minimum defined level of cyber security or they will be excluded from government contracts,” Fox proposed.
He also called for cyber security to fall under the remit of a single government minister as part of an increased focus on the damage online attacks can have of businesses of all sizes.
Fox, who was Defence Secretary during a period of intense cost-cutting and downsizing of Britain’s armed forces, called for the UK “to develop proper cyber doctrine in the way that we did in the emergence of the nuclear era.”
He also warned that the growing global cyber threat “may mean that we will have to disinvest in some of the things that we can see, our traditional military capabilities, so that we can invest in things that we cannot see, ie cyber capabilities.”
These actions will help protect the UK against the growing threats of cyber warfare, Fox believes, noting that, “terror groups have been increasingly involved in projects to make drones ineffective or, worse, to turn them around and send them back to return fire on their senders.”
“Although we talk about cybercrime, cyber espionage, and cyber warfare as being separate entities they are in fact part of a continuum.”
Fox also recommended that centralising responsibility for cybersecurity precautions to a single government minister may help to focus efforts to keep Britain safe.
“I would like to see all government cyber activity, including both its offensive and defensive capabilities concentrated in one place and answerable to a single ministerial portfolio,” he said.
Responsibility for cybersecurity currently falls under the remit of several government department spending on the issue at hand, with the Ministry of Defence, Cabinet Office, the Foreign Office and Department of Culture, Media and Sport all having stepped up recently.
Fox’s views were welcomed by the technology industry, which highlighted the importance of increased industry collaboration between enterprises, government and law enforcement to help mitigate risk.
“The persistence and complexity of cybercriminal activity today has meant that it is no longer a case of if businesses will be targeted but when,” commented Terry Greer-King, director of cybersecurity at Cisco UK.
“Given the extent of the issue, businesses of all sizes need greater awareness of the current threat landscape to ensure they are best prepared to protect against the risks, therefore we welcome the call for greater disclosure around the number and severity of hacks taking place. Collaboration between enterprises, government and law enforcement is vital to allow for efficient detection and remediation of cybercriminal activity.”
How much do you know about 2015’s biggest data breaches? Try our quiz!